kan een bestand niet verwijderen, verplaatsen enz

[kweezie wabbit]

Mooi zo. Dan mag je de kopies van de bestanden verwijderen.

Open een nieuw kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\users\daniel\downloads\20111006094150001482(1).pdf

c:\users\daniel\downloads\20111006094150001482(1)

c:\users\daniel\downloads\20111006094150001482(2).pdf

c:\users\daniel\downloads\20111006094150001482(2)

c:\users\daniel\downloads\20111006094150001482(3).pdf

c:\users\daniel\downloads\20111006094150001482(3)

c:\users\daniel\downloads\20111006094150001482.pdf

c:\users\daniel\downloads\20111105070009041204.pdf

Sla dit bestand op je bureaublad op als CFScript (overschrijf het vorige indien gevraagd)

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[daniel43]

ComboFix 11-12-12.02 - daniel 13/12/2011 14:15:59.3.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.4085.2887 [GMT 1:00]

Gestart vanuit: c:\users\daniel\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\daniel\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

FILE ::

"c:\users\daniel\downloads\20111006094150001482(1)"

"c:\users\daniel\downloads\20111006094150001482(1).pdf"

"c:\users\daniel\downloads\20111006094150001482(2)"

"c:\users\daniel\downloads\20111006094150001482(2).pdf"

"c:\users\daniel\downloads\20111006094150001482(3)"

"c:\users\daniel\downloads\20111006094150001482(3).pdf"

"c:\users\daniel\downloads\20111006094150001482.pdf"

"c:\users\daniel\downloads\20111105070009041204.pdf"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\daniel\downloads\20111006094150001482(2).pdf

c:\users\daniel\downloads\20111006094150001482(3).pdf

c:\users\daniel\downloads\20111006094150001482.pdf

c:\users\daniel\downloads\20111105070009041204.pdf

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-11-13 to 2011-12-13 ))))))))))))))))))))))))))))))

.

.

2011-12-13 13:20 . 2011-12-13 13:20 -------- d-----w- c:\users\Gast\AppData\Local\temp

2011-12-13 13:20 . 2011-12-13 13:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-13 13:20 . 2011-12-13 13:20 -------- d-----w- c:\users\daniel\AppData\Local\temp

2011-12-13 13:20 . 2011-12-13 13:20 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2011-12-13 09:21 . 2011-12-13 09:21 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C0D1155-B05A-4D5E-B498-2536CB8A8FD7}\offreg.dll

2011-12-13 09:21 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C0D1155-B05A-4D5E-B498-2536CB8A8FD7}\mpengine.dll

2011-12-08 16:56 . 2011-12-08 16:56 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2011-12-08 14:33 . 2011-12-08 14:33 -------- d-----w- c:\users\daniel\Mijn backup dossier

2011-12-07 10:06 . 2009-08-24 20:13 34304 ----a-w- c:\windows\system32\DfSdkBt.exe

2011-12-05 16:12 . 2011-12-05 16:12 -------- d-----w- c:\program files (x86)\Unlocker

2011-12-05 14:18 . 2011-12-11 15:09 -------- d-----w- c:\users\HiJackThis

2011-12-02 15:35 . 2011-12-02 15:35 -------- d-----w- c:\program files (x86)\SIW

2011-12-01 10:34 . 2011-12-01 10:34 388096 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-30 17:27 . 2011-11-30 17:27 -------- d-----w- c:\program files (x86)\Trend Micro

2011-11-28 15:44 . 2011-11-28 15:44 53248 ----a-r- c:\users\daniel\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-11-28 15:43 . 2011-11-28 15:43 -------- d-----w- c:\program files\Logitech

2011-11-25 16:48 . 2011-11-27 18:45 -------- d-----w- c:\users\daniel\AppData\Local\Spotify

2011-11-25 16:48 . 2011-11-27 18:45 -------- d-----w- c:\users\daniel\AppData\Roaming\Spotify

2011-11-21 10:15 . 2011-11-21 10:15 -------- d-----w- c:\users\daniel\AppData\Roaming\URSoft

2011-11-21 10:15 . 2011-11-21 10:15 -------- d-----w- c:\program files (x86)\Your Uninstaller! 7

2011-11-16 11:48 . 2011-11-16 11:48 -------- d-----w- c:\programdata\complexbackup

2011-11-16 11:47 . 2011-11-16 11:47 -------- d-----w- c:\programdata\launcher

2011-11-16 10:51 . 2011-11-16 10:51 -------- d-----w- c:\program files (x86)\Paragon_Software

2011-11-16 10:46 . 2011-11-16 10:46 -------- d-----w- c:\programdata\explauncher

2011-11-16 09:15 . 2011-11-16 09:15 -------- d-----w- c:\windows\system32\Macromed

2011-11-14 07:11 . 2011-11-14 07:11 251696 ----a-w- c:\windows\SysWow64\prgiso.dll

2011-11-14 07:11 . 2011-11-14 07:11 59184 ----a-w- c:\windows\system32\drivers\uimx64.sys

2011-11-14 07:11 . 2011-11-14 07:11 572336 ----a-w- c:\windows\system32\drivers\Uim_IMx64.sys

2011-11-14 07:11 . 2011-11-14 07:11 412464 ----a-w- c:\windows\system32\drivers\UimFIO.sys

2011-11-14 07:11 . 2011-11-14 07:11 352816 ----a-w- c:\windows\system32\drivers\uim_vimx64.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-28 15:44 . 2011-10-08 13:40 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-11-21 11:40 . 2011-02-08 16:52 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-11-16 09:15 . 2011-05-19 08:40 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-09 10:03 . 2011-05-20 14:46 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys

2011-11-07 16:44 . 2011-11-07 16:44 15672 ----a-w- c:\windows\system32\drivers\SWDUMon.sys

2011-11-05 18:45 . 2011-11-05 18:46 74272 ----a-w- c:\windows\system32\RtNicProp64.dll

2011-11-05 18:45 . 2009-11-12 06:24 107552 ----a-w- c:\windows\system32\RTNUninst64.dll

2011-11-05 18:45 . 2011-11-05 18:46 565352 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

2011-11-05 18:37 . 2010-06-02 09:59 35344 ----a-w- c:\windows\system32\drivers\npf.sys

2011-10-21 21:47 . 2011-11-08 16:48 25224 ----a-w- c:\windows\system32\fbnative.exe

2011-10-21 21:46 . 2011-09-04 13:50 189576 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys

2011-10-21 21:46 . 2011-09-04 13:50 50312 ----a-w- c:\windows\system32\drivers\EUBKMON.sys

2011-10-21 21:46 . 2011-09-04 13:50 19592 ----a-w- c:\windows\system32\drivers\eudskacs.sys

2011-10-21 21:46 . 2011-09-04 13:50 44680 ----a-w- c:\windows\system32\drivers\eubakup.sys

2011-10-21 09:34 . 2010-06-24 12:47 627600 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-11 19:40 . 2011-10-11 19:41 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A206B7BD-CC45-4DA1-B478-B1393704F018}\gapaengine.dll

2011-09-29 16:29 . 2011-11-09 12:45 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-09-29 04:03 . 2011-11-09 12:45 3144704 ----a-w- c:\windows\system32\win32k.sys

2011-09-13 09:46 . 2011-09-13 09:46 153296 ----a-w- c:\program files (x86)\uninst.exe

2011-09-13 09:45 . 2011-09-13 09:45 1267008 ----a-w- c:\program files (x86)\df64.exe

2011-09-13 09:45 . 2011-09-13 09:45 3909440 ----a-w- c:\program files (x86)\Defraggler64.exe

2011-09-13 09:45 . 2011-09-13 09:45 2365248 ----a-w- c:\program files (x86)\Defraggler.exe

2010-09-30 15:14 . 2010-09-30 15:14 6 ----a-w- c:\program files (x86)\Common Files\UnInstallCompleted.tmp

2010-09-30 15:13 . 2010-05-21 13:59 154688 ----a-w- c:\program files (x86)\Common Files\osdinst.dll

2010-05-28 07:53 . 2010-05-28 07:53 3096576 ----a-w- c:\program files (x86)\openofficeorg32.msi

2010-05-14 18:52 . 2010-05-21 13:59 4906048 ----a-w- c:\program files (x86)\Common Files\xsignal.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-12-11_15.07.33 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 05:10 . 2011-12-13 09:08 42642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-12-11 14:55 42642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-12-31 10:21 . 2011-12-13 09:08 21192 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3049350583-4237318727-1982880771-1001_UserData.bin

+ 2009-12-30 16:29 . 2011-12-13 10:01 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-12-30 16:29 . 2011-12-11 14:55 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-12-30 16:29 . 2011-12-11 14:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-12-30 16:29 . 2011-12-13 10:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-12-13 10:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-12-11 14:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-12-13 09:06 . 2011-12-13 09:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-12-11 14:52 . 2011-12-11 14:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-12-13 09:06 . 2011-12-13 09:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-12-11 14:52 . 2011-12-11 14:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-01-16 13:57 . 2011-12-13 13:08 476704 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2009-12-31 15:07 . 2011-12-13 11:50 520574 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-12-26 08:12 . 2011-12-13 09:08 100438 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-07-14 09:16 . 2011-12-11 14:58 703898 c:\windows\system32\perfh013.dat

+ 2009-07-14 09:16 . 2011-12-13 09:10 703898 c:\windows\system32\perfh013.dat

+ 2009-07-14 02:36 . 2011-12-13 09:10 618342 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-12-11 14:58 618342 c:\windows\system32\perfh009.dat

- 2009-07-14 09:16 . 2011-12-11 14:58 134798 c:\windows\system32\perfc013.dat

+ 2009-07-14 09:16 . 2011-12-13 09:10 134798 c:\windows\system32\perfc013.dat

+ 2009-07-14 02:36 . 2011-12-13 09:10 107622 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-12-11 14:58 107622 c:\windows\system32\perfc009.dat

+ 2011-12-08 17:39 . 2011-12-12 17:47 381048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-07-14 05:01 . 2011-12-12 17:47 330320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-12-10 17:21 330320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-02-03 13:35 . 2011-12-12 17:47 3880028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3049350583-4237318727-1982880771-1001-8192.dat

- 2011-02-03 13:35 . 2011-12-10 17:21 3880028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3049350583-4237318727-1982880771-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-12-10 107000]

.

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

c:\users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [x]

R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

R3 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

R3 EaseUS Agent;EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-10-21 60552]

R3 Guard Agent;Guard Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-10-21 23176]

R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 136176]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 136176]

R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-13 343856]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]

R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-07-05 16448]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 ViewRightDVRService.exe;ViewRightDVRService;c:\program files (x86)\Nokia Siemens Network\Home Media Center\ViewRightDVRService.exe [2010-12-21 299008]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WO_LiveService;Ashampoo LiveTuner Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe [2011-09-28 885160]

R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]

R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [x]

S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]

S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]

S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [x]

S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [x]

S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AHDDC2;Ashampoo HDD Control 2 Service;c:\program files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [2011-11-25 1517976]

S2 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS64.exe [2009-08-24 544768]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]

S2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerProcessMonitor64.sys [2011-03-08 12824]

S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2011-11-09 498208]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]

S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]

S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-10-06 25072]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2011-12-12 c:\windows\Tasks\Defraggler Volume C Task.job

- c:\program files (x86)\df64.exe [2011-09-13 09:45]

.

2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 08:14]

.

2011-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 08:14]

.

2011-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3049350583-4237318727-1982880771-1001Core.job

- c:\users\daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-09 14:54]

.

2011-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3049350583-4237318727-1982880771-1001UA.job

- c:\users\daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-09 14:54]

.

2011-11-20 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]

.

2011-12-13 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-16 5470208]

"Ashampoo HDD-Control 2 Guard"="c:\program files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Guard.exe" [2011-11-25 3783064]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://nl.giveawayoftheday.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Menu aanpassen - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: RoboForm Werkbalk - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 195.130.131.4 195.130.130.132

FF - ProfilePath - c:\users\daniel\AppData\Roaming\Mozilla\Firefox\Profiles\oc3ewbgo.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.standaard.be/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - prefs.js: network.proxy.ftp - pac.pandora.be

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.gopher - pac.pandora.be

FF - prefs.js: network.proxy.gopher_port - 8080

FF - prefs.js: network.proxy.http - pac.pandora.be

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.socks - pac.pandora.be

FF - prefs.js: network.proxy.socks_port - 8080

FF - prefs.js: network.proxy.ssl - pac.pandora.be

FF - prefs.js: network.proxy.ssl_port - 8080

FF - prefs.js: network.proxy.type - 2

FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2011-12-13 14:22:30

ComboFix-quarantined-files.txt 2011-12-13 13:22

ComboFix2.txt 2011-12-12 17:08

ComboFix3.txt 2011-12-11 15:09

.

Pre-Run: 421.297.491.968 bytes beschikbaar

Post-Run: 421.239.566.336 bytes beschikbaar

.

- - End Of File - - 6B9BF16903737284C96FDF39B54FD0B0

nazicht laat zien dat er nog 5 bestanden met 0 bytes aanwezig zijn

[kweezie wabbit]

Kan je daarvan een afbeelding plaatsen?

[daniel43]

[daniel43]

originele bestanden opnieuw gedownload van de bank

bij openen van een bestand bv 163kb dan krijg ik onmiddellijk het document in Adobe Reader

bij openen van hetzelfde bestand met 0 bytes dan verkrijg ik eerst een keuze menu

verder klikken op Adobe Reader opent het document

aan de IT dienst van de bank het probleem voorgelegd, nog geen nieuws gekregen

[daniel43]

Ik denk dat het op te lossen is wanneer ik mijn gebruiker "daniel" verwijder.

Wanneer ik mij aanmeld als "administrator" is de map "downloads" maagdelijk.

Probleem : programma's/documenten in "daniel" zijn weg + ?

Hebt U een idee hoe een nieuwe gebruiker aan te maken met alle programma's/documenten van de oude gebruiker ?

[kweezie wabbit]

Wanneer ik mij aanmeld als "administrator" is de map "downloads" maagdelijk.

En is de map c:\users\daniel\downloads ook maagdelijk?

Indien niet, probeer dan de betrokken bestanden te verwijderen.

Hebt U een idee hoe een nieuwe gebruiker aan te maken met alle programma's/documenten van de oude gebruiker ?

Log in als administrator.

Alle mappen en bestanden die je wil overzetten, kopieer je naar een externe schijf of naar de publieke map met behoud van de mappenstructuur.

Verwijder dan de gebruiker "daniel" met alle data en maak hem nadien weer aan met dezelfde naam.

Kopieer dan de bewaarde mappen en bestanden naar de nieuwe "daniel".

Log uit als administrator en log aan met de nieuwe account daniel.

[daniel43]

in map c:\users\daniel\downloads staan de bestanden dewelke ik niet kan verwijderen.

ik zou dan alle documenten willen backuppen met uitzondering van "downloads"

denk je dat dit mogelijk is ?

[kweezie wabbit]

Dat moet zeker mogelijk zijn.

Welke programma wil je gebruiken om de backup te maken?

[daniel43]

Paragon11 compact

hoe moet het met de softprogrammas dewelke draaien op "daniel" ?

buiten documenten zijn er nog andere zaken die overgebracht moeten worden ?