Ga naar inhoud

vermoedens dat iemand "meeleest" en boodschappen stuurt


Aanbevolen berichten

hey, deze keer niet zeker of het wel goed gegaan is; ik sloot de firewalls etc., opende combofix en sleepte CFScript.txt in het blauwe scherm, ongeveer op hetzelfde moment begon hij zijn scan zoals de vorige keer (ik kreeg m.a.w. geen bevestiging ofzo dat het bestand aanvaard werd)

Hier de nieuwe Combofix.txt:

ComboFix 12-02-24.02 - slazou 26/02/2012 14:24:32.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4026.2254 [GMT 1:00]

Gestart vanuit: c:\users\slazou\Downloads\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-01-26 to 2012-02-26 ))))))))))))))))))))))))))))))

.

.

2012-02-26 13:37 . 2012-02-26 13:37 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-26 12:04 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3AF54D6D-9333-492B-909F-AA074003FFCB}\mpengine.dll

2012-02-24 20:36 . 2012-02-24 20:36 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin

2012-02-24 12:21 . 2012-02-24 12:21 -------- d-----w- c:\users\slazou\AppData\Roaming\Malwarebytes

2012-02-24 12:21 . 2012-02-24 12:21 -------- d-----w- c:\programdata\Malwarebytes

2012-02-24 12:21 . 2012-02-24 12:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-02-24 12:21 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-21 23:06 . 2012-02-21 23:06 388096 ----a-r- c:\users\slazou\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-02-21 23:06 . 2012-02-21 23:06 -------- d-----w- c:\program files (x86)\Trend Micro

2012-02-20 12:54 . 2012-02-20 12:55 -------- d-----w- c:\users\slazou\AppData\Local\jZip

2012-02-20 12:54 . 2012-02-20 12:54 -------- d-----w- c:\program files (x86)\jZip

2012-02-15 08:57 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-15 08:57 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-15 08:57 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-15 08:57 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-02-15 08:57 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-02-15 08:57 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2012-02-15 08:57 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-15 08:57 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

2012-02-15 08:51 . 2012-02-14 16:50 16432 ----a-w- c:\windows\system32\lsdelete.exe

2012-02-14 16:50 . 2012-02-14 16:50 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2012-02-14 16:48 . 2011-12-23 06:12 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys

2012-02-14 16:48 . 2012-02-14 16:48 -------- d-----w- c:\programdata\Lavasoft

2012-02-14 16:48 . 2012-02-14 16:48 -------- d-----w- c:\program files (x86)\Lavasoft

2012-02-10 10:45 . 2012-02-10 10:44 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C9F9C4E-BC51-4479-AFC2-55B2558F5549}\gapaengine.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-08 07:13 . 2011-09-07 14:01 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-01-31 20:17 . 2011-12-13 16:31 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2012-01-31 12:44 . 2011-03-20 22:59 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-30 19:19 . 2011-12-04 01:38 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2012-01-26 13:56 . 2011-12-04 01:38 704336 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-01-24 14:41 . 2011-12-13 16:31 704336 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-01-03 18:10 . 2012-01-03 18:10 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-01-03 18:10 . 2012-01-03 18:10 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-01-03 18:10 . 2012-01-03 18:10 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-01-03 18:10 . 2012-01-03 18:10 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-01-03 18:10 . 2012-01-03 18:10 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-01-03 18:10 . 2012-01-03 18:10 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-01-03 18:10 . 2012-01-03 18:10 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-01-03 18:10 . 2012-01-03 18:10 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-01-03 18:10 . 2012-01-03 18:10 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-01-03 18:10 . 2012-01-03 18:10 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-01-03 18:10 . 2012-01-03 18:10 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-01-03 18:10 . 2012-01-03 18:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-01-03 18:10 . 2012-01-03 18:10 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-01-03 18:10 . 2012-01-03 18:10 448512 ----a-w- c:\windows\system32\html.iec

2012-01-03 18:10 . 2012-01-03 18:10 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-01-03 18:10 . 2012-01-03 18:10 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-01-03 18:10 . 2012-01-03 18:10 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-01-03 18:10 . 2012-01-03 18:10 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-01-03 18:10 . 2012-01-03 18:10 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-01-03 18:10 . 2012-01-03 18:10 222208 ----a-w- c:\windows\system32\msls31.dll

2012-01-03 18:10 . 2012-01-03 18:10 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-01-03 18:10 . 2012-01-03 18:10 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-01-03 18:10 . 2012-01-03 18:10 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-01-03 18:10 . 2012-01-03 18:10 160256 ----a-w- c:\windows\system32\wextract.exe

2012-01-03 18:10 . 2012-01-03 18:10 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-01-03 18:10 . 2012-01-03 18:10 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-01-03 18:10 . 2012-01-03 18:10 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-01-03 18:10 . 2012-01-03 18:10 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-01-03 18:10 . 2012-01-03 18:10 12288 ----a-w- c:\windows\system32\mshta.exe

2012-01-03 18:10 . 2012-01-03 18:10 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-01-03 18:10 . 2012-01-03 18:10 114176 ----a-w- c:\windows\system32\admparse.dll

2012-01-03 18:10 . 2012-01-03 18:10 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-01-03 18:10 . 2012-01-03 18:10 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-01-03 18:10 . 2012-01-03 18:10 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-12-30 07:16 . 2011-12-29 17:39 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-24_16.29.54 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2012-02-24 20:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-02-24 12:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-02-24 12:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-02-24 20:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-02-24 12:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-02-24 20:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 05:10 . 2012-02-24 20:12 42590 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-03-20 22:44 . 2012-02-24 20:12 12544 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1245602046-2624867945-1446905043-1001_UserData.bin

- 2010-06-28 06:29 . 2012-02-21 11:48 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-06-28 06:29 . 2012-02-25 20:02 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-06-28 06:29 . 2012-02-25 20:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-06-28 06:29 . 2012-02-21 11:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-02-21 11:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-02-25 20:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-02-24 11:32 . 2012-02-24 11:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-02-24 20:10 . 2012-02-24 20:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-02-24 20:10 . 2012-02-24 20:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-02-24 11:32 . 2012-02-24 11:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-03-20 16:51 . 2012-02-24 20:11 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2011-03-20 16:51 . 2012-02-24 11:32 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2011-03-30 11:34 . 2012-02-26 13:11 373342 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2010-06-28 06:54 . 2012-02-26 11:56 704226 c:\windows\system32\perfh013.dat

- 2010-06-28 06:54 . 2012-02-22 22:34 704226 c:\windows\system32\perfh013.dat

+ 2009-07-14 02:36 . 2012-02-26 11:56 618652 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-02-22 22:34 618652 c:\windows\system32\perfh009.dat

- 2010-06-28 06:54 . 2012-02-22 22:34 135312 c:\windows\system32\perfc013.dat

+ 2010-06-28 06:54 . 2012-02-26 11:56 135312 c:\windows\system32\perfc013.dat

- 2009-07-14 02:36 . 2012-02-22 22:34 107932 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-02-26 11:56 107932 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-02-24 01:44 432436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-02-24 18:12 432436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-04-04 10:13 . 2012-02-24 18:12 7023252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1245602046-2624867945-1446905043-1001-8192.dat

- 2011-04-04 10:13 . 2012-02-24 01:44 7023252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1245602046-2624867945-1446905043-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-04-17 05:55 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-06 39408]

"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2011-11-01 1053056]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-31 460872]

.

c:\users\slazou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-20 135664]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-02-14 2152152]

R3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-20 135664]

R3 Ltn_stk7070P_64;PCTV based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7070P_64.sys [x]

R3 Ltn_stkrc_64;PCTV Infrared Receiver;c:\windows\system32\DRIVERS\Ltn_stkrc_64.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-04-17 305520]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-04-23 867360]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-31 652360]

S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-20 16:53]

.

2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-20 16:53]

.

2012-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1245602046-2624867945-1446905043-1001Core.job

- c:\users\slazou\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 18:09]

.

2012-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1245602046-2624867945-1446905043-1001UA.job

- c:\users\slazou\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 18:09]

.

2012-02-25 c:\windows\Tasks\Norton Security Scan for slazou.job

- c:\progra~2\NORTON~2\Engine\311~1.6\Nss.exe [2011-05-02 10:23]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-04-17 05:58 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-23 10134560]

"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-15 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-15 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-15 365592]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-04-23 861216]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2011-05-13 884584]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_5734z&r=27360311t565l04f4z1m5t56m2o97s

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

Trusted Zone: dexia.be

Trusted Zone: dexia.be\directnet

TCP: DhcpNameServer = 195.130.130.2 195.130.131.2

FF - ProfilePath - c:\users\slazou\AppData\Roaming\Mozilla\Firefox\Profiles\y14hira0.default\

FF - user.js: extensions.BabylonToolbar_i.id - 8e1b751c00000000000070f1a1bbdaff

FF - user.js: extensions.BabylonToolbar_i.hardId - 8e1b751c00000000000070f1a1bbdaff

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15312

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.171:50

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=19993

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-02-26 15:08:50

ComboFix-quarantined-files.txt 2012-02-26 14:08

ComboFix2.txt 2012-02-24 16:56

.

Pre-Run: 414.421.848.064 bytes beschikbaar

Post-Run: 415.380.561.920 bytes beschikbaar

.

- - End Of File - - 290F687F45AEB5CCED6A4BAF985A1B40

Link naar reactie
Delen op andere sites

  • Reacties 21
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

ComboFix 12-02-24.02 - slazou 27/02/2012 12:38:37.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4026.2061 [GMT 1:00]

Gestart vanuit: c:\users\slazou\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\slazou\Desktop\CFScript.txt

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-01-27 to 2012-02-27 ))))))))))))))))))))))))))))))

.

.

2012-02-27 11:51 . 2012-02-27 11:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-27 06:57 . 2012-02-27 06:57 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78031730-2886-4E09-81EC-5FBFE024D01E}\offreg.dll

2012-02-27 06:56 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78031730-2886-4E09-81EC-5FBFE024D01E}\mpengine.dll

2012-02-24 20:36 . 2012-02-24 20:36 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin

2012-02-24 12:21 . 2012-02-24 12:21 -------- d-----w- c:\users\slazou\AppData\Roaming\Malwarebytes

2012-02-24 12:21 . 2012-02-24 12:21 -------- d-----w- c:\programdata\Malwarebytes

2012-02-24 12:21 . 2012-02-24 12:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-02-24 12:21 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-21 23:06 . 2012-02-21 23:06 388096 ----a-r- c:\users\slazou\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-02-21 23:06 . 2012-02-21 23:06 -------- d-----w- c:\program files (x86)\Trend Micro

2012-02-20 12:54 . 2012-02-20 12:55 -------- d-----w- c:\users\slazou\AppData\Local\jZip

2012-02-20 12:54 . 2012-02-20 12:54 -------- d-----w- c:\program files (x86)\jZip

2012-02-15 08:57 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-15 08:57 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-15 08:57 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-15 08:57 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-02-15 08:57 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-02-15 08:57 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2012-02-15 08:57 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-15 08:57 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

2012-02-15 08:51 . 2012-02-14 16:50 16432 ----a-w- c:\windows\system32\lsdelete.exe

2012-02-14 16:50 . 2012-02-14 16:50 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2012-02-14 16:48 . 2011-12-23 06:12 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys

2012-02-14 16:48 . 2012-02-14 16:48 -------- d-----w- c:\programdata\Lavasoft

2012-02-14 16:48 . 2012-02-14 16:48 -------- d-----w- c:\program files (x86)\Lavasoft

2012-02-10 10:45 . 2012-02-10 10:44 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C9F9C4E-BC51-4479-AFC2-55B2558F5549}\gapaengine.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-08 07:13 . 2011-09-07 14:01 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-01-31 20:17 . 2011-12-13 16:31 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2012-01-31 12:44 . 2011-03-20 22:59 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-30 19:19 . 2011-12-04 01:38 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2012-01-26 13:56 . 2011-12-04 01:38 704336 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-01-24 14:41 . 2011-12-13 16:31 704336 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-01-03 18:10 . 2012-01-03 18:10 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-01-03 18:10 . 2012-01-03 18:10 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-01-03 18:10 . 2012-01-03 18:10 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-01-03 18:10 . 2012-01-03 18:10 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-01-03 18:10 . 2012-01-03 18:10 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-01-03 18:10 . 2012-01-03 18:10 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-01-03 18:10 . 2012-01-03 18:10 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-01-03 18:10 . 2012-01-03 18:10 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-01-03 18:10 . 2012-01-03 18:10 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-01-03 18:10 . 2012-01-03 18:10 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-01-03 18:10 . 2012-01-03 18:10 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-01-03 18:10 . 2012-01-03 18:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-01-03 18:10 . 2012-01-03 18:10 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-01-03 18:10 . 2012-01-03 18:10 448512 ----a-w- c:\windows\system32\html.iec

2012-01-03 18:10 . 2012-01-03 18:10 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-01-03 18:10 . 2012-01-03 18:10 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-01-03 18:10 . 2012-01-03 18:10 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-01-03 18:10 . 2012-01-03 18:10 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-01-03 18:10 . 2012-01-03 18:10 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-01-03 18:10 . 2012-01-03 18:10 222208 ----a-w- c:\windows\system32\msls31.dll

2012-01-03 18:10 . 2012-01-03 18:10 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-01-03 18:10 . 2012-01-03 18:10 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-01-03 18:10 . 2012-01-03 18:10 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-01-03 18:10 . 2012-01-03 18:10 160256 ----a-w- c:\windows\system32\wextract.exe

2012-01-03 18:10 . 2012-01-03 18:10 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-01-03 18:10 . 2012-01-03 18:10 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-01-03 18:10 . 2012-01-03 18:10 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-01-03 18:10 . 2012-01-03 18:10 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-01-03 18:10 . 2012-01-03 18:10 12288 ----a-w- c:\windows\system32\mshta.exe

2012-01-03 18:10 . 2012-01-03 18:10 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-01-03 18:10 . 2012-01-03 18:10 114176 ----a-w- c:\windows\system32\admparse.dll

2012-01-03 18:10 . 2012-01-03 18:10 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-01-03 18:10 . 2012-01-03 18:10 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-01-03 18:10 . 2012-01-03 18:10 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-12-30 07:16 . 2011-12-29 17:39 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-24_16.29.54 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2012-02-24 20:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-02-24 12:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-02-24 12:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-02-24 20:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-02-24 12:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-02-24 20:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 05:10 . 2012-02-24 20:12 42590 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-03-20 22:44 . 2012-02-24 20:12 12544 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1245602046-2624867945-1446905043-1001_UserData.bin

- 2010-06-28 06:29 . 2012-02-21 11:48 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-06-28 06:29 . 2012-02-25 20:02 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-06-28 06:29 . 2012-02-25 20:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-06-28 06:29 . 2012-02-21 11:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-02-21 11:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-02-25 20:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-02-24 11:32 . 2012-02-24 11:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-02-24 20:10 . 2012-02-24 20:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-02-24 20:10 . 2012-02-24 20:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-02-24 11:32 . 2012-02-24 11:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-03-20 16:51 . 2012-02-24 20:11 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2011-03-20 16:51 . 2012-02-24 11:32 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2011-03-30 11:34 . 2012-02-27 10:46 374008 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2010-06-28 06:54 . 2012-02-27 01:36 704226 c:\windows\system32\perfh013.dat

- 2010-06-28 06:54 . 2012-02-22 22:34 704226 c:\windows\system32\perfh013.dat

+ 2009-07-14 02:36 . 2012-02-27 01:36 618652 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-02-22 22:34 618652 c:\windows\system32\perfh009.dat

- 2010-06-28 06:54 . 2012-02-22 22:34 135312 c:\windows\system32\perfc013.dat

+ 2010-06-28 06:54 . 2012-02-27 01:36 135312 c:\windows\system32\perfc013.dat

- 2009-07-14 02:36 . 2012-02-22 22:34 107932 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-02-27 01:36 107932 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-02-24 01:44 432436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-02-24 18:12 432436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-04-04 10:13 . 2012-02-24 18:12 7023252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1245602046-2624867945-1446905043-1001-8192.dat

- 2011-04-04 10:13 . 2012-02-24 01:44 7023252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1245602046-2624867945-1446905043-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-04-17 05:55 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-06 39408]

"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2011-11-01 1053056]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-31 460872]

.

c:\users\slazou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-20 135664]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-02-14 2152152]

R3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-20 135664]

R3 Ltn_stk7070P_64;PCTV based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7070P_64.sys [x]

R3 Ltn_stkrc_64;PCTV Infrared Receiver;c:\windows\system32\DRIVERS\Ltn_stkrc_64.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-04-17 305520]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-04-23 867360]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-31 652360]

S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-20 16:53]

.

2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-20 16:53]

.

2012-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1245602046-2624867945-1446905043-1001Core.job

- c:\users\slazou\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 18:09]

.

2012-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1245602046-2624867945-1446905043-1001UA.job

- c:\users\slazou\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 18:09]

.

2012-02-27 c:\windows\Tasks\Norton Security Scan for slazou.job

- c:\progra~2\NORTON~2\Engine\311~1.6\Nss.exe [2011-05-02 10:23]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-04-17 05:58 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-23 10134560]

"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-15 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-15 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-15 365592]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-04-23 861216]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2011-05-13 884584]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_5734z&r=27360311t565l04f4z1m5t56m2o97s

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

Trusted Zone: dexia.be

Trusted Zone: dexia.be\directnet

TCP: DhcpNameServer = 195.130.130.2 195.130.131.2

FF - ProfilePath - c:\users\slazou\AppData\Roaming\Mozilla\Firefox\Profiles\y14hira0.default\

FF - user.js: extensions.BabylonToolbar_i.id - 8e1b751c00000000000070f1a1bbdaff

FF - user.js: extensions.BabylonToolbar_i.hardId - 8e1b751c00000000000070f1a1bbdaff

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15312

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.171:50

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=19993

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-02-27 13:25:28

ComboFix-quarantined-files.txt 2012-02-27 12:25

ComboFix2.txt 2012-02-26 14:09

ComboFix3.txt 2012-02-24 16:56

.

Pre-Run: 413.354.565.632 bytes beschikbaar

Post-Run: 413.066.858.496 bytes beschikbaar

.

- - End Of File - - 65FBE4824DDAF383DF74695BF8B91F1B

Link naar reactie
Delen op andere sites

Het is nog niet gelukt maar het is mijn schuld.

Er zat een foutje in het script, sorry :sad

Open het bestand CFScript.txt

Vervang de inhoud door onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - c:\users\slazou\AppData\Roaming\Mozilla\Firefox\Profiles\y14hira0.default\

FF - user.js: extensions.BabylonToolbar_i.id - 8e1b751c00000000000070f1a1bbdaff

FF - user.js: extensions.BabylonToolbar_i.hardId - 8e1b751c00000000000070f1a1bbdaff

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15312

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.171:50

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=19993

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Sla dit bestand op je bureaublad op. Bij de vraag om het bestaande bestand te vervangen, antwoord je ja.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

Link naar reactie
Delen op andere sites

bij de eerste stap, het openen van het bestand CFScript.txt verschijnt er een melding "Het item waarnaar deze snelkoppeling verwijst, is gewijzigd of verplaatst, waardoor deze snelkoppeling niet goed meer werkt. Wilt u deze snelkoppeling verwijderen? Ja/nee"

't lukt ook niet om de snelkoppeling te openen vanuit de bestandslocatie of via Kladblok. 't Zou kunnen dat ik ze verwijderd heb hoor (dom van me), weet het niet meer.

gewoon een nieuw document openen en die tekst in plakken?

xxx

Link naar reactie
Delen op andere sites

ComboFix 12-02-24.02 - slazou 01/03/2012 15:39:52.4.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4026.2198 [GMT 1:00]

Gestart vanuit: c:\users\slazou\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\slazou\Desktop\CFScript.txt

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

- VERMINDERDE FUNCTIONALITEIT MODUS -

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-01 to 2012-03-01 ))))))))))))))))))))))))))))))

.

.

2012-03-01 14:41 . 2012-03-01 14:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-01 12:50 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EFE55B91-B783-442C-8076-5C7F4892633A}\mpengine.dll

2012-02-27 15:00 . 2012-03-01 14:04 -------- d-----w- c:\users\slazou\AppData\Roaming\Skype

2012-02-27 15:00 . 2012-02-27 15:01 -------- d-----r- c:\program files (x86)\Skype

2012-02-27 15:00 . 2012-02-27 15:00 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-02-27 15:00 . 2012-02-27 15:00 -------- d-----w- c:\programdata\Skype

2012-02-24 20:36 . 2012-02-24 20:36 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin

2012-02-24 12:21 . 2012-02-24 12:21 -------- d-----w- c:\users\slazou\AppData\Roaming\Malwarebytes

2012-02-24 12:21 . 2012-02-24 12:21 -------- d-----w- c:\programdata\Malwarebytes

2012-02-24 12:21 . 2012-02-24 12:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-02-24 12:21 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-21 23:06 . 2012-02-21 23:06 388096 ----a-r- c:\users\slazou\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-02-21 23:06 . 2012-02-21 23:06 -------- d-----w- c:\program files (x86)\Trend Micro

2012-02-20 12:54 . 2012-02-20 12:55 -------- d-----w- c:\users\slazou\AppData\Local\jZip

2012-02-20 12:54 . 2012-02-20 12:54 -------- d-----w- c:\program files (x86)\jZip

2012-02-15 08:57 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-15 08:57 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-15 08:57 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-15 08:57 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-02-15 08:57 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-02-15 08:57 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2012-02-15 08:57 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-15 08:57 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

2012-02-15 08:51 . 2012-02-14 16:50 16432 ----a-w- c:\windows\system32\lsdelete.exe

2012-02-14 16:50 . 2012-02-14 16:50 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2012-02-14 16:48 . 2011-12-23 06:12 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys

2012-02-14 16:48 . 2012-02-14 16:48 -------- d-----w- c:\programdata\Lavasoft

2012-02-14 16:48 . 2012-02-14 16:48 -------- d-----w- c:\program files (x86)\Lavasoft

2012-02-10 10:45 . 2012-02-10 10:44 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C9F9C4E-BC51-4479-AFC2-55B2558F5549}\gapaengine.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-08 07:13 . 2011-09-07 14:01 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-01-31 20:17 . 2011-12-13 16:31 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2012-01-31 12:44 . 2011-03-20 22:59 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-30 19:19 . 2011-12-04 01:38 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2012-01-26 13:56 . 2011-12-04 01:38 704336 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-01-24 14:41 . 2011-12-13 16:31 704336 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-01-03 18:10 . 2012-01-03 18:10 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-01-03 18:10 . 2012-01-03 18:10 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-01-03 18:10 . 2012-01-03 18:10 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-01-03 18:10 . 2012-01-03 18:10 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-01-03 18:10 . 2012-01-03 18:10 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-01-03 18:10 . 2012-01-03 18:10 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-01-03 18:10 . 2012-01-03 18:10 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-01-03 18:10 . 2012-01-03 18:10 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-01-03 18:10 . 2012-01-03 18:10 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-01-03 18:10 . 2012-01-03 18:10 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-01-03 18:10 . 2012-01-03 18:10 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-01-03 18:10 . 2012-01-03 18:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-01-03 18:10 . 2012-01-03 18:10 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-01-03 18:10 . 2012-01-03 18:10 448512 ----a-w- c:\windows\system32\html.iec

2012-01-03 18:10 . 2012-01-03 18:10 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-01-03 18:10 . 2012-01-03 18:10 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-01-03 18:10 . 2012-01-03 18:10 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-01-03 18:10 . 2012-01-03 18:10 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-01-03 18:10 . 2012-01-03 18:10 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-01-03 18:10 . 2012-01-03 18:10 222208 ----a-w- c:\windows\system32\msls31.dll

2012-01-03 18:10 . 2012-01-03 18:10 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-01-03 18:10 . 2012-01-03 18:10 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-01-03 18:10 . 2012-01-03 18:10 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-01-03 18:10 . 2012-01-03 18:10 160256 ----a-w- c:\windows\system32\wextract.exe

2012-01-03 18:10 . 2012-01-03 18:10 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-01-03 18:10 . 2012-01-03 18:10 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-01-03 18:10 . 2012-01-03 18:10 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-01-03 18:10 . 2012-01-03 18:10 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-01-03 18:10 . 2012-01-03 18:10 12288 ----a-w- c:\windows\system32\mshta.exe

2012-01-03 18:10 . 2012-01-03 18:10 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-01-03 18:10 . 2012-01-03 18:10 114176 ----a-w- c:\windows\system32\admparse.dll

2012-01-03 18:10 . 2012-01-03 18:10 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-01-03 18:10 . 2012-01-03 18:10 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-01-03 18:10 . 2012-01-03 18:10 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-12-30 07:16 . 2011-12-29 17:39 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-24_16.29.54 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-02-24 12:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-02-24 20:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-02-24 12:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-02-24 20:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-02-24 12:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-02-24 20:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 05:10 . 2012-02-24 20:12 42590 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-03-20 22:44 . 2012-02-24 20:12 12544 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1245602046-2624867945-1446905043-1001_UserData.bin

+ 2010-06-28 06:29 . 2012-02-25 20:02 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-06-28 06:29 . 2012-02-21 11:48 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-06-28 06:29 . 2012-02-21 11:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-06-28 06:29 . 2012-02-25 20:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-02-21 11:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-02-25 20:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-02-24 11:32 . 2012-02-24 11:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-02-24 20:10 . 2012-02-24 20:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-02-24 11:32 . 2012-02-24 11:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-02-24 20:10 . 2012-02-24 20:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-03-20 16:51 . 2012-02-24 20:11 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2011-03-20 16:51 . 2012-02-24 11:32 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2011-03-30 11:34 . 2012-03-01 12:38 375400 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2010-06-28 06:54 . 2012-02-29 14:30 704226 c:\windows\system32\perfh013.dat

- 2010-06-28 06:54 . 2012-02-22 22:34 704226 c:\windows\system32\perfh013.dat

+ 2009-07-14 02:36 . 2012-02-29 14:30 618652 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-02-22 22:34 618652 c:\windows\system32\perfh009.dat

- 2010-06-28 06:54 . 2012-02-22 22:34 135312 c:\windows\system32\perfc013.dat

+ 2010-06-28 06:54 . 2012-02-29 14:30 135312 c:\windows\system32\perfc013.dat

- 2009-07-14 02:36 . 2012-02-22 22:34 107932 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-02-29 14:30 107932 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-02-24 01:44 432436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-02-24 18:12 432436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-02-27 15:00 . 2012-02-27 15:00 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe

- 2011-04-04 10:13 . 2012-02-24 01:44 7023252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1245602046-2624867945-1446905043-1001-8192.dat

+ 2011-04-04 10:13 . 2012-02-24 18:12 7023252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1245602046-2624867945-1446905043-1001-8192.dat

+ 2012-02-27 15:01 . 2012-02-27 15:01 6561792 c:\windows\Installer\e5726d6.msi

+ 2012-02-27 15:00 . 2012-02-27 15:00 18980864 c:\windows\Installer\e5726d1.msi

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-04-17 05:55 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-06 39408]

"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2011-11-01 1053056]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-31 460872]

.

c:\users\slazou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-20 135664]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-02-14 2152152]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]

R3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-20 135664]

R3 Ltn_stk7070P_64;PCTV based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7070P_64.sys [x]

R3 Ltn_stkrc_64;PCTV Infrared Receiver;c:\windows\system32\DRIVERS\Ltn_stkrc_64.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-04-17 305520]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-04-23 867360]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-31 652360]

S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2012-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-20 16:53]

.

2012-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-20 16:53]

.

2012-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1245602046-2624867945-1446905043-1001Core.job

- c:\users\slazou\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 18:09]

.

2012-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1245602046-2624867945-1446905043-1001UA.job

- c:\users\slazou\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 18:09]

.

2012-02-29 c:\windows\Tasks\Norton Security Scan for slazou.job

- c:\progra~2\NORTON~2\Engine\311~1.6\Nss.exe [2011-05-02 10:23]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-04-17 05:58 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-23 10134560]

"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-15 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-15 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-15 365592]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-04-23 861216]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2011-05-13 884584]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_5734z&r=27360311t565l04f4z1m5t56m2o97s

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

Trusted Zone: dexia.be

Trusted Zone: dexia.be\directnet

TCP: DhcpNameServer = 195.130.130.2 195.130.131.2

FF - ProfilePath - c:\users\slazou\AppData\Roaming\Mozilla\Firefox\Profiles\y14hira0.default\

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-03-01 15:43:29

ComboFix-quarantined-files.txt 2012-03-01 14:43

ComboFix2.txt 2012-02-27 12:25

ComboFix3.txt 2012-02-26 14:09

ComboFix4.txt 2012-02-24 16:56

.

Pre-Run: 410.281.472.000 bytes beschikbaar

Post-Run: 409.906.069.504 bytes beschikbaar

.

- - End Of File - - 9EA2887E8773DE1E50AB0219A004B4EE

Link naar reactie
Delen op andere sites

Dit ziet er goed uit.

Dan gaan we nu het register opruimen.

Download CCleaner. (Als je het nog niet hebt)

Installeer het (Als je niet wil dat Google Chrome op je pc als standaard webbrowser wordt geïnstalleerd, moet je de 2 vinkjes wegdoen !!!) en start CCleaner op.

Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'.

Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”.

Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”.

Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”.

Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft.

Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

En wat is de situatie na de registeropruiming?

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.