Ga naar inhoud

HPc

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    142

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door HPc

  1. HPc
    in "systeembeveiliging" zijn er geen vinkjes om weg te halen. Ik zie wel het volgende: - systeemherstel - beveiligingsinstellingen -beschikbare stations -RECOVERY - OS(C:)systeem - herstelinstellingen configureren,schijfruimte beheren en herstelpunten verwijderen - nu een herstelpunt maken voor de stations waarvoor de systeembeveiliging is ingeschakeld
  2. HPc
    Ik heb de lijnen kunnen verwijderen, dit is pas in veilige modus gelukt. Voor het verwijderen was het icoontje van CCleaner veranderd op mijn desktop, nu is dit weer hersteld. Mag ik CCleaner nog gebruiken?
  3. HPc
    Nee ik heb geen last meer van bitvertiser. --> Hier volgt de log van hijackt this: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:24:53, on 13/03/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Windows\system32\wuauclt.exe C:\dell\DBRM\Reminder\DbrmTrayicon.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door MSN and Bing O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 O4 - HKLM\..\Run: [RemoteControl9] "c:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "c:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" O4 - HKLM\..\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- End of file - 8078 bytes --> Log van malwarebytes: Malwarebytes Anti-Malware (-evaluatieversie-) 1.60.1.1000 www.malwarebytes.org Databaseversie: v2012.03.13.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Pela :: PELA-PC [administrator] Realtime bescherming: Uitgeschakeld 13/03/2012 10:40:18 mbam-log-2012-03-13 (10-40-18).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 179247 Verstreken tijd: 7 minuut/minuten, 28 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde)
  4. HPc
    Ik heb de pc laten scannen door mc affee virusscanner. Deze heeft volgende trojaanse paarden gedetecteerd en verwijderd: XCPT-HOOK1 TDSS.e!rootkit (Paard van Troje) ODS(Volledige scan) IRP_MJ_INTERNAL_DEVICE_CONTROL TDSS.f!rootkit (Paard van Troje) ODS(Volledige scan) c:\Documents and Settings\All Users\d1g8eWjHhWVw40 FakeAlert!grb (Paard van Troje) ODS(Volledige scan) c:\Documents and Settings\All Users\~d1g8eWjHhWVw40 FakeAlert!grb (Paard van Troje) ODS(Volledige scan) c:\Documents and Settings\All Users\~d1g8eWjHhWVw40r FakeAlert!grb (Paard van Troje) Hierna is het wel gelukt om SP1 te installeren .
  5. HPc
    De installatie van SP1 is niet gelukt. Ik heb de instructies gevolgd van Fout bij de installatie van Windows 7 en Windows Server 2008 R2 Service Pack 1 (SP1): 0x800F0A12 [h=4]-->Fout luidt: "Opslag van opstartconfiguratiegegevens kon niet worden geopend. Het systeem kan het opgegeven bestand niet vinden."[/h]Deze fout kan optreden als de systeempartitie tijdens het opstarten niet wordt gekoppeld of niet toegankelijk is voor Windows. ... [h=4]--> Na intypen van mountvol/ E in opdrachtprompt en heropstarten is het weer niet gelukt. Moet ik het in veilige modus proberen?[/h]
  6. HPc
    De scan met CC cleaner is gelukt Kan ik nu windows service pack 1 installeren? Is het beter om in het vervolg nooit meer gebruik te maken van "babylon" ?
  7. HPc
    Omdat Combofix niet van het bureaublad werd verwijderd na intypen van ComboFix /Uninstall, heb ik dit manueel verwijderd. Als ik nu Combofix /Uninstall intyp gebeurt er niets. Moet ik terug Combofix downloaden en daarna terug Combofix /Uninstall intypen? Of mag ik verder doen met opdracht 60.
  8. HPc
    Na intypen van ComboFix /Uninstall verschijnt er na een tijdje weer zo'n blauw venster met "even geduld combofix wordt opgestart." Is dit de bedoeling of is er iets misgelopen?
  9. HPc
    De nieuwe inhoud van combofix: ComboFix 12-03-09.05 - Pela 09/03/2012 20:33:34.4.4 - x86 MINIMAL Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.1911.1118 [GMT 1:00] Gestart vanuit: c:\users\Pela\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Pela\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-09 to 2012-03-09 )))))))))))))))))))))))))))))) . . 2012-03-09 20:07 . 2012-03-09 20:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-09 10:16 . 2012-02-20 00:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE9A39F4-9775-4B94-A07E-6D59BFB66419}\mpengine.dll 2012-03-08 23:05 . 2012-03-09 20:07 -------- d-----w- c:\users\Pela\AppData\Local\temp 2012-03-08 15:45 . 2012-03-08 15:45 -------- d-----w- c:\windows\system32\SPReview 2012-03-08 15:16 . 2012-03-08 15:16 -------- d-----w- c:\windows\CheckSur 2012-03-03 22:36 . 2012-03-03 22:36 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-03-03 22:36 . 2012-03-03 22:36 -------- d-----w- c:\program files\Java 2012-03-02 15:49 . 2012-03-02 15:49 -------- d-----w- c:\windows\system32\EventProviders 2012-03-01 16:24 . 2012-03-01 16:24 388096 ----a-r- c:\users\Pela\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-29 16:42 . 2012-03-01 21:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-27 17:28 . 2012-02-27 17:28 -------- d-----w- c:\program files\Common Files\Adobe 2012-02-23 18:48 . 2012-02-23 18:48 -------- d-----w- C:\temp 2012-02-23 18:37 . 2012-02-23 18:37 -------- d-----w- c:\users\Pela\AppData\Local\Trend Micro 2012-02-23 18:26 . 2012-03-02 20:48 -------- d-----w- c:\program files\Trend Micro 2012-02-21 16:24 . 2012-02-21 16:24 -------- d-----w- c:\users\Pela\AppData\Local\ACD Systems 2012-02-21 16:24 . 2012-02-21 16:24 -------- d-----w- c:\users\Pela\AppData\Roaming\ACD Systems 2012-02-21 16:22 . 2012-02-23 22:00 -------- d-----w- c:\program files\Common Files\ACD Systems 2012-02-21 16:21 . 2012-02-21 16:21 -------- d-----w- c:\users\Pela\AppData\Local\Downloaded Installations 2012-02-21 16:10 . 2012-02-21 16:10 -------- d-----w- c:\users\Pela\AppData\Roaming\TuneUp Software 2012-02-21 16:09 . 2012-02-21 16:11 -------- d-----w- c:\programdata\TuneUp Software 2012-02-21 16:07 . 2012-03-03 20:03 -------- d-----w- c:\users\Pela\AppData\Roaming\uTorrent 2012-02-14 22:56 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-14 22:56 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2012-02-14 22:56 . 2011-12-14 03:04 1798656 ----a-w- c:\windows\system32\jscript9.dll 2012-02-14 22:56 . 2011-12-14 02:57 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-14 22:56 . 2011-12-14 02:54 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2012-02-14 22:55 . 2011-12-14 02:59 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2012-02-14 22:55 . 2011-12-14 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-14 21:29 . 2012-01-03 05:44 478208 ----a-w- c:\windows\system32\timedate.cpl 2012-02-14 21:29 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-14 21:29 . 2012-01-04 09:03 442880 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-14 21:29 . 2012-01-14 03:48 2340864 ----a-w- c:\windows\system32\win32k.sys 2012-02-11 21:56 . 2012-02-11 21:56 -------- d-----w- c:\users\Pela\AppData\Local\Apps 2012-02-10 20:03 . 2012-02-10 20:10 -------- d-----w- c:\users\Pela\AppData\Roaming\Systweak . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-03 22:36 . 2011-10-19 15:56 567696 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-03 19:58 . 2011-10-16 16:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-23 08:18 . 2010-11-10 17:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2011-12-14 17:43 . 2011-11-17 17:33 704336 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2011-09-29 07:28 . 2011-10-16 12:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-03-06_20.31.19 ))))))))))))))))))))))))))))))))))))))))) . + 2010-09-05 13:43 . 2012-03-09 19:15 58172 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:55 . 2012-03-09 19:15 38064 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-10-06 18:36 . 2012-03-09 19:15 17110 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2062663584-2361553994-830336109-1000_UserData.bin - 2009-07-14 04:50 . 2012-03-06 19:25 86016 c:\windows\System32\DriverStore\infpub.dat + 2009-07-14 04:50 . 2012-03-09 19:14 86016 c:\windows\System32\DriverStore\infpub.dat + 2012-03-09 19:21 . 2012-03-09 19:21 14189 c:\windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2012-03-06 19:23 . 2012-03-06 19:23 14189 c:\windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2010-09-30 09:59 . 2012-03-06 19:38 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-30 09:59 . 2012-03-08 23:18 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-30 09:59 . 2012-03-08 23:18 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-30 09:59 . 2012-03-06 19:38 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:41 . 2012-03-08 23:18 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:41 . 2012-03-06 19:38 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-03-06 19:24 . 2012-03-06 19:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-03-09 19:22 . 2012-03-09 19:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-03-06 19:24 . 2012-03-06 19:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-03-09 19:22 . 2012-03-09 19:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-03-08 15:41 . 2012-03-08 15:41 152576 c:\windows\winsxs\Temp\PendingRenames\456c0ff441fdcc01570800006c0ba815.msclmd.dll + 2012-03-08 13:06 . 2012-03-08 13:06 152576 c:\windows\winsxs\Temp\PendingRenames\0bc6d1532cfdcc01570800008015a810.msclmd.dll + 2010-10-11 18:14 . 2012-03-09 11:16 330402 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2012-03-08 15:45 . 2012-03-08 15:29 253952 c:\windows\System32\SPReview\spwizui.dll - 2012-03-06 12:47 . 2012-03-06 12:21 253952 c:\windows\System32\SPReview\spwizui.dll - 2012-03-06 12:47 . 2012-03-06 12:21 280576 c:\windows\System32\SPReview\spreview.exe + 2012-03-08 15:45 . 2012-03-08 15:29 280576 c:\windows\System32\SPReview\spreview.exe + 2012-03-08 15:45 . 2012-03-08 15:29 190464 c:\windows\System32\SPReview\sperror.dll - 2012-03-06 12:47 . 2012-03-06 12:21 190464 c:\windows\System32\SPReview\sperror.dll + 2009-07-14 04:50 . 2012-03-09 19:14 143360 c:\windows\System32\DriverStore\infstrng.dat - 2009-07-14 04:50 . 2012-03-06 19:25 143360 c:\windows\System32\DriverStore\infstrng.dat + 2009-07-14 04:50 . 2012-03-09 19:14 143360 c:\windows\System32\DriverStore\infstor.dat - 2009-07-14 04:50 . 2012-03-06 19:25 143360 c:\windows\System32\DriverStore\infstor.dat - 2009-07-14 04:47 . 2012-03-06 19:23 276968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 04:47 . 2012-03-09 19:21 276968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 02:03 . 2012-03-09 10:26 7340032 c:\windows\System32\SMI\Store\Machine\schema.dat - 2009-07-14 02:03 . 2012-03-06 18:03 7340032 c:\windows\System32\SMI\Store\Machine\schema.dat + 2011-09-12 19:58 . 2012-03-08 16:13 2062676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2062663584-2361553994-830336109-1000-12288.dat + 2010-10-19 19:47 . 2012-03-09 19:21 30506024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2062663584-2361553994-830336109-1000-8192.dat - 2011-11-02 01:11 . 2012-03-06 19:23 47221300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2062663584-2361553994-830336109-1000-4096.dat + 2011-11-02 01:11 . 2012-03-09 19:04 47221300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2062663584-2361553994-830336109-1000-4096.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496] "FreeFallProtection"="c:\program files\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-09-05 5249024] "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336] "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-14 50472] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [2009-03-03 81920] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176] R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-11-30 60928] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472] R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176] R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-27 125696] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-05 277536] R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944] R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408] R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864] R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304] R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-06 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-11-27 16176] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-12-03 41648] . . Inhoud van de 'Gedeelde Taken' map . 2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 19:07] . 2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 19:07] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.bing.com/ TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Windows 6.1.7600 Disk: WDC_WD25 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 . device: opened successfully user: MBR read successfully kernel: MBR read successfully user != kernel MBR !!! error: Read Kan de opdracht niet uitvoeren door een fout in een I/O-apparaat. sectors 488397151 (+0): user != kernel . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.032" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.abr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ani" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.apd" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.arw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.bay" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.bmp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.bw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cr2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.crw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cs1" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cur" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dcr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dcx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.dib" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.djv" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.djvu" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dng" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.emf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.eps" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.erf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.fff" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.fpx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.gif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.hdr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.icl" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.icn" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.iff" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ilbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.int" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.inta" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.iw4" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.j2c" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.j2k" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jbr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jfif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jp2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpc" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jpe" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jpeg" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jpg" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpk" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.kdc" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.lbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mef" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mos" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mrw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NEF\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.nef" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.nrw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.orf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pbr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pcd" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pct" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pcx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pef" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pgm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pic" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pict" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pix" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.png" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ppm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.psd" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.psp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pspbrush" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pspimage" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.raf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ras" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.raw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rgb" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rgba" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rle" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rsb" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rw2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rwl" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.sgi" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.sr2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.srf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.tga" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.THM\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.thm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.tif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.tiff" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ttc" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ttf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.v30po" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.v30pp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.v30ppf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wbmp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wmf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xmp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xpm" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(1192) c:\windows\system32\MSHTML.dll . Voltooingstijd: 2012-03-09 21:22:51 ComboFix-quarantined-files.txt 2012-03-09 20:22 ComboFix2.txt 2012-03-08 23:05 ComboFix3.txt 2012-03-08 17:45 ComboFix4.txt 2012-03-06 20:47 . Pre-Run: 184.637.460.480 bytes beschikbaar Post-Run: 184.428.294.144 bytes beschikbaar . - - End Of File - - 1D66DF67C4FF59B43E70B6BD3F99C2FC
  10. HPc
    de inhoud van Combofix.txt: ComboFix 12-03-06.01 - Pela 08/03/2012 23:15:09.3.4 - x86 MINIMAL Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.1911.1158 [GMT 1:00] Gestart vanuit: c:\users\Pela\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Pela\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936} c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi c:\users\Pela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-08 to 2012-03-08 )))))))))))))))))))))))))))))) . . 2012-03-08 22:49 . 2012-03-08 22:50 -------- d-----w- c:\users\Pela\AppData\Local\temp 2012-03-08 22:49 . 2012-03-08 22:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-08 15:45 . 2012-03-08 15:45 -------- d-----w- c:\windows\system32\SPReview 2012-03-08 15:16 . 2012-03-08 15:16 -------- d-----w- c:\windows\CheckSur 2012-03-06 12:24 . 2012-02-20 00:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D0C1191-9F5C-482F-82E5-CD3FD342CE36}\mpengine.dll 2012-03-03 22:36 . 2012-03-03 22:36 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-03-03 22:36 . 2012-03-03 22:36 -------- d-----w- c:\program files\Java 2012-03-02 15:49 . 2012-03-02 15:49 -------- d-----w- c:\windows\system32\EventProviders 2012-03-01 16:24 . 2012-03-01 16:24 388096 ----a-r- c:\users\Pela\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-29 16:42 . 2012-03-01 21:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-27 17:28 . 2012-02-27 17:28 -------- d-----w- c:\program files\Common Files\Adobe 2012-02-23 18:48 . 2012-02-23 18:48 -------- d-----w- C:\temp 2012-02-23 18:37 . 2012-02-23 18:37 -------- d-----w- c:\users\Pela\AppData\Local\Trend Micro 2012-02-23 18:26 . 2012-03-02 20:48 -------- d-----w- c:\program files\Trend Micro 2012-02-21 16:24 . 2012-02-21 16:24 -------- d-----w- c:\users\Pela\AppData\Local\ACD Systems 2012-02-21 16:24 . 2012-02-21 16:24 -------- d-----w- c:\users\Pela\AppData\Roaming\ACD Systems 2012-02-21 16:22 . 2012-02-23 22:00 -------- d-----w- c:\program files\Common Files\ACD Systems 2012-02-21 16:21 . 2012-02-21 16:21 -------- d-----w- c:\users\Pela\AppData\Local\Downloaded Installations 2012-02-21 16:10 . 2012-02-21 16:10 -------- d-----w- c:\users\Pela\AppData\Roaming\TuneUp Software 2012-02-21 16:09 . 2012-02-21 16:11 -------- d-----w- c:\programdata\TuneUp Software 2012-02-21 16:07 . 2012-03-03 20:03 -------- d-----w- c:\users\Pela\AppData\Roaming\uTorrent 2012-02-14 22:56 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-14 22:56 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2012-02-14 22:56 . 2011-12-14 03:04 1798656 ----a-w- c:\windows\system32\jscript9.dll 2012-02-14 22:56 . 2011-12-14 02:57 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-14 22:56 . 2011-12-14 02:54 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2012-02-14 22:55 . 2011-12-14 02:59 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2012-02-14 22:55 . 2011-12-14 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-14 21:29 . 2012-01-03 05:44 478208 ----a-w- c:\windows\system32\timedate.cpl 2012-02-14 21:29 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-14 21:29 . 2012-01-04 09:03 442880 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-14 21:29 . 2012-01-14 03:48 2340864 ----a-w- c:\windows\system32\win32k.sys 2012-02-11 21:56 . 2012-02-11 21:56 -------- d-----w- c:\users\Pela\AppData\Local\Apps 2012-02-10 20:03 . 2012-02-10 20:10 -------- d-----w- c:\users\Pela\AppData\Roaming\Systweak . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-03 22:36 . 2011-10-19 15:56 567696 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-03 19:58 . 2011-10-16 16:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-23 08:18 . 2010-11-10 17:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2011-12-14 17:43 . 2011-11-17 17:33 704336 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2011-09-29 07:28 . 2011-10-16 12:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-03-06_20.31.19 ))))))))))))))))))))))))))))))))))))))))) . + 2010-09-05 13:43 . 2012-03-08 21:32 58076 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:55 . 2012-03-08 16:15 38064 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-10-06 18:36 . 2012-03-08 16:08 17110 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2062663584-2361553994-830336109-1000_UserData.bin - 2009-07-14 04:50 . 2012-03-06 19:25 86016 c:\windows\System32\DriverStore\infpub.dat + 2009-07-14 04:50 . 2012-03-08 17:53 86016 c:\windows\System32\DriverStore\infpub.dat + 2012-03-08 22:03 . 2012-03-08 22:03 14189 c:\windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2012-03-06 19:23 . 2012-03-06 19:23 14189 c:\windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2010-09-30 09:59 . 2012-03-06 19:38 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-30 09:59 . 2012-03-08 18:00 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-30 09:59 . 2012-03-08 18:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-30 09:59 . 2012-03-06 19:38 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:41 . 2012-03-08 18:00 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:41 . 2012-03-06 19:38 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-03-06 19:24 . 2012-03-06 19:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-03-08 22:03 . 2012-03-08 22:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-03-06 19:24 . 2012-03-06 19:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-03-08 22:03 . 2012-03-08 22:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-03-08 15:41 . 2012-03-08 15:41 152576 c:\windows\winsxs\Temp\PendingRenames\456c0ff441fdcc01570800006c0ba815.msclmd.dll + 2012-03-08 13:06 . 2012-03-08 13:06 152576 c:\windows\winsxs\Temp\PendingRenames\0bc6d1532cfdcc01570800008015a810.msclmd.dll + 2010-10-11 18:14 . 2012-03-07 23:10 328438 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2012-03-08 15:45 . 2012-03-08 15:29 253952 c:\windows\System32\SPReview\spwizui.dll - 2012-03-06 12:47 . 2012-03-06 12:21 253952 c:\windows\System32\SPReview\spwizui.dll - 2012-03-06 12:47 . 2012-03-06 12:21 280576 c:\windows\System32\SPReview\spreview.exe + 2012-03-08 15:45 . 2012-03-08 15:29 280576 c:\windows\System32\SPReview\spreview.exe + 2012-03-08 15:45 . 2012-03-08 15:29 190464 c:\windows\System32\SPReview\sperror.dll - 2012-03-06 12:47 . 2012-03-06 12:21 190464 c:\windows\System32\SPReview\sperror.dll + 2009-07-14 04:50 . 2012-03-08 17:53 143360 c:\windows\System32\DriverStore\infstrng.dat - 2009-07-14 04:50 . 2012-03-06 19:25 143360 c:\windows\System32\DriverStore\infstrng.dat + 2009-07-14 04:50 . 2012-03-08 17:53 143360 c:\windows\System32\DriverStore\infstor.dat - 2009-07-14 04:50 . 2012-03-06 19:25 143360 c:\windows\System32\DriverStore\infstor.dat - 2009-07-14 04:47 . 2012-03-06 19:23 276968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 04:47 . 2012-03-08 22:03 276968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 02:03 . 2012-03-08 21:44 7340032 c:\windows\System32\SMI\Store\Machine\schema.dat - 2009-07-14 02:03 . 2012-03-06 18:03 7340032 c:\windows\System32\SMI\Store\Machine\schema.dat + 2011-09-12 19:58 . 2012-03-08 16:13 2062676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2062663584-2361553994-830336109-1000-12288.dat + 2010-10-19 19:47 . 2012-03-08 22:03 30434584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2062663584-2361553994-830336109-1000-8192.dat - 2011-11-02 01:11 . 2012-03-06 19:23 47221300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2062663584-2361553994-830336109-1000-4096.dat + 2011-11-02 01:11 . 2012-03-08 16:13 47221300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2062663584-2361553994-830336109-1000-4096.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496] "FreeFallProtection"="c:\program files\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-09-05 5249024] "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336] "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-14 50472] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [2009-03-03 81920] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176] R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-11-30 60928] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472] R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176] R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-27 125696] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-05 277536] R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944] R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408] R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864] R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304] R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-06 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-11-27 16176] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-12-03 41648] . . Inhoud van de 'Gedeelde Taken' map . 2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 19:07] . 2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 19:07] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.bing.com/ TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - user.js: extensions.BabylonToolbar_i.id - d02d2a220000000000001c659d2da719 FF - user.js: extensions.BabylonToolbar_i.hardId - d02d2a220000000000001c659d2da719 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15380 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:09 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109985 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Windows 6.1.7600 Disk: WDC_WD25 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 . device: opened successfully user: MBR read successfully kernel: MBR read successfully user != kernel MBR !!! error: Read Kan de opdracht niet uitvoeren door een fout in een I/O-apparaat. sectors 488397151 (+0): user != kernel . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.032" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.abr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ani" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.apd" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.arw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.bay" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.bmp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.bw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cr2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.crw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cs1" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cur" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dcr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dcx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.dib" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.djv" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.djvu" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dng" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.emf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.eps" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.erf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.fff" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.fpx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.gif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.hdr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.icl" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.icn" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.iff" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ilbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.int" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.inta" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.iw4" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.j2c" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.j2k" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jbr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jfif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jp2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpc" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jpe" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jpeg" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jpg" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpk" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.kdc" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.lbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mef" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mos" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mrw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NEF\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.nef" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.nrw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.orf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pbr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pcd" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pct" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pcx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pef" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pgm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pic" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pict" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pix" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.png" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ppm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.psd" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.psp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pspbrush" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pspimage" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.raf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ras" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.raw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rgb" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rgba" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rle" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rsb" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rw2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rwl" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.sgi" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.sr2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.srf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.tga" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.THM\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.thm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.tif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.tiff" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ttc" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ttf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.v30po" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.v30pp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.v30ppf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wbmp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wmf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xmp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xpm" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-03-09 00:05:06 ComboFix-quarantined-files.txt 2012-03-08 23:04 ComboFix2.txt 2012-03-08 17:45 ComboFix3.txt 2012-03-06 20:47 . Pre-Run: 184.738.553.856 bytes beschikbaar Post-Run: 184.666.034.176 bytes beschikbaar . - - End Of File - - 33D3EE145145AA3CB925516A2F7EA5A7
  11. HPc
    log van combofix: ComboFix 12-03-06.01 - Pela 08/03/2012 17:54:37.2.4 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.1911.1095 [GMT 1:00] Gestart vanuit: c:\users\Pela\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Pela\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "C:\user.js" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\user.js . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-08 to 2012-03-08 )))))))))))))))))))))))))))))) . . 2012-03-08 17:29 . 2012-03-08 17:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-08 15:45 . 2012-03-08 15:45 -------- d-----w- c:\windows\system32\SPReview 2012-03-08 15:16 . 2012-03-08 15:16 -------- d-----w- c:\windows\CheckSur 2012-03-06 12:24 . 2012-02-20 00:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D0C1191-9F5C-482F-82E5-CD3FD342CE36}\mpengine.dll 2012-03-03 22:36 . 2012-03-03 22:36 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-03-03 22:36 . 2012-03-03 22:36 -------- d-----w- c:\program files\Java 2012-03-02 15:49 . 2012-03-02 15:49 -------- d-----w- c:\windows\system32\EventProviders 2012-03-01 16:24 . 2012-03-01 16:24 388096 ----a-r- c:\users\Pela\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-29 16:42 . 2012-03-01 21:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-27 17:28 . 2012-02-27 17:28 -------- d-----w- c:\program files\Common Files\Adobe 2012-02-23 18:48 . 2012-02-23 18:48 -------- d-----w- C:\temp 2012-02-23 18:37 . 2012-02-23 18:37 -------- d-----w- c:\users\Pela\AppData\Local\Trend Micro 2012-02-23 18:26 . 2012-03-02 20:48 -------- d-----w- c:\program files\Trend Micro 2012-02-21 16:24 . 2012-02-21 16:24 -------- d-----w- c:\users\Pela\AppData\Local\ACD Systems 2012-02-21 16:24 . 2012-02-21 16:24 -------- d-----w- c:\users\Pela\AppData\Roaming\ACD Systems 2012-02-21 16:22 . 2012-02-23 22:00 -------- d-----w- c:\program files\Common Files\ACD Systems 2012-02-21 16:21 . 2012-02-21 16:21 -------- d-----w- c:\users\Pela\AppData\Local\Downloaded Installations 2012-02-21 16:10 . 2012-02-21 16:10 -------- d-----w- c:\users\Pela\AppData\Roaming\TuneUp Software 2012-02-21 16:09 . 2012-02-21 16:11 -------- d-----w- c:\programdata\TuneUp Software 2012-02-21 16:09 . 2012-02-21 16:09 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2012-02-21 16:07 . 2012-03-03 20:03 -------- d-----w- c:\users\Pela\AppData\Roaming\uTorrent 2012-02-14 22:56 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-14 22:56 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2012-02-14 22:56 . 2011-12-14 03:04 1798656 ----a-w- c:\windows\system32\jscript9.dll 2012-02-14 22:56 . 2011-12-14 02:57 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-14 22:56 . 2011-12-14 02:54 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2012-02-14 22:55 . 2011-12-14 02:59 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2012-02-14 22:55 . 2011-12-14 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-14 21:29 . 2012-01-03 05:44 478208 ----a-w- c:\windows\system32\timedate.cpl 2012-02-14 21:29 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-14 21:29 . 2012-01-04 09:03 442880 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-14 21:29 . 2012-01-14 03:48 2340864 ----a-w- c:\windows\system32\win32k.sys 2012-02-11 21:56 . 2012-02-11 21:56 -------- d-----w- c:\users\Pela\AppData\Local\Apps 2012-02-10 20:03 . 2012-02-10 20:10 -------- d-----w- c:\users\Pela\AppData\Roaming\Systweak . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-03 22:36 . 2011-10-19 15:56 567696 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-03 19:58 . 2011-10-16 16:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-23 08:18 . 2010-11-10 17:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2011-12-14 17:43 . 2011-11-17 17:33 704336 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2011-09-29 07:28 . 2011-10-16 12:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-03-06_20.31.19 ))))))))))))))))))))))))))))))))))))))))) . + 2010-09-05 13:43 . 2012-03-08 16:15 58076 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:55 . 2012-03-08 16:15 38064 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-10-06 18:36 . 2012-03-08 16:08 17110 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2062663584-2361553994-830336109-1000_UserData.bin - 2009-07-14 04:50 . 2012-03-06 19:25 86016 c:\windows\System32\DriverStore\infpub.dat + 2009-07-14 04:50 . 2012-03-08 16:14 86016 c:\windows\System32\DriverStore\infpub.dat + 2012-03-08 16:13 . 2012-03-08 16:13 14189 c:\windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2012-03-06 19:23 . 2012-03-06 19:23 14189 c:\windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2010-09-30 09:59 . 2012-03-06 19:38 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-30 09:59 . 2012-03-08 12:20 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-30 09:59 . 2012-03-08 12:20 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-30 09:59 . 2012-03-06 19:38 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:41 . 2012-03-08 12:20 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:41 . 2012-03-06 19:38 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-03-06 19:24 . 2012-03-06 19:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-03-08 16:13 . 2012-03-08 16:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-03-06 19:24 . 2012-03-06 19:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-03-08 16:13 . 2012-03-08 16:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-03-08 15:41 . 2012-03-08 15:41 152576 c:\windows\winsxs\Temp\PendingRenames\456c0ff441fdcc01570800006c0ba815.msclmd.dll + 2012-03-08 13:06 . 2012-03-08 13:06 152576 c:\windows\winsxs\Temp\PendingRenames\0bc6d1532cfdcc01570800008015a810.msclmd.dll + 2010-10-11 18:14 . 2012-03-07 23:10 328438 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2012-03-08 15:45 . 2012-03-08 15:29 253952 c:\windows\System32\SPReview\spwizui.dll - 2012-03-06 12:47 . 2012-03-06 12:21 253952 c:\windows\System32\SPReview\spwizui.dll - 2012-03-06 12:47 . 2012-03-06 12:21 280576 c:\windows\System32\SPReview\spreview.exe + 2012-03-08 15:45 . 2012-03-08 15:29 280576 c:\windows\System32\SPReview\spreview.exe + 2012-03-08 15:45 . 2012-03-08 15:29 190464 c:\windows\System32\SPReview\sperror.dll - 2012-03-06 12:47 . 2012-03-06 12:21 190464 c:\windows\System32\SPReview\sperror.dll + 2009-07-14 04:50 . 2012-03-08 16:14 143360 c:\windows\System32\DriverStore\infstrng.dat - 2009-07-14 04:50 . 2012-03-06 19:25 143360 c:\windows\System32\DriverStore\infstrng.dat + 2009-07-14 04:50 . 2012-03-08 16:14 143360 c:\windows\System32\DriverStore\infstor.dat - 2009-07-14 04:50 . 2012-03-06 19:25 143360 c:\windows\System32\DriverStore\infstor.dat - 2009-07-14 04:47 . 2012-03-06 19:23 276968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 04:47 . 2012-03-08 16:13 276968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 02:03 . 2012-03-08 16:31 7340032 c:\windows\System32\SMI\Store\Machine\schema.dat - 2009-07-14 02:03 . 2012-03-06 18:03 7340032 c:\windows\System32\SMI\Store\Machine\schema.dat + 2011-09-12 19:58 . 2012-03-08 16:13 2062676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2062663584-2361553994-830336109-1000-12288.dat + 2010-10-19 19:47 . 2012-03-08 16:13 30434584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2062663584-2361553994-830336109-1000-8192.dat - 2011-11-02 01:11 . 2012-03-06 19:23 47221300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2062663584-2361553994-830336109-1000-4096.dat + 2011-11-02 01:11 . 2012-03-08 16:13 47221300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2062663584-2361553994-830336109-1000-4096.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496] "FreeFallProtection"="c:\program files\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-09-05 5249024] "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336] "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-14 50472] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176] R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-11-30 60928] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-06 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-11-27 16176] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [2009-03-03 81920] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-12-03 41648] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-27 125696] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-05 277536] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . Inhoud van de 'Gedeelde Taken' map . 2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 19:07] . 2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 19:07] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.bing.com/ TCP: DhcpNameServer = 193.74.208.65 194.119.228.67 192.168.1.1 FF - ProfilePath - c:\users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - user.js: extensions.BabylonToolbar_i.id - d02d2a220000000000001c659d2da719 FF - user.js: extensions.BabylonToolbar_i.hardId - d02d2a220000000000001c659d2da719 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15380 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:09 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109985 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Windows 6.1.7600 Disk: WDC_WD25 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 . device: opened successfully user: MBR read successfully kernel: MBR read successfully user != kernel MBR !!! error: Read Kan de opdracht niet uitvoeren door een fout in een I/O-apparaat. sectors 488397151 (+0): user != kernel . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.032" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.abr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ani" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.apd" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.arw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.bay" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.bmp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.bw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cr2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.crw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cs1" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cur" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dcr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dcx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.dib" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.djv" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.djvu" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dng" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.emf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.eps" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.erf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.fff" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.fpx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.gif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.hdr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.icl" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.icn" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.iff" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ilbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.int" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.inta" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.iw4" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.j2c" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.j2k" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jbr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jfif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jp2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpc" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jpe" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jpeg" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jpg" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpk" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.kdc" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.lbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mef" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mos" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mrw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NEF\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.nef" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.nrw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.orf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pbr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pcd" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pct" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pcx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pef" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pgm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pic" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pict" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pix" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.png" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ppm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.psd" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.psp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pspbrush" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pspimage" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.raf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ras" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.raw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rgb" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rgba" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rle" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rsb" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rw2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rwl" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.sgi" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.sr2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.srf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.tga" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.THM\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.thm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.tif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.tiff" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ttc" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ttf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.v30po" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.v30pp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.v30ppf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wbmp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wmf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xmp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xpm" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-03-08 18:45:41 ComboFix-quarantined-files.txt 2012-03-08 17:45 ComboFix2.txt 2012-03-06 20:47 . Pre-Run: 184.723.628.032 bytes beschikbaar Post-Run: 184.674.906.112 bytes beschikbaar . - - End Of File - - 6A6E09987C5AD45573C7EA11FD5F8A06
  12. HPc
    - Het lukt nog steeds niet met het installeren van windows service pack 1 (SP1). Na foutmelding werd ik doorverwezen naar Problemen met het installeren van Service Pack 1 (SP1) voor Windows 7 en Windows Server 2008 R2 oplossen Ik heb dan het System Update Readiness Tool gedownload en geïnstalleerd (voor Windows 7 32-bits (x86)). --> SP1 installatie niet gelukt. - Vervolgens heb ik de Windows Update-probleemoplosser gebruikt. --> SP1 installatie niet gelukt - Op deze pagina Download Details Hulpprogramma System Update Readiness voor Windows 7 (KB947821) [februari 2012] staan er bij "Downloads van anderen bekijken" nog downloads. Moet ik hier nog iets van downloaden alvorens ik windows service pack 1 kan installeren?
  13. HPc
    Na instellen van de standaardvoorwaarden kan ik mijn emailattachements weer downloaden . Bedankt voor de tip.
  14. HPc
    Bij het begin van de scan met combofix werd aangegeven dat deze niet langer dan 10 min zou duren tenzij de pc ernstig geïnfecteerd zou zijn. Bij mij heeft de scan 21 min geduurd. Denkt u dat er nu nog restanten op mijn pc zijn van het virus dat er kwam na het openen van een email?
  15. HPc
    Ik gebruik bijna altijd Internet Explorer.
  16. HPc
    Het lukt nog steeds niet om in internet explorer attachements van gmail en outlook te downloaden en op te slaan; weergeven lukt wel. Met mozilla firefox is er geen probleem.
  17. HPc
    De log met Combofix is gelukt (na uitschakelen van Windows Firewall en Windows defende) Hier volgt de inhoud: ComboFix 12-03-06.01 - Pela 06/03/2012 20:53:59.1.4 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.1911.1071 [GMT 1:00] Gestart vanuit: c:\users\Pela\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Pela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2 .lnk c:\users\Pela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3 .lnk c:\windows\system32\drivers\npf.sys c:\windows\system32\roboot.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))) . . 2012-03-06 20:29 . 2012-03-06 20:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-06 12:47 . 2012-03-06 12:47 -------- d-----w- c:\windows\system32\SPReview 2012-03-06 12:24 . 2012-02-20 00:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D0C1191-9F5C-482F-82E5-CD3FD342CE36}\mpengine.dll 2012-03-03 22:36 . 2012-03-03 22:36 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-03-03 22:36 . 2012-03-03 22:36 -------- d-----w- c:\program files\Java 2012-03-02 15:49 . 2012-03-02 15:49 -------- d-----w- c:\windows\system32\EventProviders 2012-03-01 16:24 . 2012-03-01 16:24 388096 ----a-r- c:\users\Pela\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-29 16:42 . 2012-03-01 21:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-27 17:28 . 2012-02-27 17:28 -------- d-----w- c:\program files\Common Files\Adobe 2012-02-23 18:48 . 2012-02-23 18:48 -------- d-----w- C:\temp 2012-02-23 18:37 . 2012-02-23 18:37 -------- d-----w- c:\users\Pela\AppData\Local\Trend Micro 2012-02-23 18:26 . 2012-03-02 20:48 -------- d-----w- c:\program files\Trend Micro 2012-02-21 16:24 . 2012-02-21 16:24 -------- d-----w- c:\users\Pela\AppData\Local\ACD Systems 2012-02-21 16:24 . 2012-02-21 16:24 -------- d-----w- c:\users\Pela\AppData\Roaming\ACD Systems 2012-02-21 16:22 . 2012-02-23 22:00 -------- d-----w- c:\program files\Common Files\ACD Systems 2012-02-21 16:21 . 2012-02-21 16:21 -------- d-----w- c:\users\Pela\AppData\Local\Downloaded Installations 2012-02-21 16:10 . 2012-02-21 16:10 -------- d-----w- c:\users\Pela\AppData\Roaming\TuneUp Software 2012-02-21 16:09 . 2012-02-21 16:11 -------- d-----w- c:\programdata\TuneUp Software 2012-02-21 16:09 . 2012-02-21 16:09 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2012-02-21 16:07 . 2012-03-03 20:03 -------- d-----w- c:\users\Pela\AppData\Roaming\uTorrent 2012-02-14 22:56 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-14 22:56 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2012-02-14 22:56 . 2011-12-14 03:04 1798656 ----a-w- c:\windows\system32\jscript9.dll 2012-02-14 22:56 . 2011-12-14 02:57 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-14 22:56 . 2011-12-14 02:54 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2012-02-14 22:55 . 2011-12-14 02:59 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2012-02-14 22:55 . 2011-12-14 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-14 21:29 . 2012-01-03 05:44 478208 ----a-w- c:\windows\system32\timedate.cpl 2012-02-14 21:29 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-14 21:29 . 2012-01-04 09:03 442880 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-14 21:29 . 2012-01-14 03:48 2340864 ----a-w- c:\windows\system32\win32k.sys 2012-02-11 21:56 . 2012-02-11 21:56 -------- d-----w- c:\users\Pela\AppData\Local\Apps 2012-02-10 20:09 . 2012-02-10 20:09 237 ----a-w- C:\user.js 2012-02-10 20:03 . 2012-02-10 20:10 -------- d-----w- c:\users\Pela\AppData\Roaming\Systweak 2012-02-07 15:46 . 2012-03-04 17:39 -------- d-----w- c:\users\Pela\AppData\Local\CrashDumps 2012-02-07 00:13 . 2010-10-05 19:27 150200 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak\components\kavlinkfilter.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-03 22:36 . 2011-10-19 15:56 567696 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-03 19:58 . 2011-10-16 16:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-23 08:18 . 2010-11-10 17:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2011-12-14 17:43 . 2011-11-17 17:33 704336 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2011-09-29 07:28 . 2011-10-16 12:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496] "FreeFallProtection"="c:\program files\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-09-05 5249024] "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336] "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-14 50472] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer5"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176] R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-11-30 60928] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-06 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-11-27 16176] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [2009-03-03 81920] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-12-03 41648] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-27 125696] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-05 277536] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . Inhoud van de 'Gedeelde Taken' map . 2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 19:07] . 2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 19:07] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.bing.com/ mStart Page = about:blank IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 193.74.208.65 194.119.228.67 192.168.1.1 FF - ProfilePath - c:\users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - user.js: extensions.BabylonToolbar_i.id - d02d2a220000000000001c659d2da719 FF - user.js: extensions.BabylonToolbar_i.hardId - d02d2a220000000000001c659d2da719 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15380 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:09 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109985 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) WebBrowser-{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - (no file) WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file) HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe . . . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7600 Disk: WDC_WD25 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 . device: opened successfully user: MBR read successfully kernel: MBR read successfully user != kernel MBR !!! sectors 488397151 (+0): user != kernel . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.032" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.abr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ani" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.apd" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.arw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.bay" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.bmp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.bw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cr2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.crw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cs1" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cur" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dcr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dcx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.dib" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.djv" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.djvu" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dng" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.emf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.eps" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.erf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.fff" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.fpx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.gif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.hdr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.icl" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.icn" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.iff" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ilbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.int" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.inta" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.iw4" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.j2c" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.j2k" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jbr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jfif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jp2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpc" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jpe" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jpeg" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jpg" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpk" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.kdc" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.lbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mef" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mos" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mrw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NEF\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.nef" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.nrw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.orf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pbr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pcd" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pct" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pcx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pef" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pgm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pic" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pict" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pix" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.png" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ppm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.psd" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.psp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pspbrush" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pspimage" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.raf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ras" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.raw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rgb" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rgba" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rle" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rsb" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rw2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rwl" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.sgi" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.sr2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.srf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.tga" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.THM\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.thm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.tif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.tiff" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ttc" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ttf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.v30po" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.v30pp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.v30ppf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wbmp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wmf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xmp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xpm" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-03-06 21:47:13 ComboFix-quarantined-files.txt 2012-03-06 20:47 . Pre-Run: 185.117.151.232 bytes beschikbaar Post-Run: 185.657.536.512 bytes beschikbaar . - - End Of File - - 3EF4A425A69E54EE4BCE640FAA05D33F
  18. HPc
    Ik heb ook TDSS Killer verwijderd en terug gedownload, maar de scan lukt weer niet. Ik had een tijdje geleden wel een antivirus programma van Kaspersky Lab, dat ik inmiddels verwijderd heb, ik weet niet of hier een verband tussen is.
  19. HPc
    Het installeren van service pack 1 voor windows 7 is niet gelukt. Na 5 min en na 1 x herstarten door service pack kreeg ik volgende foutmelding: fout: ERROR_SHARING_VIOLATION (0x80070020) Ik heb de pc heropgestart en combofix gedeinstalleerd met ComboFix /Uninstall en nogmaals geprobeerd om service pack 1 te installeren. --> Onmiddellijk foutmelding 0x800f0a12 Dan de instructies opgevolgd van Fout bij de installatie van Windows 7 en Windows Server 2008 R2 Service Pack 1 (SP1): 0x800F0A12 met opdrachtprompt en bcdedit --> "Kan het archief met opstartconfiguratiegegevens niet openen. Het systeem kan het opgegeven bestand niet vinden. Na opdrachtprompt en mountvol /E en heropstarten is het weer niet gelukt om service pack 1 te installeren. Ik kan dan kiezen tussen 3 opties -De partitie is gemaakt met een programma van een andere softwarefabrikant -De harde schijf met de systeempartitie is verwijderd -Geen toegang tot de systeempartitie in een SAN (Storage Area Network) Volgens mij is geen hiervan van toepassing, denkt u dat ik Windows 7 opnieuw moet installeren?
  20. HPc
    Is het uitvoeren van de scan met ComboFix en TDSSKiller nog nodig, aangezien secure bidvertiser niet meer veschijnt. ---------- Post toegevoegd om 22:46 ---------- Vorige post was om 22:43 ---------- Dient het service pack 1 voor windows 7 nog geïnstalleerd te worden?
  21. HPc
    Ik heb de oude versie verwijderd. Dan een nieuwe versie gedownload in veilige modus; Dit lukte noch via link 1, noch via link 2 (het smart screen filter gaf aan dat het bestand niet veel gedownload wordt en mogelijk niet veilig is --> ik heb het dan toch gedownload via link 1) Er wordt weer gescand, maar er verschijnt weer geen logje, ook geen tekstbestand te vinden (ComboFix.txt) ---------- Post toegevoegd om 13:58 ---------- Vorige post was om 13:57 ---------- De Pc sluit weer niet gewoon af (via afsluiten forceren)
  22. HPc
    Het is weer niet gelukt met combofix.exe; ook niet in veilige modus. (Voor veilige modus kan ik tussen 3 opties kiezen: - veilige modus - veilige modus met netwerkmogelijkheid - veilige modus met opdrachtprompt Ik heb het geprobeerd met "veilige modus".)
  23. HPc
    Ik heb volgende melding niet gekregen:" C:\Documents and Settings\username\Bureaublad\ComboFix.exe/$0\List.bat Verwijderd Virus.Win32.HTML!IK " Maar TDSS stond ook in de lijst met hoog risico. Na de scan werd mij gevraagd of ik dit wou doorsturen naar Emisoft voor nadere analyse. Ik heb op ja geklikt, maar de map met TDSSkiller werd niet verwijderd, wel de map met het ZIP bestand. Hier volgt de inhoud van het LOG bestand: Emsisoft Emergency Kit - Versie 1.0 Laatste Update: 5-3-2012 10:13:04 Scaninstellingen: Scantype: Diepe Scan Objecten: Geheugen, Sporen, Cookies, C:\, Q:\ Scan archieven: Aan Heuristieken: Uit ADS Scan: Aan Scan gestart: 5-3-2012 10:13:56 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:58 Ontdekt: Trace.TrackingCookie.ads.pubmatic.com!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:60 Ontdekt: Trace.TrackingCookie.ads.pubmatic.com!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:103 Ontdekt: Trace.TrackingCookie.be.sitestat.com!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:347 Ontdekt: Trace.TrackingCookie.doubleclick.net!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:398 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:399 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:404 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:405 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:524 Ontdekt: Trace.TrackingCookie.ad.zanox.com!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:962 Ontdekt: Trace.TrackingCookie.m.webtrends.com!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:997 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:1106 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:1108 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:1190 Ontdekt: Trace.TrackingCookie.doubleclick.net!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:1192 Ontdekt: Trace.TrackingCookie.statse.webtrendslive!A2 C:\Users\Pela\AppData\Local\Temp\SetupDataMngr_Searchqu.exe Ontdekt: Trojan.Win32.Toolbar.SearchSuite.AMN!A2 C:\Users\Pela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e6b7b2b-315b6f56/a.class Ontdekt: Exploit.Java.CVE-2010!IK C:\Users\Pela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e6b7b2b-315b6f56/b.class Ontdekt: Exploit.Java.CVE-2010!IK C:\Users\Pela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e6b7b2b-315b6f56/Draw.class Ontdekt: Exploit.Java.CVE-2010!IK C:\Users\Pela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e6b7b2b-315b6f56/Field.class Ontdekt: Exploit.Java.CVE-2010!IK C:\Users\Pela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e6b7b2b-315b6f56/Photo.class Ontdekt: Exploit.Java.CVE!IK C:\Users\Pela\Desktop\tdsskiller.zip/TDSSKiller.exe Ontdekt: Trojan.Crypt!IK Gescand Bestanden: 247251 Sporen: 443717 Cookies: 242 Processen: 65 Gevonden Bestanden: 7 Sporen: 0 Cookies: 17 Processen: 0 Registersleutels: 0 Scan Geëindigd: 5/03/2012 11:28:44 Scantijd: 1:14:48 C:\Users\Pela\Desktop\tdsskiller.zip/TDSSKiller.exe Verwijderd Trojan.Crypt!IK C:\Users\Pela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e6b7b2b-315b6f56/Photo.class Verwijderd Exploit.Java.CVE!IK C:\Users\Pela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e6b7b2b-315b6f56/a.class Verwijderd Exploit.Java.CVE-2010!IK C:\Users\Pela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e6b7b2b-315b6f56/b.class Verwijderd Exploit.Java.CVE-2010!IK C:\Users\Pela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e6b7b2b-315b6f56/Draw.class Verwijderd Exploit.Java.CVE-2010!IK C:\Users\Pela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e6b7b2b-315b6f56/Field.class Verwijderd Exploit.Java.CVE-2010!IK C:\Users\Pela\AppData\Local\Temp\SetupDataMngr_Searchqu.exe Verwijderd Trojan.Win32.Toolbar.SearchSuite.AMN!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:1192 Verwijderd Trace.TrackingCookie.statse.webtrendslive!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:1106 Verwijderd Trace.TrackingCookie.www.googleadservices.com!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:1108 Verwijderd Trace.TrackingCookie.www.googleadservices.com!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:997 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:962 Verwijderd Trace.TrackingCookie.m.webtrends.com!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:524 Verwijderd Trace.TrackingCookie.ad.zanox.com!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:404 Verwijderd Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:405 Verwijderd Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:398 Verwijderd Trace.TrackingCookie.stat.onestat!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:399 Verwijderd Trace.TrackingCookie.stat.onestat!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:347 Verwijderd Trace.TrackingCookie.doubleclick.net!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:1190 Verwijderd Trace.TrackingCookie.doubleclick.net!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:103 Verwijderd Trace.TrackingCookie.be.sitestat.com!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:58 Verwijderd Trace.TrackingCookie.ads.pubmatic.com!A2 C:\Users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\cookies.sqlite:60 Verwijderd Trace.TrackingCookie.ads.pubmatic.com!A2 Verwijderd Bestanden: 7 Sporen: 0 Cookies: 15 ---------- Post toegevoegd om 12:01 ---------- Vorige post was om 11:47 ---------- Ik krijg nog steeds advertenties via bidvertiser, gewoonlijk van uniblue Registry Booster 2012, en enkel als ik gmail geopend heb. Ik had registry booster wel ooit gedownload maar dan weer verwijderd. ---------- Post toegevoegd om 12:11 ---------- Vorige post was om 12:01 ---------- Na herstarten van de computer is het probleem volgens mij nu opgelost (geen advertenties meer van bidvertiser), maar ik kan nog steeds geen ontvangen bestanden uit gmail downloaden en opslaan
  24. HPc
    Het venster van bidvertiser wordt nu enkel geopend als ik ook gmail geopend heb, indien gmail niet geopend is, krijg ik geen bidvertiservensters meer
  25. HPc
    Het is ook niet in veilige modus gelukt met TDSS Killer. Ik weet niet of hier een verband tussen is maar ik kan ook geen bestanden (attachements) uit gmail en outlook downloaden en op mijn pc opslaan, openen lukt wel
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.