Ga naar inhoud

priscila49

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    71

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door priscila49

  1. priscila49
    Heb inmiddels mijn problemen kunnen oplossen d.m.v. deze tool Schijfcontrole uw harde schijf op fouten controleren. Er zaten veel clusterfouten op de hd en denk dat dit de oorzaak is geweest. Het heeft 2 1/2 uur geduurt eer de schijfcontrole klaar was maar heb daarna geen enkel probleem meer gehad. Mijn lappie doet het weer als van ouds. Dit wilde ik even melden en bedanken voor alle moeite en hulp die ik hier gehad heb.
  2. priscila49
    Niemand nog een idee??
  3. priscila49
    Krijg het volgende te zien; " Unsupported version".
  4. priscila49
    Wat vreemd heb al 2 x geantwoord maar zie het hier boven niet staan. 3 x is scheepsrecht wordt er gezegd dus nog maar een keer. Geeft dan aan; " kan C:\5b3deaddee2690208b860345 /F /Q niet vinden." Op de C schijf staat deze file er nog wel gewoon.
  5. priscila49
    geeft het volgende aan; " kan C:\5b3deaddee2690208b860345 /F /Q niet vinden." - - - Updated - - - geeft het volgende aan; " kan C:\5b3deaddee2690208b860345 /F /Q niet vinden." Als ik echter op computer C kijk dan staat deze file er nog gewoon. - - - Updated - - - Geeft dan het volgende aan; "kan C:\5b3deaddee2690208b860345 /F /Q niet vinden. Als ik echter op de schijf C kijk dan staat het er nog gewoon.
  6. priscila49
    Krijg het volgende te zien; "Delete wordt niet herkend als een interne of externe opdracht, programma of batchbestand."
  7. priscila49
    ComboFix 12-12-04.01 - snowy 07-12-2012 1:53.11.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.1978.951 [GMT 1:00] Gestart vanuit: c:\users\snowy\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\snowy\Desktop\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-11-07 to 2012-12-07 )))))))))))))))))))))))))))))) . . 2012-12-07 01:47 . 2012-12-07 01:47 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-12-07 01:47 . 2012-12-07 01:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-06 13:33 . 2011-03-10 16:05 57928 ----a-w- c:\windows\system32\drivers\PSKMAD.sys 2012-12-04 15:50 . 2012-12-04 15:50 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BCB2D57A-EE07-4181-B601-6B91A8849591}\offreg.dll 2012-12-04 14:21 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-04 09:08 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BCB2D57A-EE07-4181-B601-6B91A8849591}\mpengine.dll 2012-12-01 13:12 . 2012-12-01 13:12 -------- d-----w- c:\users\snowy\AppData\Roaming\PC Cleaners 2012-12-01 13:12 . 2012-12-01 13:12 -------- d-----w- c:\users\snowy\AppData\Roaming\PCPro 2012-12-01 13:12 . 2012-12-01 13:12 -------- d-----w- c:\programdata\PC1Data 2012-11-30 00:08 . 2012-12-01 18:55 -------- d-----w- c:\program files (x86)\Brink of Consciousness - The Lonely Hearts Murders Collector's Edition 2012-11-30 00:00 . 2012-11-30 00:13 -------- d-----w- c:\program files (x86)\Haunted Legends - The Undertaker Collector's Edition 2012-11-27 01:42 . 2012-11-27 01:42 -------- d-----w- c:\users\snowy\AppData\Roaming\Mariaglorum 2012-11-25 02:32 . 2012-12-02 19:03 -------- d-----w- c:\program files (x86)\Mystery of the Ancients - Curse of the Black Water Collector's Edition 2012-11-25 01:27 . 2012-12-02 19:03 -------- d-----w- c:\program files (x86)\Mystery Case Files - Shadow Lake Collector's Edition 2012-11-25 01:13 . 2012-11-25 01:13 -------- d-----w- c:\users\snowy\AppData\Roaming\GrandMA Studios 2012-11-23 02:14 . 2012-11-24 13:34 -------- d-----w- c:\program files (x86)\Mysteries of the Mind - Coma Collector's Edition 2012-11-23 01:03 . 2012-11-23 02:08 -------- d-----w- c:\program files (x86)\Death Upon an Austrian Sonata - A Dana Knightstone Novel Collector's Edition 2012-11-17 23:37 . 2012-11-17 23:37 -------- d-----w- c:\users\snowy\AppData\Roaming\Vast Studios 2012-11-17 11:47 . 2012-11-17 11:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-11-17 11:47 . 2012-11-17 11:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-11-17 11:47 . 2012-11-17 11:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-11-17 11:47 . 2012-11-17 11:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-11-17 11:47 . 2012-11-17 11:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-11-17 11:47 . 2012-11-17 11:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-11-17 11:47 . 2012-11-17 11:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-11-17 11:46 . 2012-11-17 11:47 -------- d-----w- c:\program files (x86)\QuickTime 2012-11-16 02:20 . 2012-11-16 02:20 -------- d-----w- C:\5b3deaddee2690208b860345 2012-11-16 02:19 . 2012-07-26 07:49 2560 ----a-w- c:\windows\system32\drivers\nl-NL\wdf01000.sys.mui 2012-11-16 02:19 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-16 02:19 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-16 02:19 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-16 02:07 . 2012-10-08 11:21 548864 ----a-w- c:\program files\Internet Explorer\ieproxy.dll 2012-11-16 02:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-16 02:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-16 02:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-16 02:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-16 02:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-16 02:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-16 02:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-16 00:57 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-11-16 00:57 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-11-16 00:57 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-11-16 00:57 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-11-16 00:53 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-16 00:53 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-11 15:01 . 2012-12-02 19:03 -------- d-----w- c:\program files (x86)\PictureCode . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-16 02:03 . 2011-09-30 22:44 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-13 12:36 . 2012-10-04 15:30 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-13 12:36 . 2012-10-04 15:30 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-16 08:38 . 2012-11-28 12:56 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 12:56 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 12:56 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-09-14 19:19 . 2012-10-10 07:50 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 07:50 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-09-10 23:28 . 2012-09-10 23:28 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2012-09-10 23:28 . 2012-09-10 23:28 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2012-09-10 23:28 . 2012-09-10 23:28 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2012-09-10 23:28 . 2012-09-10 23:28 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-06-28 263936] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952] "Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-07-06 600688] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "PSUAMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-10-31 3056576] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2012-06-27 33320] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-28 1255736] R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2012-06-27 68648] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-26 834544] S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2012-06-27 89128] S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2012-06-27 116776] S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2012-06-27 113192] S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2012-06-27 93224] S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2012-06-27 116776] S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2012-06-27 304680] S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2012-06-27 109096] S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2012-06-27 112680] S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2012-07-12 219688] S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2012-06-27 105000] S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2012-07-13 205352] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104] S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896] S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-07-13 140064] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744] S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-07-13 167464] S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2012-07-13 119336] S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2012-07-13 123944] S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2012-07-13 130088] S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-07-13 36640] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys [2011-03-10 57928] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 246304] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . Inhoud van de 'Gedeelde Taken' map . 2012-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-04 12:36] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2] @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}" [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}] 2012-08-02 10:43 6301584 ----a-w- c:\program files\MozyHome\mozyshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3] @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}" [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}] 2012-08-02 10:43 6301584 ----a-w- c:\program files\MozyHome\mozyshell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-14 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-14 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-14 365592] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208] "Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie uStart Page = hxxp://facebook.com/ mStart Page = hxxp://packardbell.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe TCP: DhcpNameServer = 192.168.2.254 FF - ProfilePath - c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\impi5akc.default\ FF - ExtSQL: 2012-10-31 10:49; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - ExtSQL: 2012-12-04 18:41; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\impi5akc.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi FF - ExtSQL: 2012-12-04 18:45; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\impi5akc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1153778155-1967841725-190187470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1153778155-1967841725-190187470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-12-07 03:15:09 ComboFix-quarantined-files.txt 2012-12-07 02:15 ComboFix2.txt 2012-12-07 00:09 ComboFix3.txt 2012-12-05 20:31 ComboFix4.txt 2012-08-02 14:17 . Pre-Run: 221.859.770.368 bytes beschikbaar Post-Run: 221.572.259.840 bytes beschikbaar . - - End Of File - - 7E2CC1947A6F7DA3A43303BBBD7246AC
  8. priscila49
    # AdwCleaner v2.011 - Verslag gemaakt op 06/12/2012 om 16:51:47 # Geactualiseerd op 02/12/2012 door Xplode # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits) # Gebruiker : snowy - SNOWY-PC # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\snowy\Desktop\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** Verwijdert bij het opstarten : C:\ProgramData\boost_interprocess ***** [Register] ***** ***** [browsers] ***** -\\ Internet Explorer v9.0.8112.16455 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Mozilla Firefox v17.0.1 (nl) Profielnaam : default File : C:\Users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\impi5akc.default\prefs.js [OK] De file bevat geen enkele ongeoorloofde invoer. -\\ Google Chrome v [Onmogelijk de versie te verkrijgen] File : C:\Users\snowy\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[R1].txt - [1 octets] - [03/12/2012 16:22:16] AdwCleaner[s1].txt - [23994 octets] - [14/08/2012 12:36:20] AdwCleaner[s2].txt - [3784 octets] - [03/12/2012 16:28:23] AdwCleaner[s3].txt - [1232 octets] - [06/12/2012 16:51:47] ########## EOF - C:\AdwCleaner[s3].txt - [1292 octets] ##########
  9. priscila49
    Kan dit alleen als txt document of alle bestanden opslaan in mijn documenten? Sorry weet niet hoe ik dit moet veranderen
  10. priscila49
    Die map krijg ik niet verwijderd, staat bij dat ik niet gemachtigd ben. Adwcleaner ga ik nu uitvoeren.
  11. priscila49
    Helaas ook als ik in veilige modus opstart lukt systeemherstel niet naar een datum ( lees november) toen deze problemen er niet waren. Herstellen naar de maand december lukt wel maar juist in de maand december zijn mijn problemen begonnen.
  12. priscila49
    ComboFix 12-12-04.01 - snowy 05-12-2012 20:32:04.9.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.1978.1032 [GMT 1:00] Gestart vanuit: c:\users\snowy\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-11-05 to 2012-12-05 )))))))))))))))))))))))))))))) . . 2012-12-05 20:12 . 2012-12-05 20:12 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-12-05 20:12 . 2012-12-05 20:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-05 12:13 . 2011-03-10 16:05 57928 ----a-w- c:\windows\system32\drivers\PSKMAD.sys 2012-12-04 15:50 . 2012-12-04 15:50 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BCB2D57A-EE07-4181-B601-6B91A8849591}\offreg.dll 2012-12-04 14:21 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-04 09:08 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BCB2D57A-EE07-4181-B601-6B91A8849591}\mpengine.dll 2012-12-01 13:12 . 2012-12-01 13:12 -------- d-----w- c:\users\snowy\AppData\Roaming\PC Cleaners 2012-12-01 13:12 . 2012-12-01 13:12 -------- d-----w- c:\users\snowy\AppData\Roaming\PCPro 2012-12-01 13:12 . 2012-12-01 13:12 -------- d-----w- c:\programdata\PC1Data 2012-11-30 00:08 . 2012-12-01 18:55 -------- d-----w- c:\program files (x86)\Brink of Consciousness - The Lonely Hearts Murders Collector's Edition 2012-11-30 00:00 . 2012-11-30 00:13 -------- d-----w- c:\program files (x86)\Haunted Legends - The Undertaker Collector's Edition 2012-11-27 01:42 . 2012-11-27 01:42 -------- d-----w- c:\users\snowy\AppData\Roaming\Mariaglorum 2012-11-25 02:32 . 2012-12-02 19:03 -------- d-----w- c:\program files (x86)\Mystery of the Ancients - Curse of the Black Water Collector's Edition 2012-11-25 01:27 . 2012-12-02 19:03 -------- d-----w- c:\program files (x86)\Mystery Case Files - Shadow Lake Collector's Edition 2012-11-25 01:13 . 2012-11-25 01:13 -------- d-----w- c:\users\snowy\AppData\Roaming\GrandMA Studios 2012-11-23 02:14 . 2012-11-24 13:34 -------- d-----w- c:\program files (x86)\Mysteries of the Mind - Coma Collector's Edition 2012-11-23 01:03 . 2012-11-23 02:08 -------- d-----w- c:\program files (x86)\Death Upon an Austrian Sonata - A Dana Knightstone Novel Collector's Edition 2012-11-17 23:37 . 2012-11-17 23:37 -------- d-----w- c:\users\snowy\AppData\Roaming\Vast Studios 2012-11-17 11:47 . 2012-11-17 11:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-11-17 11:47 . 2012-11-17 11:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-11-17 11:47 . 2012-11-17 11:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-11-17 11:47 . 2012-11-17 11:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-11-17 11:47 . 2012-11-17 11:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-11-17 11:47 . 2012-11-17 11:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-11-17 11:47 . 2012-11-17 11:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-11-17 11:46 . 2012-11-17 11:47 -------- d-----w- c:\program files (x86)\QuickTime 2012-11-16 02:20 . 2012-11-16 02:20 -------- d-----w- C:\5b3deaddee2690208b860345 2012-11-16 02:19 . 2012-07-26 07:49 2560 ----a-w- c:\windows\system32\drivers\nl-NL\wdf01000.sys.mui 2012-11-16 02:19 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-16 02:19 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-16 02:19 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-16 02:07 . 2012-10-08 11:21 548864 ----a-w- c:\program files\Internet Explorer\ieproxy.dll 2012-11-16 02:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-16 02:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-16 02:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-16 02:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-16 02:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-16 02:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-16 02:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-16 00:57 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-11-16 00:57 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-11-16 00:57 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-11-16 00:57 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-11-16 00:53 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-16 00:53 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-11 15:01 . 2012-12-02 19:03 -------- d-----w- c:\program files (x86)\PictureCode . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-16 02:03 . 2011-09-30 22:44 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-13 12:36 . 2012-10-04 15:30 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-13 12:36 . 2012-10-04 15:30 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-16 08:38 . 2012-11-28 12:56 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 12:56 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 12:56 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-09-14 19:19 . 2012-10-10 07:50 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 07:50 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-09-10 23:28 . 2012-09-10 23:28 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2012-09-10 23:28 . 2012-09-10 23:28 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2012-09-10 23:28 . 2012-09-10 23:28 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2012-09-10 23:28 . 2012-09-10 23:28 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-06-28 263936] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952] "Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-07-06 600688] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "PSUAMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-10-31 3056576] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2012-06-27 33320] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 246304] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-28 1255736] R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2012-06-27 68648] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-26 834544] S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2012-06-27 89128] S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2012-06-27 116776] S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2012-06-27 113192] S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2012-06-27 93224] S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2012-06-27 116776] S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2012-06-27 304680] S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2012-06-27 109096] S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2012-06-27 112680] S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2012-07-12 219688] S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2012-06-27 105000] S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2012-07-13 205352] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104] S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896] S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-07-13 140064] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744] S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-07-13 167464] S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2012-07-13 119336] S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2012-07-13 123944] S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2012-07-13 130088] S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-07-13 36640] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - PSKMAD . Inhoud van de 'Gedeelde Taken' map . 2012-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-04 12:36] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2] @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}" [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}] 2012-08-02 10:43 6301584 ----a-w- c:\program files\MozyHome\mozyshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3] @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}" [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}] 2012-08-02 10:43 6301584 ----a-w- c:\program files\MozyHome\mozyshell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-14 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-14 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-14 365592] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208] "Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie uStart Page = hxxp://facebook.com/ mStart Page = hxxp://packardbell.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe TCP: DhcpNameServer = 192.168.2.254 FF - ProfilePath - c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\impi5akc.default\ FF - ExtSQL: 2012-10-31 10:49; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - ExtSQL: 2012-12-04 18:41; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\impi5akc.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi FF - ExtSQL: 2012-12-04 18:45; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\impi5akc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1153778155-1967841725-190187470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1153778155-1967841725-190187470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-12-05 21:31:18 ComboFix-quarantined-files.txt 2012-12-05 20:31 ComboFix2.txt 2012-08-02 14:17 . Pre-Run: 222.184.046.592 bytes beschikbaar Post-Run: 222.116.909.056 bytes beschikbaar . - - End Of File - - 0482D0486B85A73E9C7074EBD0C9724E
  13. priscila49
    De datum staat goed, heb het oude(?) logje inmiddels verwijderd en verwijder combo en installeer het maar opnieuw, kijken wat voor een log het dan geeft. Systeem herstel had ik zelf al geprobeerd maar hij geeft dan een fout aan waardoor herstel niet kan worden uitgevoerd. Hier de data's van systeem herstel. 18/11-23/11-25/11-27/11-28/11-02/12.
  14. priscila49
    Zie dat er een verkeerde datum op staat dit begrijp ik niet goed. Heb in het verleden idd eerder gebruik gemaakt van Combo-fix maar niet op de datum die combo hierboven aangeeft. Ook heb ik toen alles van Combo-fix verwijderd. Heb vandaag Combo laten lopen en dit is het enigste logje wat ik er van gevonden heb.
  15. priscila49
    ComboFix 12-08-14.01 - snowy 14-08-2012 17:28:43.6.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.1978.1167 [GMT 2:00] Gestart vanuit: c:\users\snowy\Downloads\ComboFix.exe AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C} FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117} SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\boost_interprocess\20120814133823.500000 c:\programdata\boost_interprocess\20120814133823.500000\Nobu64AgentService c:\programdata\boost_interprocess\20120814133823.500000\Nobu64TrayIcon . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))) . . 2012-08-14 15:38 . 2012-08-14 15:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-14 13:03 . 2012-08-14 13:03 -------- d-----w- c:\users\snowy\AppData\Roaming\Floodlight Games 2012-08-14 13:03 . 2012-08-14 13:03 -------- d-----w- c:\programdata\Floodlight Games 2012-08-14 11:59 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-14 11:46 . 2012-08-14 11:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-08-14 11:39 . 2011-03-10 16:05 57928 ----a-w- c:\windows\system32\drivers\PSKMAD.sys 2012-08-14 10:36 . 2012-08-14 10:36 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D8A0D0C-B639-45DE-ABB3-9B69587BF13F}\offreg.dll 2012-08-14 01:12 . 2012-08-14 01:12 -------- d-----w- c:\users\snowy\AppData\Roaming\Amaranth Games 2012-08-13 22:15 . 2012-08-13 22:16 -------- d-----w- c:\program files (x86)\Special Enquiry Detail - The Hand That Feeds 2012-08-12 23:29 . 2012-08-12 23:29 -------- d-----w- c:\users\snowy\AppData\Roaming\Freeze Tag 2012-08-12 21:31 . 2012-08-12 21:31 -------- d-----w- c:\programdata\Meridian93 2012-08-12 20:52 . 2012-08-13 00:31 -------- d-----w- c:\program files (x86)\Victorian Mysteries - De Gele Kamer 2012-08-12 20:40 . 2012-08-12 20:40 -------- d-----w- c:\users\snowy\AppData\Roaming\Meridian93 2012-08-09 14:58 . 2012-08-13 07:14 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-08-07 22:10 . 2012-08-07 22:10 -------- d-----w- c:\users\snowy\AppData\Roaming\Namco 2012-08-07 22:10 . 2012-08-07 22:10 -------- d-----w- c:\users\snowy\AppData\Local\Namco 2012-08-07 17:29 . 2012-08-07 22:20 -------- d-----w- c:\program files (x86)\Reincarnations - Ontdek het verleden 2012-08-03 01:06 . 2012-08-03 01:06 -------- d-----w- c:\program files\CCleaner 2012-08-01 18:22 . 2012-08-01 18:22 -------- d-----w- c:\users\snowy\AppData\Roaming\Panda Security 2012-08-01 18:20 . 2012-08-01 18:20 -------- d-----w- c:\programdata\Panda Security 2012-08-01 18:20 . 2012-08-01 18:20 -------- d-----w- c:\program files (x86)\Panda Security 2012-08-01 11:26 . 2012-08-01 11:26 -------- d-----w- c:\program files (x86)\Trend Micro 2012-07-31 17:16 . 2012-07-31 17:16 -------- d-----w- c:\windows\SysWow64\Extensions 2012-07-31 00:38 . 2012-07-31 00:38 -------- d-----w- c:\programdata\Great Secrets 2012-07-28 20:18 . 2012-07-28 20:18 -------- d-----w- c:\users\snowy\AppData\Roaming\Mystery of Mortlake Mansion 2012-07-28 09:44 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D8A0D0C-B639-45DE-ABB3-9B69587BF13F}\mpengine.dll 2012-07-28 09:37 . 2012-07-28 15:05 -------- d-----w- c:\programdata\HitmanPro 2012-07-28 09:21 . 2012-07-28 09:21 -------- d-----w- c:\programdata\Hitman Pro 2012-07-23 22:01 . 2012-07-23 22:01 -------- d-----w- c:\users\snowy\AppData\Roaming\iMaxGen 2012-07-23 21:47 . 2012-07-23 21:47 -------- d-----w- c:\users\snowy\AppData\Roaming\HdO Adventure 2012-07-23 21:43 . 2012-08-09 14:46 -------- d-----w- c:\program files (x86)\GameTop.com 2012-07-17 22:24 . 2012-07-17 22:24 -------- d-----w- c:\windows\Profiles 2012-07-17 17:09 . 2012-07-18 21:12 -------- d-----w- c:\program files (x86)\PokerStars.EU . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-03 15:10 . 2012-04-03 08:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-03 15:10 . 2011-09-28 21:57 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-13 05:02 . 2012-07-13 05:02 130088 ----a-w- c:\windows\system32\drivers\PSINProt.sys 2012-07-13 05:02 . 2012-07-13 05:02 205352 ----a-w- c:\windows\system32\drivers\PSINKNC.sys 2012-07-13 05:02 . 2012-07-13 05:02 123944 ----a-w- c:\windows\system32\drivers\PSINProc.sys 2012-07-13 05:02 . 2012-07-13 05:02 167464 ----a-w- c:\windows\system32\drivers\PSINAflt.sys 2012-07-13 05:02 . 2012-07-13 05:02 119336 ----a-w- c:\windows\system32\drivers\PSINFile.sys 2012-07-12 09:18 . 2012-07-12 09:18 219688 ----a-w- c:\windows\system32\drivers\NNSStrm.sys 2012-07-12 00:35 . 2011-09-30 22:44 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-27 13:51 . 2012-06-27 13:51 105000 ----a-w- c:\windows\system32\drivers\NNStlsc.sys 2012-06-27 13:51 . 2012-06-27 13:51 112680 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys 2012-06-27 13:51 . 2012-06-27 13:51 109096 ----a-w- c:\windows\system32\drivers\NNSPrv.sys 2012-06-27 13:51 . 2012-06-27 13:51 68648 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys 2012-06-27 13:51 . 2012-06-27 13:51 304680 ----a-w- c:\windows\system32\drivers\NNSProt.sys 2012-06-27 13:51 . 2012-06-27 13:51 116776 ----a-w- c:\windows\system32\drivers\NNSPop3.sys 2012-06-27 13:51 . 2012-06-27 13:51 93224 ----a-w- c:\windows\system32\drivers\NNSpicc.sys 2012-06-27 13:51 . 2012-06-27 13:51 33320 ----a-w- c:\windows\system32\drivers\NNSNAHSL.sys 2012-06-27 13:51 . 2012-06-27 13:51 113192 ----a-w- c:\windows\system32\drivers\NNSIds.sys 2012-06-27 13:51 . 2012-06-27 13:51 89128 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys 2012-06-27 13:51 . 2012-06-27 13:51 116776 ----a-w- c:\windows\system32\drivers\NNSHttp.sys 2012-06-12 03:08 . 2012-07-12 00:41 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-06-09 05:43 . 2012-07-11 05:20 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 06:06 . 2012-07-11 05:20 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-11 05:20 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-11 05:18 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-11 05:20 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-11 05:20 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-11 05:18 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-06-19 02:02 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-19 02:02 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-19 02:02 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-19 02:02 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-19 02:02 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-19 02:02 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-19 02:02 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-19 02:01 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:15 . 2012-06-19 02:01 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 12:49 . 2012-07-12 00:34 17807360 ----a-w- c:\windows\system32\mshtml.dll 2012-06-02 12:17 . 2012-07-12 00:34 10924032 ----a-w- c:\windows\system32\ieframe.dll 2012-06-02 12:12 . 2012-07-12 00:34 2311680 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 12:05 . 2012-07-12 00:34 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-06-02 12:05 . 2012-07-12 00:34 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 12:04 . 2012-07-12 00:34 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 12:04 . 2012-07-12 00:34 237056 ----a-w- c:\windows\system32\url.dll 2012-06-02 12:03 . 2012-07-12 00:34 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-06-02 12:01 . 2012-07-12 00:34 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 12:00 . 2012-07-12 00:34 818688 ----a-w- c:\windows\system32\jscript.dll 2012-06-02 11:59 . 2012-07-12 00:34 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-06-02 11:57 . 2012-07-12 00:34 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-06-02 11:57 . 2012-07-12 00:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 11:54 . 2012-07-12 00:34 248320 ----a-w- c:\windows\system32\ieui.dll 2012-06-02 08:33 . 2012-07-12 00:34 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-06-02 08:25 . 2012-07-12 00:34 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-06-02 08:25 . 2012-07-12 00:34 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-06-02 08:20 . 2012-07-12 00:34 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-06-02 08:16 . 2012-07-12 00:34 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-06-02 05:50 . 2012-07-11 05:20 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-11 05:20 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:48 . 2012-07-11 05:20 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:45 . 2012-07-11 05:20 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-11 05:20 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-11 05:20 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-11 05:20 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-11 05:20 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-11 05:20 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-05-31 10:25 . 2011-11-25 21:14 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-06-28 263936] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952] "Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-07-06 600688] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-05-01 3151512] "PSUAMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2012-06-27 33320] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-12 114144] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 246304] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-28 1255736] R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2012-06-27 68648] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-26 834544] S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2012-06-27 89128] S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2012-06-27 116776] S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2012-06-27 113192] S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2012-06-27 93224] S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2012-06-27 116776] S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2012-06-27 304680] S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2012-06-27 109096] S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2012-06-27 112680] S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2012-07-12 219688] S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2012-06-27 105000] S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2012-07-13 205352] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104] S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896] S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336] S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-07-13 140064] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744] S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-07-13 167464] S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2012-07-13 119336] S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2012-07-13 123944] S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2012-07-13 130088] S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-07-13 36640] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040] S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys [2011-03-10 57928] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . Inhoud van de 'Gedeelde Taken' map . 2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 15:10] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-14 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-14 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-14 365592] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208] "Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie uStart Page = hxxp://facebook.com/ mStart Page = hxxp://packardbell.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe TCP: DhcpNameServer = 192.168.2.254 FF - ProfilePath - c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1153778155-1967841725-190187470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1153778155-1967841725-190187470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-08-14 17:43:43 ComboFix-quarantined-files.txt 2012-08-14 15:43 ComboFix2.txt 2012-08-02 14:17 . Pre-Run: 241.234.673.664 bytes beschikbaar Post-Run: 240.938.770.432 bytes beschikbaar . - - End Of File - - 8F3A53BFDD19824762BCC18A02D2B65C
  16. priscila49
    Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:23:06, on 4-12-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16455) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\PLFSetI.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Video Web Camera\traybar.exe C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe C:\Users\snowy\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://facebook.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files (x86)\Canon\CAL\CALMAIN.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: MozyHome back-updienst (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11199 bytes 2012/02/20 00:48:26 +0100 SNOWY-PC snowy MESSAGE Executing scheduled update: Daily 2012/02/20 00:48:36 +0100 SNOWY-PC snowy MESSAGE Scheduled update executed successfully: database updated from version v2012.02.19.01 to version v2012.02.19.05 2012/02/20 00:48:36 +0100 SNOWY-PC snowy MESSAGE Starting database refresh 2012/02/20 00:48:36 +0100 SNOWY-PC snowy MESSAGE Stopping IP protection 2012/02/20 00:51:34 +0100 SNOWY-PC snowy MESSAGE IP Protection stopped 2012/02/20 00:51:42 +0100 SNOWY-PC snowy MESSAGE Database refreshed successfully 2012/02/20 00:51:42 +0100 SNOWY-PC snowy MESSAGE Starting IP protection 2012/02/20 00:51:45 +0100 SNOWY-PC snowy MESSAGE IP Protection started successfully 2012/02/20 08:32:04 +0100 SNOWY-PC snowy MESSAGE Starting protection 2012/02/20 08:32:08 +0100 SNOWY-PC snowy MESSAGE Protection started successfully 2012/02/20 08:32:11 +0100 SNOWY-PC snowy MESSAGE Starting IP protection 2012/02/20 08:32:13 +0100 SNOWY-PC snowy MESSAGE IP Protection started successfully 2012/02/20 19:56:29 +0100 SNOWY-PC snowy MESSAGE Starting protection 2012/02/20 19:56:33 +0100 SNOWY-PC snowy MESSAGE Protection started successfully 2012/02/20 19:56:36 +0100 SNOWY-PC snowy MESSAGE Starting IP protection 2012/02/20 19:56:38 +0100 SNOWY-PC snowy MESSAGE IP Protection started successfully
  17. priscila49
    Hallo sinds een dag of 3 blijft mijn laptop freezen word er gek van, programma's die niet reageren of vastlopen. Ook wordt iedere keer mijn internetverbinding verbroken, iets waar ik nooit last van heb gehad. Heb hier al wat rond gekeken en alvast een Hijackje gemaakt welke ik hieronder plaats. Hoop dat jullie mij kunnen helpen. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 0:56:24, on 4-12-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16455) Boot mode: Normal Running processes: C:\Windows\PLFSetI.exe C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Video Web Camera\traybar.exe C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Users\snowy\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://facebook.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files (x86)\Canon\CAL\CALMAIN.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: MozyHome back-updienst (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11022 bytes
  18. priscila49
    Yeahhhhhhhhhhhh ben er al achter, en heb inmiddels alle verborgen bestanden weer terug. Heel erg bedankt voor de goede en snelle hulp.:knuddel: ( Okay beter van een 20 jarige) maar niet minder gemeend!
  19. priscila49
    Dit is idd opgelost waarvoor mijn dank.Nu de hamvraag. Is er een mogelijkheid dat de bestanden die weg zijn weer ergens tevoorschijn gehaald kunnen worden? Wat ik begrepen heb van het art. is dat de malware deze als verborgen bestanden maakt. Of is alles echt foetsie? Was het een virus/malware? Of was er iets anders aan de hand op mijn lappie?
  20. priscila49
    Ik ben aan het werk ( voor zover mogelijk ) op mijn lappie krijg echter bij zowat alles wat ik probeer te gebruiken de kreet " Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering" Dit gold ook voor het Internet zowel Mozilla als IE. Dit heb ik kunnen openen als zijn administrator. Maar heb bijvoorbeeld nu geen geluid op mijn lappie als ik dit probeer aan te zetten krijg ik bovenstaande kreet te zien, hetzelfde als ik probeer foto's van mijn fotokaart op de laptop te krijgen.
  21. priscila49
    ComboFix 12-07-31.03 - snowy 02-08-2012 14:09:45.5.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.1978.1020 [GMT 2:00] Gestart vanuit: c:\users\snowy\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\users\snowy\Desktop\CFScript..txt AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C} FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117} SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\appbario8 c:\program files (x86)\appbario8\appbario8ToolbarHelper.exe c:\program files (x86)\appbario8\GottenAppsContextMenu.xml c:\program files (x86)\appbario8\ldrtbappb.dll c:\program files (x86)\appbario8\OtherAppsContextMenu.xml c:\program files (x86)\appbario8\SharedAppsContextMenu.xml c:\program files (x86)\appbario8\tbappb.dll c:\program files (x86)\appbario8\toolbar.cfg c:\program files (x86)\appbario8\ToolbarContextMenu.xml c:\program files (x86)\appbario8\uninstall.exe c:\program files (x86)\Conduit c:\program files (x86)\Conduit\Community Alerts\Alert.dll c:\program files (x86)\Savings Sidekick c:\program files (x86)\Savings Sidekick\Savings Sidekick.exe c:\program files (x86)\Savings Sidekick\Savings Sidekick.ico c:\program files (x86)\Savings Sidekick\Savings Sidekick.ini c:\program files (x86)\Savings Sidekick\Savings SidekickGui.exe c:\program files (x86)\Savings Sidekick\Savings SidekickInstaller.log c:\program files (x86)\Savings Sidekick\Uninstall.exe c:\program files (x86)\Yontoo c:\programdata\IBUpdaterService c:\programdata\IBUpdaterService\repository.xml c:\programdata\Sidekick Manager c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\bProtect.settings c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\501415fc0_202019f.dmp c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\501415fc0_202019f.gz c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\501522250_202019f.dmp c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\501522250_202019f.gz c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\501661e50_202019f.dmp c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\501661e50_202019f.gz c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\5017c95d0_202019f.dmp c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\5017c95d0_202019f.gz c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\5018ff610_202019f.dmp c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\5018ff610_202019f.gz c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\5019475b0_202019f.dmp c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\5019475b0_202019f.gz c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\501a431a0_202019f.dmp c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\501a431a0_202019f.gz c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\chrome.manifest c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\components\bprotector-10.0.2.dll c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\components\bprotector-11.0.dll c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\components\bprotector-12.0.dll c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\components\bprotector-13.0.dll c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\components\bprotector-14.0.1.dll c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\components\bprotector-3.6.dll c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\components\bprotector-3.6.xpt c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\components\bprotector-5.0.dll c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\components\bprotector-6.0.2.dll c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\components\bprotector-7.0.1.dll c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\components\bprotector-8.0.1.dll c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\components\bprotector-9.0.1.dll c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\content\bprotector.js c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\content\overlay.xul c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\install.rdf c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\sskmngr.dll c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\sskmngr.exe c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\traking_settings\00 c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\traking_settings\01 c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\traking_settings\02 c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\traking_settings\10 c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\traking_settings\11 c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\traking_settings\12 c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\traking_settings\20 c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\traking_settings\21 c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\traking_settings\22 c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\Uninstall Manager.exe c:\users\snowy\AppData\Local\Conduit c:\users\snowy\AppData\Local\Conduit\CT3227982\appbario8AutoUpdateHelper.exe c:\users\snowy\AppData\Local\Savings Sidekick c:\users\snowy\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx c:\windows\SysWow64\searchplugins . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Sidekick Manager -------\Service_Sidekick Manager . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))) . . 2012-08-02 13:19 . 2011-03-10 16:05 57928 ----a-w- c:\windows\system32\drivers\PSKMAD.sys 2012-08-02 13:16 . 2012-08-02 13:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-01 18:22 . 2012-08-01 18:22 -------- d-----w- c:\users\snowy\AppData\Roaming\Panda Security 2012-08-01 18:20 . 2012-08-01 18:20 -------- d-----w- c:\programdata\Panda Security 2012-08-01 18:20 . 2012-08-01 18:20 -------- d-----w- c:\program files (x86)\Panda Security 2012-08-01 12:15 . 2012-08-01 12:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-08-01 12:15 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-01 11:26 . 2012-08-01 11:26 -------- d-----w- c:\program files (x86)\Trend Micro 2012-07-31 17:16 . 2012-07-31 17:16 -------- d-----w- c:\windows\SysWow64\Extensions 2012-07-31 00:38 . 2012-07-31 00:38 -------- d-----w- c:\programdata\Great Secrets 2012-07-28 20:18 . 2012-07-28 20:18 -------- d-----w- c:\users\snowy\AppData\Roaming\Mystery of Mortlake Mansion 2012-07-28 09:44 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D8A0D0C-B639-45DE-ABB3-9B69587BF13F}\mpengine.dll 2012-07-28 09:37 . 2012-07-28 15:05 -------- d-----w- c:\programdata\HitmanPro 2012-07-28 09:22 . 2012-07-28 09:21 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe 2012-07-28 09:22 . 2012-07-28 09:21 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_555\uninstall.exe 2012-07-28 09:22 . 2012-07-28 09:21 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_540\uninstall.exe 2012-07-28 09:21 . 2012-07-28 09:21 -------- d-----w- c:\programdata\Hitman Pro 2012-07-23 22:01 . 2012-07-23 22:01 -------- d-----w- c:\users\snowy\AppData\Roaming\iMaxGen 2012-07-23 21:47 . 2012-07-23 21:47 -------- d-----w- c:\users\snowy\AppData\Roaming\HdO Adventure 2012-07-23 21:46 . 2012-07-23 21:46 -------- d-----w- c:\program files (x86)\MyPlayCity.com 2012-07-23 21:43 . 2012-07-28 20:15 -------- d-----w- c:\program files (x86)\GameTop.com 2012-07-13 19:09 . 2012-07-13 19:09 -------- d--h--w- c:\programdata\Photo Notifier and Animation Creator 2012-07-13 19:09 . 2012-07-13 19:09 -------- d-----w- c:\program files (x86)\Photo Notifier and Animation Creator 2012-07-13 19:08 . 2012-07-17 12:50 -------- d-----w- c:\users\snowy\AppData\Local\IM 2012-07-13 19:08 . 2012-07-17 12:44 -------- d-----w- c:\programdata\IncrediMail 2012-07-13 19:08 . 2012-07-13 19:09 -------- d--h--w- c:\programdata\IM 2012-07-13 05:02 . 2012-07-13 05:02 130088 ----a-w- c:\windows\system32\drivers\PSINProt.sys 2012-07-13 05:02 . 2012-07-13 05:02 205352 ----a-w- c:\windows\system32\drivers\PSINKNC.sys 2012-07-13 05:02 . 2012-07-13 05:02 123944 ----a-w- c:\windows\system32\drivers\PSINProc.sys 2012-07-13 05:02 . 2012-07-13 05:02 167464 ----a-w- c:\windows\system32\drivers\PSINAflt.sys 2012-07-13 05:02 . 2012-07-13 05:02 119336 ----a-w- c:\windows\system32\drivers\PSINFile.sys 2012-07-12 09:18 . 2012-07-12 09:18 219688 ----a-w- c:\windows\system32\drivers\NNSStrm.sys 2012-07-12 00:41 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 05:20 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 05:18 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-11 05:18 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2012-07-11 05:18 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2012-07-11 05:18 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll 2012-07-11 05:18 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2012-07-11 05:18 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2012-07-11 05:18 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll 2012-07-11 05:18 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll 2012-07-11 05:18 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll 2012-07-11 05:18 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-07-11 05:18 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-07-11 05:18 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll 2012-07-11 05:18 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll 2012-07-10 13:44 . 2012-07-10 13:44 -------- d-----w- C:\Games 2012-07-10 13:43 . 2012-07-10 13:43 -------- d-----w- c:\program files (x86)\RealArcade 2012-07-10 13:23 . 2012-07-10 13:25 -------- d-----w- c:\program files (x86)\Echoes of the Past - De Citadels der Tijd 2012-07-10 13:14 . 2012-07-22 23:01 -------- d-----w- c:\program files (x86)\Hidden Identity - Chicago Blackout 2012-07-10 11:55 . 2012-07-10 11:55 -------- d--h--w- c:\users\snowy\AppData\Roaming\TikisLab 2012-07-09 20:11 . 2012-07-17 12:51 -------- d-----w- c:\users\snowy\AppData\Local\TheCursedIsland 2012-07-09 15:07 . 2012-07-09 15:07 -------- d--h--w- c:\users\snowy\AppData\Roaming\Amulet_of_time 2012-07-09 14:28 . 2012-07-09 14:28 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2012-07-09 14:28 . 2012-07-09 14:28 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2012-07-09 14:28 . 2012-07-09 14:28 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2012-07-09 14:28 . 2012-07-09 14:28 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2012-07-09 14:28 . 2012-07-09 14:28 -------- d-----w- c:\program files (x86)\OpenAL 2012-07-09 00:02 . 2012-07-09 00:02 -------- d--h--w- c:\users\snowy\AppData\Roaming\tabagames 2012-07-05 16:45 . 2012-07-05 16:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-26 20:25 . 2012-04-03 08:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-26 20:25 . 2011-09-28 21:57 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 00:35 . 2011-09-30 22:44 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-27 13:51 . 2012-06-27 13:51 105000 ----a-w- c:\windows\system32\drivers\NNStlsc.sys 2012-06-27 13:51 . 2012-06-27 13:51 112680 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys 2012-06-27 13:51 . 2012-06-27 13:51 109096 ----a-w- c:\windows\system32\drivers\NNSPrv.sys 2012-06-27 13:51 . 2012-06-27 13:51 68648 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys 2012-06-27 13:51 . 2012-06-27 13:51 304680 ----a-w- c:\windows\system32\drivers\NNSProt.sys 2012-06-27 13:51 . 2012-06-27 13:51 116776 ----a-w- c:\windows\system32\drivers\NNSPop3.sys 2012-06-27 13:51 . 2012-06-27 13:51 93224 ----a-w- c:\windows\system32\drivers\NNSpicc.sys 2012-06-27 13:51 . 2012-06-27 13:51 33320 ----a-w- c:\windows\system32\drivers\NNSNAHSL.sys 2012-06-27 13:51 . 2012-06-27 13:51 113192 ----a-w- c:\windows\system32\drivers\NNSIds.sys 2012-06-27 13:51 . 2012-06-27 13:51 89128 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys 2012-06-27 13:51 . 2012-06-27 13:51 116776 ----a-w- c:\windows\system32\drivers\NNSHttp.sys 2012-06-02 22:19 . 2012-06-19 02:02 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-19 02:02 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-19 02:02 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-19 02:02 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-19 02:02 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-19 02:02 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-19 02:02 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-19 02:01 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:15 . 2012-06-19 02:01 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-05-31 10:25 . 2011-11-25 21:14 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-08-02_10.26.28 ))))))))))))))))))))))))))))))))))))))))) . + 2012-08-02 13:18 . 2012-08-02 13:18 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2012-08-02 00:19 . 2012-08-02 00:19 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2009-07-14 04:54 . 2012-08-02 08:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-08-02 13:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-08-02 13:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-08-02 08:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-08-02 13:22 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-08-02 08:52 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 05:10 . 2012-08-02 13:21 52938 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-09-26 09:51 . 2012-08-02 13:21 23622 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1153778155-1967841725-190187470-1001_UserData.bin - 2012-08-02 08:48 . 2012-08-02 08:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-02 13:19 . 2012-08-02 13:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-02 08:48 . 2012-08-02 08:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-08-02 13:19 . 2012-08-02 13:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-09-26 15:22 . 2012-08-02 12:56 438170 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 05:01 . 2012-08-02 00:18 235928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-08-02 13:17 235928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-09-28 22:47 . 2012-08-02 00:18 5021979 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1153778155-1967841725-190187470-1001-8192.dat + 2011-09-28 22:47 . 2012-08-02 13:17 5021979 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1153778155-1967841725-190187470-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-06-22 5283680] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-06-28 263936] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952] "Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-07-06 600688] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-05-01 3151512] "PSUAMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2012-06-27 33320] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 250056] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 246304] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-28 1255736] R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2012-06-27 68648] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-26 834544] S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2012-06-27 89128] S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2012-06-27 116776] S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2012-06-27 113192] S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2012-06-27 93224] S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2012-06-27 116776] S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2012-06-27 304680] S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2012-06-27 109096] S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2012-06-27 112680] S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2012-07-12 219688] S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2012-06-27 105000] S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2012-07-13 205352] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104] S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896] S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-07-13 140064] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744] S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-07-13 167464] S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2012-07-13 119336] S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2012-07-13 123944] S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2012-07-13 130088] S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-07-13 36640] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136] S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys [2011-03-10 57928] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . Inhoud van de 'Gedeelde Taken' map . 2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:25] . 2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 12:52] . 2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 12:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-14 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-14 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-14 365592] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208] "Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216] "combofix"="c:\combofix\CF23649.3XE" [2010-11-20 345088] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://packardbell.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe TCP: DhcpNameServer = 192.168.2.254 FF - ProfilePath - c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.autoDisableScopes - 14 FF - user.js: security.csp.enable - false FF - user.js: extentions.y2layers.installId - 85906e91-797c-4adc-b844-be8b54271663 FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-{0cc09160-108c-4759-bab1-5c12c216e005} - (no file) BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) AddRemove-appbario8 Toolbar - c:\program files (x86)\appbario8\uninstall.exe AddRemove-Savings Sidekick - c:\program files (x86)\Savings Sidekick\Uninstall.exe AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\Uninstall Manager.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1153778155-1967841725-190187470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1153778155-1967841725-190187470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe . ************************************************************************** . Voltooingstijd: 2012-08-02 16:15:34 - machine werd herstart ComboFix-quarantined-files.txt 2012-08-02 14:15 ComboFix2.txt 2012-08-02 11:01 . Pre-Run: 234.655.703.040 bytes beschikbaar Post-Run: 234.423.926.784 bytes beschikbaar . - - End Of File - - 37CB1D71ED7E471EA11E130C7EE139B2
  22. priscila49
    ComboFix 12-07-31.03 - snowy 02-08-2012 11:32:19.4.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.1978.1050 [GMT 2:00] Gestart vanuit: c:\users\snowy\Downloads\ComboFix.exe AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C} FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117} SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\boost_interprocess\20120802104653.500000 c:\programdata\boost_interprocess\20120802104653.500000\Nobu64AgentService c:\programdata\boost_interprocess\20120802104653.500000\Nobu64TrayIcon c:\programdata\JbC4WEbL0uhiwo c:\users\snowy\AppData\Roaming\log.txt c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome.manifest c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\background.html c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\browser.xul c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\crossrider.js c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\crossriderapi.js c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\dialog.js c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\options.js c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\options.xul c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\search_dialog.xul c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\update.html c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\defaults\preferences\prefs.js c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\install.rdf c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\locale\en-US\translations.dtd c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\button1.png c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\button2.png c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\button3.png c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\button4.png c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\button5.png c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\crossrider_statusbar.png c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\icon128.png c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\icon16.png c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\icon24.png c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\icon48.png c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\panelarrow-up.png c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\popup.css c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\popup.html c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\popup_binding.xml c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\skin.css c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\update.css . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))) . . 2012-08-02 10:26 . 2012-08-02 10:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-02 08:48 . 2011-03-10 16:05 57928 ----a-w- c:\windows\system32\drivers\PSKMAD.sys 2012-08-01 18:22 . 2012-08-01 18:22 -------- d-----w- c:\users\snowy\AppData\Roaming\Panda Security 2012-08-01 18:20 . 2012-08-01 18:20 -------- d-----w- c:\programdata\Panda Security 2012-08-01 18:20 . 2012-08-01 18:20 -------- d-----w- c:\program files (x86)\Panda Security 2012-08-01 12:15 . 2012-08-01 12:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-08-01 12:15 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-01 11:26 . 2012-08-01 11:26 -------- d-----w- c:\program files (x86)\Trend Micro 2012-07-31 17:16 . 2012-07-31 17:16 -------- d-----w- c:\windows\SysWow64\Extensions 2012-07-31 00:38 . 2012-07-31 00:38 -------- d-----w- c:\programdata\Great Secrets 2012-07-28 20:18 . 2012-07-28 20:18 -------- d-----w- c:\users\snowy\AppData\Roaming\Mystery of Mortlake Mansion 2012-07-28 09:44 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D8A0D0C-B639-45DE-ABB3-9B69587BF13F}\mpengine.dll 2012-07-28 09:37 . 2012-07-28 15:05 -------- d-----w- c:\programdata\HitmanPro 2012-07-28 09:22 . 2012-08-01 12:13 -------- d-----w- c:\program files (x86)\Yontoo 2012-07-28 09:22 . 2012-07-28 09:22 -------- d-----w- c:\programdata\IBUpdaterService 2012-07-28 09:22 . 2012-07-28 09:21 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe 2012-07-28 09:22 . 2012-07-28 09:22 -------- d-----w- c:\program files (x86)\Conduit 2012-07-28 09:22 . 2012-07-28 09:22 -------- d-----w- c:\users\snowy\AppData\Local\Conduit 2012-07-28 09:22 . 2012-08-01 12:13 -------- d-----w- c:\program files (x86)\appbario8 2012-07-28 09:22 . 2012-07-28 09:21 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_555\uninstall.exe 2012-07-28 09:22 . 2012-07-28 09:22 -------- d-----w- c:\windows\SysWow64\searchplugins 2012-07-28 09:22 . 2012-07-28 09:22 -------- d-----w- c:\programdata\Sidekick Manager 2012-07-28 09:22 . 2012-07-28 09:21 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_540\uninstall.exe 2012-07-28 09:21 . 2012-07-28 09:21 -------- d-----w- c:\users\snowy\AppData\Local\Savings Sidekick 2012-07-28 09:21 . 2012-08-01 12:13 -------- d-----w- c:\program files (x86)\Savings Sidekick 2012-07-28 09:21 . 2012-07-28 09:21 -------- d-----w- c:\programdata\Hitman Pro 2012-07-23 22:01 . 2012-07-23 22:01 -------- d-----w- c:\users\snowy\AppData\Roaming\iMaxGen 2012-07-23 21:47 . 2012-07-23 21:47 -------- d-----w- c:\users\snowy\AppData\Roaming\HdO Adventure 2012-07-23 21:46 . 2012-07-23 21:46 -------- d-----w- c:\program files (x86)\MyPlayCity.com 2012-07-23 21:43 . 2012-07-28 20:15 -------- d-----w- c:\program files (x86)\GameTop.com 2012-07-13 19:09 . 2012-07-13 19:09 -------- d--h--w- c:\programdata\Photo Notifier and Animation Creator 2012-07-13 19:09 . 2012-07-13 19:09 -------- d-----w- c:\program files (x86)\Photo Notifier and Animation Creator 2012-07-13 19:08 . 2012-07-17 12:50 -------- d-----w- c:\users\snowy\AppData\Local\IM 2012-07-13 19:08 . 2012-07-17 12:44 -------- d-----w- c:\programdata\IncrediMail 2012-07-13 19:08 . 2012-07-13 19:09 -------- d--h--w- c:\programdata\IM 2012-07-13 05:02 . 2012-07-13 05:02 130088 ----a-w- c:\windows\system32\drivers\PSINProt.sys 2012-07-13 05:02 . 2012-07-13 05:02 205352 ----a-w- c:\windows\system32\drivers\PSINKNC.sys 2012-07-13 05:02 . 2012-07-13 05:02 123944 ----a-w- c:\windows\system32\drivers\PSINProc.sys 2012-07-13 05:02 . 2012-07-13 05:02 167464 ----a-w- c:\windows\system32\drivers\PSINAflt.sys 2012-07-13 05:02 . 2012-07-13 05:02 119336 ----a-w- c:\windows\system32\drivers\PSINFile.sys 2012-07-12 09:18 . 2012-07-12 09:18 219688 ----a-w- c:\windows\system32\drivers\NNSStrm.sys 2012-07-12 00:41 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 05:20 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 05:18 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-11 05:18 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2012-07-11 05:18 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2012-07-11 05:18 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll 2012-07-11 05:18 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2012-07-11 05:18 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2012-07-11 05:18 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll 2012-07-11 05:18 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll 2012-07-11 05:18 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll 2012-07-11 05:18 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-07-11 05:18 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-07-11 05:18 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll 2012-07-11 05:18 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll 2012-07-10 13:44 . 2012-07-10 13:44 -------- d-----w- C:\Games 2012-07-10 13:43 . 2012-07-10 13:43 -------- d-----w- c:\program files (x86)\RealArcade 2012-07-10 13:23 . 2012-07-10 13:25 -------- d-----w- c:\program files (x86)\Echoes of the Past - De Citadels der Tijd 2012-07-10 13:14 . 2012-07-22 23:01 -------- d-----w- c:\program files (x86)\Hidden Identity - Chicago Blackout 2012-07-10 11:55 . 2012-07-10 11:55 -------- d--h--w- c:\users\snowy\AppData\Roaming\TikisLab 2012-07-09 20:11 . 2012-07-17 12:51 -------- d-----w- c:\users\snowy\AppData\Local\TheCursedIsland 2012-07-09 15:07 . 2012-07-09 15:07 -------- d--h--w- c:\users\snowy\AppData\Roaming\Amulet_of_time 2012-07-09 14:28 . 2012-07-09 14:28 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2012-07-09 14:28 . 2012-07-09 14:28 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2012-07-09 14:28 . 2012-07-09 14:28 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2012-07-09 14:28 . 2012-07-09 14:28 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2012-07-09 14:28 . 2012-07-09 14:28 -------- d-----w- c:\program files (x86)\OpenAL 2012-07-09 00:02 . 2012-07-09 00:02 -------- d--h--w- c:\users\snowy\AppData\Roaming\tabagames 2012-07-05 16:45 . 2012-07-05 16:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-26 20:25 . 2012-04-03 08:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-26 20:25 . 2011-09-28 21:57 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 00:35 . 2011-09-30 22:44 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-27 13:51 . 2012-06-27 13:51 105000 ----a-w- c:\windows\system32\drivers\NNStlsc.sys 2012-06-27 13:51 . 2012-06-27 13:51 112680 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys 2012-06-27 13:51 . 2012-06-27 13:51 109096 ----a-w- c:\windows\system32\drivers\NNSPrv.sys 2012-06-27 13:51 . 2012-06-27 13:51 68648 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys 2012-06-27 13:51 . 2012-06-27 13:51 304680 ----a-w- c:\windows\system32\drivers\NNSProt.sys 2012-06-27 13:51 . 2012-06-27 13:51 116776 ----a-w- c:\windows\system32\drivers\NNSPop3.sys 2012-06-27 13:51 . 2012-06-27 13:51 93224 ----a-w- c:\windows\system32\drivers\NNSpicc.sys 2012-06-27 13:51 . 2012-06-27 13:51 33320 ----a-w- c:\windows\system32\drivers\NNSNAHSL.sys 2012-06-27 13:51 . 2012-06-27 13:51 113192 ----a-w- c:\windows\system32\drivers\NNSIds.sys 2012-06-27 13:51 . 2012-06-27 13:51 89128 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys 2012-06-27 13:51 . 2012-06-27 13:51 116776 ----a-w- c:\windows\system32\drivers\NNSHttp.sys 2012-06-02 22:19 . 2012-06-19 02:02 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-19 02:02 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-19 02:02 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-19 02:02 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-19 02:02 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-19 02:02 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-19 02:02 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-19 02:01 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:15 . 2012-06-19 02:01 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-05-31 10:25 . 2011-11-25 21:14 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-04 11:06 . 2012-06-14 00:01 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-06-22 5283680] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-06-28 263936] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952] "Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-07-06 600688] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-05-01 3151512] "PSUAMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~3\SIDEKI~1\22513~1.159\{6F06C~1\sskmngr.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2012-06-27 33320] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 136176] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 250056] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 246304] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-28 1255736] R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2012-06-27 68648] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-26 834544] S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2012-06-27 89128] S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2012-06-27 116776] S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2012-06-27 113192] S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2012-06-27 93224] S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2012-06-27 116776] S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2012-06-27 304680] S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2012-06-27 109096] S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2012-06-27 112680] S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2012-07-12 219688] S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2012-06-27 105000] S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2012-07-13 205352] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104] S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896] S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-07-13 140064] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744] S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-07-13 167464] S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2012-07-13 119336] S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2012-07-13 123944] S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2012-07-13 130088] S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-07-13 36640] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Sidekick Manager;Sidekick Manager;c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\sskmngr.exe [2012-07-28 1691680] S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - PSKMAD . Inhoud van de 'Gedeelde Taken' map . 2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:25] . 2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 12:52] . 2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 12:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-14 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-14 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-14 365592] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208] "Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://packardbell.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe TCP: DhcpNameServer = 192.168.2.254 FF - ProfilePath - c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3227982&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=2&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.autoDisableScopes - 14 FF - user.js: security.csp.enable - false FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings FF - user.js: extensions.Softonic.autoRvrt - false FF - user.js: extensions.Softonic_i.hmpg - true FF - user.js: extensions.Softonic_i.hmpgUrl - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=13&cc= FF - user.js: extensions.Softonic.hpOld - FF - user.js: extensions.Softonic.hpNew - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=13&cc= FF - user.js: extensions.Softonic_i.dfltSrch - true FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic) FF - user.js: extensions.Softonic.keyWordUrl - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=2&cc=&q= FF - user.js: extensions.Softonic.dspOld - Google (Language: nl) FF - user.js: extensions.Softonic.dspNew - Search the web (Softonic) FF - user.js: extensions.Softonic_i.dnsErr - true FF - user.js: extensions.Softonic_i.newTab - true FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=15&cc= FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=1&cc=&q= FF - user.js: extensions.Softonic.id - d8f481be00000000000006659d69f6f9 FF - user.js: extensions.Softonic.instlDay - 15429 FF - user.js: extensions.Softonic.vrsn - 1.5.21.0 FF - user.js: extensions.Softonic.vrsni - 1.5.21.0 FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.21.015:49 FF - user.js: extensions.Softonic.prtnrId - softonic FF - user.js: extensions.Softonic.prdct - Softonic FF - user.js: extensions.Softonic.aflt - SD FF - user.js: extensions.Softonic_i.smplGrp - none FF - user.js: extensions.Softonic.tlbrId - base FF - user.js: extensions.Softonic.instlRef - MON00086 FF - user.js: extensions.Softonic.dfltLng - nl FF - user.js: extensions.Softonic.excTlbr - false FF - user.js: extensions.Softonic.admin - false FF - user.js: extentions.y2layers.installId - 85906e91-797c-4adc-b844-be8b54271663 FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-{0cc09160-108c-4759-bab1-5c12c216e005} - (no file) BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file) Toolbar-Locked - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) WebBrowser-{0CC09160-108C-4759-BAB1-5C12C216E005} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-PokerStars - c:\program files (x86)\PokerStars\PokerStarsUninstall.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1153778155-1967841725-190187470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1153778155-1967841725-190187470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-08-02 13:01:13 ComboFix-quarantined-files.txt 2012-08-02 11:01 . Pre-Run: 234.996.920.320 bytes beschikbaar Post-Run: 234.605.531.136 bytes beschikbaar . - - End Of File - - 6DF95F99941D3F24661279A3E79D542F annacht werd het h'm dus niet i.v.m. het onweer, maar heb het vanochtend laten lopen. Er staat in je vorige bericht; Belangrijk maak een shortcut van combofix heb echter nergens gezien hoe ik dit kon doen. hier de scan van combofix die uren gedraaid heeft. ComboFix 12-07-31.03 - snowy 02-08-2012 11:32:19.4.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.1978.1050 [GMT 2:00] Gestart vanuit: c:\users\snowy\Downloads\ComboFix.exe AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C} FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117} SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\boost_interprocess\20120802104653.500000 c:\programdata\boost_interprocess\20120802104653.500000\Nobu64AgentService c:\programdata\boost_interprocess\20120802104653.500000\Nobu64TrayIcon c:\programdata\JbC4WEbL0uhiwo c:\users\snowy\AppData\Roaming\log.txt c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome.manifest c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\background.html c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\browser.xul c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\crossrider.js c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\crossriderapi.js c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\dialog.js c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\options.js c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\options.xul c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\search_dialog.xul c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\update.html c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\defaults\preferences\prefs.js c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\install.rdf c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\locale\en-US\translations.dtd c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\button1.png c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\button2.png c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\button3.png c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\button4.png c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\button5.png c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\crossrider_statusbar.png c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\icon128.png c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\icon16.png c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\icon24.png c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\icon48.png c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\panelarrow-up.png c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\popup.css c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\popup.html c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\popup_binding.xml c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\skin.css c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\update.css . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))) . . 2012-08-02 10:26 . 2012-08-02 10:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-02 08:48 . 2011-03-10 16:05 57928 ----a-w- c:\windows\system32\drivers\PSKMAD.sys 2012-08-01 18:22 . 2012-08-01 18:22 -------- d-----w- c:\users\snowy\AppData\Roaming\Panda Security 2012-08-01 18:20 . 2012-08-01 18:20 -------- d-----w- c:\programdata\Panda Security 2012-08-01 18:20 . 2012-08-01 18:20 -------- d-----w- c:\program files (x86)\Panda Security 2012-08-01 12:15 . 2012-08-01 12:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-08-01 12:15 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-01 11:26 . 2012-08-01 11:26 -------- d-----w- c:\program files (x86)\Trend Micro 2012-07-31 17:16 . 2012-07-31 17:16 -------- d-----w- c:\windows\SysWow64\Extensions 2012-07-31 00:38 . 2012-07-31 00:38 -------- d-----w- c:\programdata\Great Secrets 2012-07-28 20:18 . 2012-07-28 20:18 -------- d-----w- c:\users\snowy\AppData\Roaming\Mystery of Mortlake Mansion 2012-07-28 09:44 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D8A0D0C-B639-45DE-ABB3-9B69587BF13F}\mpengine.dll 2012-07-28 09:37 . 2012-07-28 15:05 -------- d-----w- c:\programdata\HitmanPro 2012-07-28 09:22 . 2012-08-01 12:13 -------- d-----w- c:\program files (x86)\Yontoo 2012-07-28 09:22 . 2012-07-28 09:22 -------- d-----w- c:\programdata\IBUpdaterService 2012-07-28 09:22 . 2012-07-28 09:21 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe 2012-07-28 09:22 . 2012-07-28 09:22 -------- d-----w- c:\program files (x86)\Conduit 2012-07-28 09:22 . 2012-07-28 09:22 -------- d-----w- c:\users\snowy\AppData\Local\Conduit 2012-07-28 09:22 . 2012-08-01 12:13 -------- d-----w- c:\program files (x86)\appbario8 2012-07-28 09:22 . 2012-07-28 09:21 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_555\uninstall.exe 2012-07-28 09:22 . 2012-07-28 09:22 -------- d-----w- c:\windows\SysWow64\searchplugins 2012-07-28 09:22 . 2012-07-28 09:22 -------- d-----w- c:\programdata\Sidekick Manager 2012-07-28 09:22 . 2012-07-28 09:21 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_540\uninstall.exe 2012-07-28 09:21 . 2012-07-28 09:21 -------- d-----w- c:\users\snowy\AppData\Local\Savings Sidekick 2012-07-28 09:21 . 2012-08-01 12:13 -------- d-----w- c:\program files (x86)\Savings Sidekick 2012-07-28 09:21 . 2012-07-28 09:21 -------- d-----w- c:\programdata\Hitman Pro 2012-07-23 22:01 . 2012-07-23 22:01 -------- d-----w- c:\users\snowy\AppData\Roaming\iMaxGen 2012-07-23 21:47 . 2012-07-23 21:47 -------- d-----w- c:\users\snowy\AppData\Roaming\HdO Adventure 2012-07-23 21:46 . 2012-07-23 21:46 -------- d-----w- c:\program files (x86)\MyPlayCity.com 2012-07-23 21:43 . 2012-07-28 20:15 -------- d-----w- c:\program files (x86)\GameTop.com 2012-07-13 19:09 . 2012-07-13 19:09 -------- d--h--w- c:\programdata\Photo Notifier and Animation Creator 2012-07-13 19:09 . 2012-07-13 19:09 -------- d-----w- c:\program files (x86)\Photo Notifier and Animation Creator 2012-07-13 19:08 . 2012-07-17 12:50 -------- d-----w- c:\users\snowy\AppData\Local\IM 2012-07-13 19:08 . 2012-07-17 12:44 -------- d-----w- c:\programdata\IncrediMail 2012-07-13 19:08 . 2012-07-13 19:09 -------- d--h--w- c:\programdata\IM 2012-07-13 05:02 . 2012-07-13 05:02 130088 ----a-w- c:\windows\system32\drivers\PSINProt.sys 2012-07-13 05:02 . 2012-07-13 05:02 205352 ----a-w- c:\windows\system32\drivers\PSINKNC.sys 2012-07-13 05:02 . 2012-07-13 05:02 123944 ----a-w- c:\windows\system32\drivers\PSINProc.sys 2012-07-13 05:02 . 2012-07-13 05:02 167464 ----a-w- c:\windows\system32\drivers\PSINAflt.sys 2012-07-13 05:02 . 2012-07-13 05:02 119336 ----a-w- c:\windows\system32\drivers\PSINFile.sys 2012-07-12 09:18 . 2012-07-12 09:18 219688 ----a-w- c:\windows\system32\drivers\NNSStrm.sys 2012-07-12 00:41 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 05:20 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 05:18 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-11 05:18 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2012-07-11 05:18 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2012-07-11 05:18 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll 2012-07-11 05:18 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2012-07-11 05:18 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2012-07-11 05:18 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll 2012-07-11 05:18 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll 2012-07-11 05:18 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll 2012-07-11 05:18 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-07-11 05:18 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-07-11 05:18 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll 2012-07-11 05:18 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll 2012-07-10 13:44 . 2012-07-10 13:44 -------- d-----w- C:\Games 2012-07-10 13:43 . 2012-07-10 13:43 -------- d-----w- c:\program files (x86)\RealArcade 2012-07-10 13:23 . 2012-07-10 13:25 -------- d-----w- c:\program files (x86)\Echoes of the Past - De Citadels der Tijd 2012-07-10 13:14 . 2012-07-22 23:01 -------- d-----w- c:\program files (x86)\Hidden Identity - Chicago Blackout 2012-07-10 11:55 . 2012-07-10 11:55 -------- d--h--w- c:\users\snowy\AppData\Roaming\TikisLab 2012-07-09 20:11 . 2012-07-17 12:51 -------- d-----w- c:\users\snowy\AppData\Local\TheCursedIsland 2012-07-09 15:07 . 2012-07-09 15:07 -------- d--h--w- c:\users\snowy\AppData\Roaming\Amulet_of_time 2012-07-09 14:28 . 2012-07-09 14:28 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2012-07-09 14:28 . 2012-07-09 14:28 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2012-07-09 14:28 . 2012-07-09 14:28 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2012-07-09 14:28 . 2012-07-09 14:28 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2012-07-09 14:28 . 2012-07-09 14:28 -------- d-----w- c:\program files (x86)\OpenAL 2012-07-09 00:02 . 2012-07-09 00:02 -------- d--h--w- c:\users\snowy\AppData\Roaming\tabagames 2012-07-05 16:45 . 2012-07-05 16:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-26 20:25 . 2012-04-03 08:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-26 20:25 . 2011-09-28 21:57 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 00:35 . 2011-09-30 22:44 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-27 13:51 . 2012-06-27 13:51 105000 ----a-w- c:\windows\system32\drivers\NNStlsc.sys 2012-06-27 13:51 . 2012-06-27 13:51 112680 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys 2012-06-27 13:51 . 2012-06-27 13:51 109096 ----a-w- c:\windows\system32\drivers\NNSPrv.sys 2012-06-27 13:51 . 2012-06-27 13:51 68648 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys 2012-06-27 13:51 . 2012-06-27 13:51 304680 ----a-w- c:\windows\system32\drivers\NNSProt.sys 2012-06-27 13:51 . 2012-06-27 13:51 116776 ----a-w- c:\windows\system32\drivers\NNSPop3.sys 2012-06-27 13:51 . 2012-06-27 13:51 93224 ----a-w- c:\windows\system32\drivers\NNSpicc.sys 2012-06-27 13:51 . 2012-06-27 13:51 33320 ----a-w- c:\windows\system32\drivers\NNSNAHSL.sys 2012-06-27 13:51 . 2012-06-27 13:51 113192 ----a-w- c:\windows\system32\drivers\NNSIds.sys 2012-06-27 13:51 . 2012-06-27 13:51 89128 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys 2012-06-27 13:51 . 2012-06-27 13:51 116776 ----a-w- c:\windows\system32\drivers\NNSHttp.sys 2012-06-02 22:19 . 2012-06-19 02:02 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-19 02:02 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-19 02:02 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-19 02:02 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-19 02:02 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-19 02:02 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-19 02:02 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-19 02:01 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:15 . 2012-06-19 02:01 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-05-31 10:25 . 2011-11-25 21:14 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-04 11:06 . 2012-06-14 00:01 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-06-22 5283680] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-06-28 263936] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952] "Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-07-06 600688] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-05-01 3151512] "PSUAMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~3\SIDEKI~1\22513~1.159\{6F06C~1\sskmngr.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2012-06-27 33320] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 136176] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 250056] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 246304] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-28 1255736] R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2012-06-27 68648] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-26 834544] S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2012-06-27 89128] S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2012-06-27 116776] S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2012-06-27 113192] S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2012-06-27 93224] S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2012-06-27 116776] S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2012-06-27 304680] S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2012-06-27 109096] S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2012-06-27 112680] S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2012-07-12 219688] S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2012-06-27 105000] S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2012-07-13 205352] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104] S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896] S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-07-13 140064] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744] S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-07-13 167464] S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2012-07-13 119336] S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2012-07-13 123944] S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2012-07-13 130088] S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-07-13 36640] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Sidekick Manager;Sidekick Manager;c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\sskmngr.exe [2012-07-28 1691680] S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - PSKMAD . Inhoud van de 'Gedeelde Taken' map . 2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:25] . 2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 12:52] . 2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 12:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-14 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-14 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-14 365592] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208] "Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://packardbell.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe TCP: DhcpNameServer = 192.168.2.254 FF - ProfilePath - c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3227982&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=2&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.autoDisableScopes - 14 FF - user.js: security.csp.enable - false FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings FF - user.js: extensions.Softonic.autoRvrt - false FF - user.js: extensions.Softonic_i.hmpg - true FF - user.js: extensions.Softonic_i.hmpgUrl - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=13&cc= FF - user.js: extensions.Softonic.hpOld - FF - user.js: extensions.Softonic.hpNew - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=13&cc= FF - user.js: extensions.Softonic_i.dfltSrch - true FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic) FF - user.js: extensions.Softonic.keyWordUrl - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=2&cc=&q= FF - user.js: extensions.Softonic.dspOld - Google (Language: nl) FF - user.js: extensions.Softonic.dspNew - Search the web (Softonic) FF - user.js: extensions.Softonic_i.dnsErr - true FF - user.js: extensions.Softonic_i.newTab - true FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=15&cc= FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=1&cc=&q= FF - user.js: extensions.Softonic.id - d8f481be00000000000006659d69f6f9 FF - user.js: extensions.Softonic.instlDay - 15429 FF - user.js: extensions.Softonic.vrsn - 1.5.21.0 FF - user.js: extensions.Softonic.vrsni - 1.5.21.0 FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.21.015:49 FF - user.js: extensions.Softonic.prtnrId - softonic FF - user.js: extensions.Softonic.prdct - Softonic FF - user.js: extensions.Softonic.aflt - SD FF - user.js: extensions.Softonic_i.smplGrp - none FF - user.js: extensions.Softonic.tlbrId - base FF - user.js: extensions.Softonic.instlRef - MON00086 FF - user.js: extensions.Softonic.dfltLng - nl FF - user.js: extensions.Softonic.excTlbr - false FF - user.js: extensions.Softonic.admin - false FF - user.js: extentions.y2layers.installId - 85906e91-797c-4adc-b844-be8b54271663 FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-{0cc09160-108c-4759-bab1-5c12c216e005} - (no file) BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file) Toolbar-Locked - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) WebBrowser-{0CC09160-108C-4759-BAB1-5C12C216E005} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-PokerStars - c:\program files (x86)\PokerStars\PokerStarsUninstall.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1153778155-1967841725-190187470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1153778155-1967841725-190187470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-08-02 13:01:13 ComboFix-quarantined-files.txt 2012-08-02 11:01 . Pre-Run: 234.996.920.320 bytes beschikbaar Post-Run: 234.605.531.136 bytes beschikbaar . - - End Of File - - 6DF95F99941D3F24661279A3E79D542F
  23. priscila49
    Okay dank voor de uitleg, dan laat ik hem idd vannacht lopen.
  24. priscila49
    Okay het eerste gedeelte is vlekkeloos gegaan, echter met combofix blijft na 1 1/2 uur op bestand 48 staan en gaat niet verder. Wat nu? Had de virusscanner en firewall uitgschakeld staan. Bij combo-fix staat dat het scannen 10 minuten en bij zwaar besmette pc het dubbele dus 20 minuten nodig heeft maar 1 1/2 uur???? En op hetzelfde punt blijven staan??
  25. priscila49
    Oeps zie dat ik iets té enthousiast ben geweest, komt ik zag het niet geplakt worden in het berichtje wat waarschijnlijk wel gewoon is gebeurd excuses hiervoor.
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.