Ga naar inhoud

Virus help....


Aanbevolen berichten

Geplaatst: (aangepast)

kweezie,

Het probleem is dat ik maar over 1 (besmette) pc beschik. Hier op het werk kunnen we jammer genoeg niks downloaden.

Mag eventueel eens proberen om Hijack in veilige modus te proberen downloaden of gaat dat ook niet lukken?

aangepast door arrows
Link naar reactie
Delen op andere sites

  • Reacties 24
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Het lijkt mij gelukt om een log te maken

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:53:26, on 9/05/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16766)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

C:\Windows\PLFSetI.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe

C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe

C:\Program Files (x86)\AVG\AVG9\avgtray.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe

E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10835 bytes

Link naar reactie
Delen op andere sites

Niets abnormaal in dit logje buiten het feit dat je achter loopt met he versie van je AVG virusscanner.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

  • AVG en combofix gaan niet samen. Je moet AVG volledig verwijderen alvorens je combofix kan gebruiken.
    Verwijder AVG met de AVG Remover.
  • Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
  • ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
    **Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
  • Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Indien je problemen hebt bij het uitvoeren van ComboFix, gelieve dit te melden.

Als we klaar zijn met combofix, kan je gelijk de nieuwste versie downloaden. Neem de bovenste of de onderste link.

Link naar reactie
Delen op andere sites

Dag Kweezie Wabbit,

Allereerst erg bedankt voor de controle van men logje.

Het is inderdaad zo dat sinds ik via men USB stick Hijackthis heb laten scannen, de symptomen van het virus verdwenen zijn als sneeuw voor de zon????

Tot op heden niks van problemen meer gehad.

Dit is men combofix logje:

ComboFix 11-05-09.03 - Sven 10/05/2011 18:16:39.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.4091.2998 [GMT 2:00]

Gestart vanuit: c:\users\Sven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9SIGCB2\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\gG01803OeIhA01803

c:\programdata\gG01803OeIhA01803\gG01803OeIhA01803

c:\programdata\gG01803OeIhA01803\gG01803OeIhA01803.exe

c:\users\Sven\AppData\Roaming\.#

c:\users\Sven\AppData\Roaming\.#\MBX@D58@292770.###

c:\users\Sven\AppData\Roaming\.#\MBX@D58@2927A0.###

c:\windows\wintybrdf.jpg

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-04-10 to 2011-05-10 ))))))))))))))))))))))))))))))

.

.

2011-05-10 16:28 . 2011-05-10 16:28 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-10 16:11 . 2011-05-10 16:11 -------- d-----w- c:\users\Sven\AppData\Local\{5194CA1C-9C78-4EB7-8BFC-43F0899AB35E}

2011-05-10 04:10 . 2011-05-10 04:10 -------- d-----w- c:\users\Sven\AppData\Local\{431B2D69-72C4-49BF-B07D-93524EC15A86}

2011-05-09 18:02 . 2011-05-09 18:02 388096 ----a-r- c:\users\Sven\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-09 16:09 . 2011-05-09 16:10 -------- d-----w- c:\users\Sven\AppData\Local\{C9EFDC49-5586-4F22-A786-AF24A24A0E00}

2011-05-08 06:31 . 2011-05-08 06:31 -------- d-----w- c:\users\Sven\AppData\Local\{77EF650C-992B-4F75-8569-CD6678CC5050}

2011-05-07 06:22 . 2011-05-07 06:22 -------- d-----w- c:\users\Sven\AppData\Local\{16E20478-2D22-4968-9E46-4B4F2C0F11A5}

2011-05-06 18:03 . 2011-05-06 18:03 -------- d-----w- c:\users\Sven\AppData\Local\{3BAA3AFE-241B-48C0-81B6-873AABD04AE4}

2011-05-05 17:31 . 2011-05-05 17:31 -------- d-----w- c:\users\Sven\AppData\Local\{D5A5B592-6889-4AD0-9EF1-A0A1E8F53B67}

2011-05-04 16:51 . 2011-05-04 16:51 -------- d-----w- c:\users\Sven\AppData\Local\{D634CB66-151F-4556-886E-339455525E74}

2011-05-03 17:00 . 2011-05-03 17:00 -------- d-----w- c:\users\Sven\AppData\Local\{22176266-D9AB-46BF-B5BE-F0D1476A78B4}

2011-05-02 16:29 . 2011-05-02 16:29 -------- d-----w- c:\users\Sven\AppData\Local\{7030AC68-3627-41AD-995D-22C271ECD3E3}

2011-05-01 18:57 . 2011-05-01 18:57 -------- d-----w- c:\users\Sven\AppData\Local\{943BDD36-953F-475B-865D-1E97BD8201BD}

2011-05-01 06:56 . 2011-05-01 06:56 -------- d-----w- c:\users\Sven\AppData\Local\{C0CE9147-A0B2-4920-99C5-D3B5E86C6A73}

2011-04-30 14:54 . 2011-04-30 14:54 -------- d-----w- c:\users\Sven\AppData\Local\{D7F99C48-F2E5-45C5-8521-A89E84252657}

2011-04-29 16:26 . 2011-04-29 16:26 -------- d-----w- c:\users\Sven\AppData\Local\{4D2EE73B-E5A6-485D-9A6A-869E9E4EBFB4}

2011-04-28 17:05 . 2011-04-28 17:05 -------- d-----w- c:\users\Sven\AppData\Local\{B3A5FAD4-885F-4961-9684-BC02C92AF6EE}

2011-04-27 17:24 . 2011-04-27 17:24 -------- d-----w- c:\users\Sven\AppData\Local\{E8FDC932-06D0-4A0F-9095-1E57204C079D}

2011-04-26 17:12 . 2011-04-26 17:12 -------- d-----w- c:\users\Sven\AppData\Local\{67F563DA-161D-4ECB-93E1-DD86E13E234C}

2011-04-25 16:56 . 2011-04-25 16:56 -------- d-----w- c:\users\Sven\AppData\Local\{253D6A90-E429-4334-B1C0-E2E07F886C1C}

2011-04-24 18:17 . 2011-04-24 18:18 -------- d-----w- c:\users\Sven\AppData\Local\{19A5A80B-5716-4E88-89B6-EEC932064809}

2011-04-24 05:54 . 2011-04-24 05:54 -------- d-----w- c:\users\Sven\AppData\Local\{2FE9BE33-A542-4E71-A069-BEAD8E204192}

2011-04-23 16:08 . 2011-04-23 16:08 -------- d-----w- c:\users\Sven\AppData\Local\{7ECC12FA-47EF-4300-89AF-C4D6B6EF1C0D}

2011-04-22 16:55 . 2011-04-22 16:56 -------- d-----w- c:\users\Sven\AppData\Local\{0F71727A-9167-4F92-8319-26CB0F349F8F}

2011-04-21 17:53 . 2011-04-21 17:53 -------- d-----w- c:\users\Sven\AppData\Local\{AC5E5B32-6967-4DA9-A993-DC4E5C080D1F}

2011-04-20 17:35 . 2011-04-20 17:35 -------- d-----w- c:\users\Sven\AppData\Local\{87B7CF0A-CFE4-47F8-B9B7-1B93F50AA378}

2011-04-18 20:09 . 2011-04-18 20:09 -------- d-----w- C:\290c2e9b29d72f0f45e5

2011-04-18 17:39 . 2011-04-18 17:39 -------- d-----w- c:\users\Sven\AppData\Local\{08C9B72C-9E10-4729-936E-7B837939EC37}

2011-04-17 16:33 . 2011-04-17 16:33 -------- d--h--w- c:\programdata\Common Files

2011-04-17 16:27 . 2011-04-17 16:28 -------- d-----w- c:\users\Sven\AppData\Local\{105C6E71-D73B-4D0A-9B59-A36D81AE3E08}

2011-04-16 20:26 . 2011-04-16 20:26 -------- d-----w- C:\3327e58467bc60de6a950f96

2011-04-16 18:39 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2011-04-16 18:39 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2011-04-16 16:57 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll

2011-04-16 16:57 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll

2011-04-16 16:57 . 2010-10-27 05:06 2048 ----a-w- c:\windows\system32\tzres.dll

2011-04-16 16:57 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-04-16 16:45 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-16 16:28 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-04 06:17 . 2011-04-26 17:20 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:17 . 2011-04-26 17:20 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]

"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]

"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-06 419112]

"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-06 181480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]

S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 08:43]

.

2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 08:43]

.

2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2726101024-492574099-2719201097-1000Core.job

- c:\users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-06 17:53]

.

2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2726101024-492574099-2719201097-1000UA.job

- c:\users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-06 17:53]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]

"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_7736&r=27360110g626l03d8z175t58k1a984

mLocal Page = c:\windows\SysWOW64\blank.htm

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

SafeBoot-mcmscsvc

SafeBoot-MCODS

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2011-05-10 18:32:52

ComboFix-quarantined-files.txt 2011-05-10 16:32

.

Pre-Run: 580.976.582.656 bytes beschikbaar

Post-Run: 580.812.140.544 bytes beschikbaar

.

- - End Of File - - C5E505FF8823587E24B8885666A5830B

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\users\Sven\AppData\Local\{5194CA1C-9C78-4EB7-8BFC-43F0899AB35E}

c:\users\Sven\AppData\Local\{431B2D69-72C4-49BF-B07D-93524EC15A86}

c:\users\Sven\AppData\Local\{C9EFDC49-5586-4F22-A786-AF24A24A0E00}

c:\users\Sven\AppData\Local\{77EF650C-992B-4F75-8569-CD6678CC5050}

c:\users\Sven\AppData\Local\{16E20478-2D22-4968-9E46-4B4F2C0F11A5}

c:\users\Sven\AppData\Local\{3BAA3AFE-241B-48C0-81B6-873AABD04AE4}

c:\users\Sven\AppData\Local\{D5A5B592-6889-4AD0-9EF1-A0A1E8F53B67}

c:\users\Sven\AppData\Local\{D634CB66-151F-4556-886E-339455525E74}

c:\users\Sven\AppData\Local\{22176266-D9AB-46BF-B5BE-F0D1476A78B4}

c:\users\Sven\AppData\Local\{7030AC68-3627-41AD-995D-22C271ECD3E3}

c:\users\Sven\AppData\Local\{943BDD36-953F-475B-865D-1E97BD8201BD}

c:\users\Sven\AppData\Local\{C0CE9147-A0B2-4920-99C5-D3B5E86C6A73}

c:\users\Sven\AppData\Local\{D7F99C48-F2E5-45C5-8521-A89E84252657}

c:\users\Sven\AppData\Local\{4D2EE73B-E5A6-485D-9A6A-869E9E4EBFB4}

c:\users\Sven\AppData\Local\{B3A5FAD4-885F-4961-9684-BC02C92AF6EE}

c:\users\Sven\AppData\Local\{E8FDC932-06D0-4A0F-9095-1E57204C079D}

c:\users\Sven\AppData\Local\{67F563DA-161D-4ECB-93E1-DD86E13E234C}

c:\users\Sven\AppData\Local\{253D6A90-E429-4334-B1C0-E2E07F886C1C}

c:\users\Sven\AppData\Local\{19A5A80B-5716-4E88-89B6-EEC932064809}

c:\users\Sven\AppData\Local\{2FE9BE33-A542-4E71-A069-BEAD8E204192}

c:\users\Sven\AppData\Local\{7ECC12FA-47EF-4300-89AF-C4D6B6EF1C0D}

c:\users\Sven\AppData\Local\{0F71727A-9167-4F92-8319-26CB0F349F8F}

c:\users\Sven\AppData\Local\{AC5E5B32-6967-4DA9-A993-DC4E5C080D1F}

c:\users\Sven\AppData\Local\{87B7CF0A-CFE4-47F8-B9B7-1B93F50AA378}

C:\290c2e9b29d72f0f45e5

c:\users\Sven\AppData\Local\{105C6E71-D73B-4D0A-9B59-A36D81AE3E08}

C:\3327e58467bc60de6a950f96

c:\users\Sven\AppData\Local\{08C9B72C-9E10-4729-936E-7B837939EC37}

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

Hopelijk is het gelukt:

In bijlage het nieuwe logje... Alvast bedankt voor de controle hiervan.

ComboFix 11-05-10.01 - Sven 11/05/2011 7:04.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.4091.2946 [GMT 2:00]

Gestart vanuit: c:\users\Sven\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Sven\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\290c2e9b29d72f0f45e5

c:\290c2e9b29d72f0f45e5\1025\eula.rtf

c:\290c2e9b29d72f0f45e5\1025\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\1025\SetupResources.dll

c:\290c2e9b29d72f0f45e5\1028\eula.rtf

c:\290c2e9b29d72f0f45e5\1028\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\1028\SetupResources.dll

c:\290c2e9b29d72f0f45e5\1029\eula.rtf

c:\290c2e9b29d72f0f45e5\1029\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\1029\SetupResources.dll

c:\290c2e9b29d72f0f45e5\1030\eula.rtf

c:\290c2e9b29d72f0f45e5\1030\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\1030\SetupResources.dll

c:\290c2e9b29d72f0f45e5\1031\eula.rtf

c:\290c2e9b29d72f0f45e5\1031\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\1031\SetupResources.dll

c:\290c2e9b29d72f0f45e5\1032\eula.rtf

c:\290c2e9b29d72f0f45e5\1032\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\1032\SetupResources.dll

c:\290c2e9b29d72f0f45e5\1033\eula.rtf

c:\290c2e9b29d72f0f45e5\1033\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\1033\SetupResources.dll

c:\290c2e9b29d72f0f45e5\1035\eula.rtf

c:\290c2e9b29d72f0f45e5\1035\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\1035\SetupResources.dll

c:\290c2e9b29d72f0f45e5\1036\eula.rtf

c:\290c2e9b29d72f0f45e5\1036\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\1036\SetupResources.dll

c:\290c2e9b29d72f0f45e5\1037\eula.rtf

c:\290c2e9b29d72f0f45e5\1037\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\1037\SetupResources.dll

c:\290c2e9b29d72f0f45e5\1038\eula.rtf

c:\290c2e9b29d72f0f45e5\1038\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\1038\SetupResources.dll

c:\290c2e9b29d72f0f45e5\1040\eula.rtf

c:\290c2e9b29d72f0f45e5\1040\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\1040\SetupResources.dll

c:\290c2e9b29d72f0f45e5\1041\eula.rtf

c:\290c2e9b29d72f0f45e5\1041\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\1041\SetupResources.dll

c:\290c2e9b29d72f0f45e5\1042\eula.rtf

c:\290c2e9b29d72f0f45e5\1042\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\1042\SetupResources.dll

c:\290c2e9b29d72f0f45e5\1043\eula.rtf

c:\290c2e9b29d72f0f45e5\1043\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\1043\SetupResources.dll

c:\290c2e9b29d72f0f45e5\1044\eula.rtf

c:\290c2e9b29d72f0f45e5\1044\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\1044\SetupResources.dll

c:\290c2e9b29d72f0f45e5\1045\eula.rtf

c:\290c2e9b29d72f0f45e5\1045\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\1045\SetupResources.dll

c:\290c2e9b29d72f0f45e5\1046\eula.rtf

c:\290c2e9b29d72f0f45e5\1046\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\1046\SetupResources.dll

c:\290c2e9b29d72f0f45e5\1049\eula.rtf

c:\290c2e9b29d72f0f45e5\1049\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\1049\SetupResources.dll

c:\290c2e9b29d72f0f45e5\1053\eula.rtf

c:\290c2e9b29d72f0f45e5\1053\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\1053\SetupResources.dll

c:\290c2e9b29d72f0f45e5\1055\eula.rtf

c:\290c2e9b29d72f0f45e5\1055\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\1055\SetupResources.dll

c:\290c2e9b29d72f0f45e5\2052\eula.rtf

c:\290c2e9b29d72f0f45e5\2052\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\2052\SetupResources.dll

c:\290c2e9b29d72f0f45e5\2070\eula.rtf

c:\290c2e9b29d72f0f45e5\2070\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\2070\SetupResources.dll

c:\290c2e9b29d72f0f45e5\3076\eula.rtf

c:\290c2e9b29d72f0f45e5\3076\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\3076\SetupResources.dll

c:\290c2e9b29d72f0f45e5\3082\eula.rtf

c:\290c2e9b29d72f0f45e5\3082\LocalizedData.xml

c:\290c2e9b29d72f0f45e5\3082\SetupResources.dll

c:\290c2e9b29d72f0f45e5\Client\ParameterInfo.xml

c:\290c2e9b29d72f0f45e5\Client\UiInfo.xml

c:\290c2e9b29d72f0f45e5\DHtmlHeader.html

c:\290c2e9b29d72f0f45e5\DisplayIcon.ico

c:\290c2e9b29d72f0f45e5\Graphics\Print.ico

c:\290c2e9b29d72f0f45e5\Graphics\Rotate1.ico

c:\290c2e9b29d72f0f45e5\Graphics\Rotate2.ico

c:\290c2e9b29d72f0f45e5\Graphics\Rotate3.ico

c:\290c2e9b29d72f0f45e5\Graphics\Rotate4.ico

c:\290c2e9b29d72f0f45e5\Graphics\Rotate5.ico

c:\290c2e9b29d72f0f45e5\Graphics\Rotate6.ico

c:\290c2e9b29d72f0f45e5\Graphics\Rotate7.ico

c:\290c2e9b29d72f0f45e5\Graphics\Rotate8.ico

c:\290c2e9b29d72f0f45e5\Graphics\Save.ico

c:\290c2e9b29d72f0f45e5\Graphics\Setup.ico

c:\290c2e9b29d72f0f45e5\Graphics\stop.ico

c:\290c2e9b29d72f0f45e5\Graphics\SysReqMet.ico

c:\290c2e9b29d72f0f45e5\Graphics\SysReqNotMet.ico

c:\290c2e9b29d72f0f45e5\Graphics\warn.ico

c:\290c2e9b29d72f0f45e5\header.bmp

c:\290c2e9b29d72f0f45e5\netfx_Core.mzz

c:\290c2e9b29d72f0f45e5\netfx_Core_x64.msi

c:\290c2e9b29d72f0f45e5\netfx_Core_x86.msi

c:\290c2e9b29d72f0f45e5\Parameterinfo.xml

c:\290c2e9b29d72f0f45e5\RGB9RAST_x64.msi

c:\290c2e9b29d72f0f45e5\RGB9Rast_x86.msi

c:\290c2e9b29d72f0f45e5\Setup.exe

c:\290c2e9b29d72f0f45e5\SetupEngine.dll

c:\290c2e9b29d72f0f45e5\SetupUi.dll

c:\290c2e9b29d72f0f45e5\SetupUi.xsd

c:\290c2e9b29d72f0f45e5\SetupUtility.exe

c:\290c2e9b29d72f0f45e5\SplashScreen.bmp

c:\290c2e9b29d72f0f45e5\sqmapi.dll

c:\290c2e9b29d72f0f45e5\Strings.xml

c:\290c2e9b29d72f0f45e5\UiInfo.xml

c:\290c2e9b29d72f0f45e5\watermark.bmp

c:\290c2e9b29d72f0f45e5\Windows6.0-KB956250-v6001-x64.msu

c:\290c2e9b29d72f0f45e5\Windows6.0-KB956250-v6001-x86.msu

c:\290c2e9b29d72f0f45e5\Windows6.1-KB958488-v6001-x64.msu

c:\290c2e9b29d72f0f45e5\Windows6.1-KB958488-v6001-x86.msu

C:\3327e58467bc60de6a950f96

c:\3327e58467bc60de6a950f96\1025\eula.rtf

c:\3327e58467bc60de6a950f96\1025\LocalizedData.xml

c:\3327e58467bc60de6a950f96\1025\SetupResources.dll

c:\3327e58467bc60de6a950f96\1028\eula.rtf

c:\3327e58467bc60de6a950f96\1028\LocalizedData.xml

c:\3327e58467bc60de6a950f96\1028\SetupResources.dll

c:\3327e58467bc60de6a950f96\1029\eula.rtf

c:\3327e58467bc60de6a950f96\1029\LocalizedData.xml

c:\3327e58467bc60de6a950f96\1029\SetupResources.dll

c:\3327e58467bc60de6a950f96\1030\eula.rtf

c:\3327e58467bc60de6a950f96\1030\LocalizedData.xml

c:\3327e58467bc60de6a950f96\1030\SetupResources.dll

c:\3327e58467bc60de6a950f96\1031\eula.rtf

c:\3327e58467bc60de6a950f96\1031\LocalizedData.xml

c:\3327e58467bc60de6a950f96\1031\SetupResources.dll

c:\3327e58467bc60de6a950f96\1032\eula.rtf

c:\3327e58467bc60de6a950f96\1032\LocalizedData.xml

c:\3327e58467bc60de6a950f96\1032\SetupResources.dll

c:\3327e58467bc60de6a950f96\1033\eula.rtf

c:\3327e58467bc60de6a950f96\1033\LocalizedData.xml

c:\3327e58467bc60de6a950f96\1033\SetupResources.dll

c:\3327e58467bc60de6a950f96\1035\eula.rtf

c:\3327e58467bc60de6a950f96\1035\LocalizedData.xml

c:\3327e58467bc60de6a950f96\1035\SetupResources.dll

c:\3327e58467bc60de6a950f96\1036\eula.rtf

c:\3327e58467bc60de6a950f96\1036\LocalizedData.xml

c:\3327e58467bc60de6a950f96\1036\SetupResources.dll

c:\3327e58467bc60de6a950f96\1037\eula.rtf

c:\3327e58467bc60de6a950f96\1037\LocalizedData.xml

c:\3327e58467bc60de6a950f96\1037\SetupResources.dll

c:\3327e58467bc60de6a950f96\1038\eula.rtf

c:\3327e58467bc60de6a950f96\1038\LocalizedData.xml

c:\3327e58467bc60de6a950f96\1038\SetupResources.dll

c:\3327e58467bc60de6a950f96\1040\eula.rtf

c:\3327e58467bc60de6a950f96\1040\LocalizedData.xml

c:\3327e58467bc60de6a950f96\1040\SetupResources.dll

c:\3327e58467bc60de6a950f96\1041\eula.rtf

c:\3327e58467bc60de6a950f96\1041\LocalizedData.xml

c:\3327e58467bc60de6a950f96\1041\SetupResources.dll

c:\3327e58467bc60de6a950f96\1042\eula.rtf

c:\3327e58467bc60de6a950f96\1042\LocalizedData.xml

c:\3327e58467bc60de6a950f96\1042\SetupResources.dll

c:\3327e58467bc60de6a950f96\1043\eula.rtf

c:\3327e58467bc60de6a950f96\1043\LocalizedData.xml

c:\3327e58467bc60de6a950f96\1043\SetupResources.dll

c:\3327e58467bc60de6a950f96\1044\eula.rtf

c:\3327e58467bc60de6a950f96\1044\LocalizedData.xml

c:\3327e58467bc60de6a950f96\1044\SetupResources.dll

c:\3327e58467bc60de6a950f96\1045\eula.rtf

c:\3327e58467bc60de6a950f96\1045\LocalizedData.xml

c:\3327e58467bc60de6a950f96\1045\SetupResources.dll

c:\3327e58467bc60de6a950f96\1046\eula.rtf

c:\3327e58467bc60de6a950f96\1046\LocalizedData.xml

c:\3327e58467bc60de6a950f96\1046\SetupResources.dll

c:\3327e58467bc60de6a950f96\1049\eula.rtf

c:\3327e58467bc60de6a950f96\1049\LocalizedData.xml

c:\3327e58467bc60de6a950f96\1049\SetupResources.dll

c:\3327e58467bc60de6a950f96\1053\eula.rtf

c:\3327e58467bc60de6a950f96\1053\LocalizedData.xml

c:\3327e58467bc60de6a950f96\1053\SetupResources.dll

c:\3327e58467bc60de6a950f96\1055\eula.rtf

c:\3327e58467bc60de6a950f96\1055\LocalizedData.xml

c:\3327e58467bc60de6a950f96\1055\SetupResources.dll

c:\3327e58467bc60de6a950f96\2052\eula.rtf

c:\3327e58467bc60de6a950f96\2052\LocalizedData.xml

c:\3327e58467bc60de6a950f96\2052\SetupResources.dll

c:\3327e58467bc60de6a950f96\2070\eula.rtf

c:\3327e58467bc60de6a950f96\2070\LocalizedData.xml

c:\3327e58467bc60de6a950f96\2070\SetupResources.dll

c:\3327e58467bc60de6a950f96\3076\eula.rtf

c:\3327e58467bc60de6a950f96\3076\LocalizedData.xml

c:\3327e58467bc60de6a950f96\3076\SetupResources.dll

c:\3327e58467bc60de6a950f96\3082\eula.rtf

c:\3327e58467bc60de6a950f96\3082\LocalizedData.xml

c:\3327e58467bc60de6a950f96\3082\SetupResources.dll

c:\3327e58467bc60de6a950f96\Client\ParameterInfo.xml

c:\3327e58467bc60de6a950f96\Client\UiInfo.xml

c:\3327e58467bc60de6a950f96\DHtmlHeader.html

c:\3327e58467bc60de6a950f96\DisplayIcon.ico

c:\3327e58467bc60de6a950f96\Graphics\Print.ico

c:\3327e58467bc60de6a950f96\Graphics\Rotate1.ico

c:\3327e58467bc60de6a950f96\Graphics\Rotate2.ico

c:\3327e58467bc60de6a950f96\Graphics\Rotate3.ico

c:\3327e58467bc60de6a950f96\Graphics\Rotate4.ico

c:\3327e58467bc60de6a950f96\Graphics\Rotate5.ico

c:\3327e58467bc60de6a950f96\Graphics\Rotate6.ico

c:\3327e58467bc60de6a950f96\Graphics\Rotate7.ico

c:\3327e58467bc60de6a950f96\Graphics\Rotate8.ico

c:\3327e58467bc60de6a950f96\Graphics\Save.ico

c:\3327e58467bc60de6a950f96\Graphics\Setup.ico

c:\3327e58467bc60de6a950f96\Graphics\stop.ico

c:\3327e58467bc60de6a950f96\Graphics\SysReqMet.ico

c:\3327e58467bc60de6a950f96\Graphics\SysReqNotMet.ico

c:\3327e58467bc60de6a950f96\Graphics\warn.ico

c:\3327e58467bc60de6a950f96\header.bmp

c:\3327e58467bc60de6a950f96\netfx_Core.mzz

c:\3327e58467bc60de6a950f96\netfx_Core_x64.msi

c:\3327e58467bc60de6a950f96\netfx_Core_x86.msi

c:\3327e58467bc60de6a950f96\Parameterinfo.xml

c:\3327e58467bc60de6a950f96\RGB9RAST_x64.msi

c:\3327e58467bc60de6a950f96\RGB9Rast_x86.msi

c:\3327e58467bc60de6a950f96\Setup.exe

c:\3327e58467bc60de6a950f96\SetupEngine.dll

c:\3327e58467bc60de6a950f96\SetupUi.dll

c:\3327e58467bc60de6a950f96\SetupUi.xsd

c:\3327e58467bc60de6a950f96\SetupUtility.exe

c:\3327e58467bc60de6a950f96\SplashScreen.bmp

c:\3327e58467bc60de6a950f96\sqmapi.dll

c:\3327e58467bc60de6a950f96\Strings.xml

c:\3327e58467bc60de6a950f96\UiInfo.xml

c:\3327e58467bc60de6a950f96\watermark.bmp

c:\3327e58467bc60de6a950f96\Windows6.0-KB956250-v6001-x64.msu

c:\3327e58467bc60de6a950f96\Windows6.0-KB956250-v6001-x86.msu

c:\3327e58467bc60de6a950f96\Windows6.1-KB958488-v6001-x64.msu

c:\3327e58467bc60de6a950f96\Windows6.1-KB958488-v6001-x86.msu

c:\users\Sven\AppData\Local\{08C9B72C-9E10-4729-936E-7B837939EC37}

c:\users\Sven\AppData\Local\{0F71727A-9167-4F92-8319-26CB0F349F8F}

c:\users\Sven\AppData\Local\{105C6E71-D73B-4D0A-9B59-A36D81AE3E08}

c:\users\Sven\AppData\Local\{16E20478-2D22-4968-9E46-4B4F2C0F11A5}

c:\users\Sven\AppData\Local\{19A5A80B-5716-4E88-89B6-EEC932064809}

c:\users\Sven\AppData\Local\{22176266-D9AB-46BF-B5BE-F0D1476A78B4}

c:\users\Sven\AppData\Local\{253D6A90-E429-4334-B1C0-E2E07F886C1C}

c:\users\Sven\AppData\Local\{2FE9BE33-A542-4E71-A069-BEAD8E204192}

c:\users\Sven\AppData\Local\{3BAA3AFE-241B-48C0-81B6-873AABD04AE4}

c:\users\Sven\AppData\Local\{431B2D69-72C4-49BF-B07D-93524EC15A86}

c:\users\Sven\AppData\Local\{4D2EE73B-E5A6-485D-9A6A-869E9E4EBFB4}

c:\users\Sven\AppData\Local\{5194CA1C-9C78-4EB7-8BFC-43F0899AB35E}

c:\users\Sven\AppData\Local\{67F563DA-161D-4ECB-93E1-DD86E13E234C}

c:\users\Sven\AppData\Local\{7030AC68-3627-41AD-995D-22C271ECD3E3}

c:\users\Sven\AppData\Local\{77EF650C-992B-4F75-8569-CD6678CC5050}

c:\users\Sven\AppData\Local\{7ECC12FA-47EF-4300-89AF-C4D6B6EF1C0D}

c:\users\Sven\AppData\Local\{87B7CF0A-CFE4-47F8-B9B7-1B93F50AA378}

c:\users\Sven\AppData\Local\{943BDD36-953F-475B-865D-1E97BD8201BD}

c:\users\Sven\AppData\Local\{AC5E5B32-6967-4DA9-A993-DC4E5C080D1F}

c:\users\Sven\AppData\Local\{B3A5FAD4-885F-4961-9684-BC02C92AF6EE}

c:\users\Sven\AppData\Local\{C0CE9147-A0B2-4920-99C5-D3B5E86C6A73}

c:\users\Sven\AppData\Local\{C9EFDC49-5586-4F22-A786-AF24A24A0E00}

c:\users\Sven\AppData\Local\{D5A5B592-6889-4AD0-9EF1-A0A1E8F53B67}

c:\users\Sven\AppData\Local\{D634CB66-151F-4556-886E-339455525E74}

c:\users\Sven\AppData\Local\{D7F99C48-F2E5-45C5-8521-A89E84252657}

c:\users\Sven\AppData\Local\{E8FDC932-06D0-4A0F-9095-1E57204C079D}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-04-11 to 2011-05-11 ))))))))))))))))))))))))))))))

.

.

2011-05-11 05:16 . 2011-05-11 05:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-11 05:16 . 2011-05-11 05:16 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2011-05-11 04:20 . 2011-05-11 04:21 -------- d-----w- c:\users\Sven\AppData\Local\{6D907A33-42F4-4D1A-9A4F-61A992066B05}

2011-05-09 18:02 . 2011-05-09 18:02 388096 ----a-r- c:\users\Sven\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-04-17 16:33 . 2011-04-17 16:33 -------- d--h--w- c:\programdata\Common Files

2011-04-16 18:39 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2011-04-16 18:39 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2011-04-16 16:57 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll

2011-04-16 16:57 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll

2011-04-16 16:57 . 2010-10-27 05:06 2048 ----a-w- c:\windows\system32\tzres.dll

2011-04-16 16:57 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-04-16 16:45 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-16 16:28 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-04 06:17 . 2011-04-26 17:20 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:17 . 2011-04-26 17:20 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-05-10_16.28.55 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-10-28 17:10 . 2011-05-11 04:21 56436 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-05-11 04:21 48032 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2010-01-03 17:18 . 2011-05-10 16:01 11444 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2726101024-492574099-2719201097-1000_UserData.bin

+ 2010-01-03 17:18 . 2011-05-11 04:21 11444 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2726101024-492574099-2719201097-1000_UserData.bin

- 2010-01-04 08:04 . 2011-05-10 16:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-01-04 08:04 . 2011-05-11 04:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-01-04 08:04 . 2011-05-10 16:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-01-04 08:04 . 2011-05-11 04:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-05-10 16:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-05-11 04:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-01-03 18:50 . 2011-05-10 16:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-01-03 18:50 . 2011-05-11 04:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-01-03 18:50 . 2011-05-10 16:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-01-03 18:50 . 2011-05-11 04:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-01-03 18:50 . 2011-05-10 16:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-01-03 18:50 . 2011-05-11 04:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-01-03 17:08 . 2011-05-11 05:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-01-03 17:08 . 2011-05-10 16:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-01-03 17:08 . 2011-05-11 05:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-01-03 17:08 . 2011-05-10 16:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-05-10 15:58 . 2011-05-10 15:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-05-11 04:18 . 2011-05-11 04:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-05-11 04:18 . 2011-05-11 04:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-05-10 15:58 . 2011-05-10 15:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2011-05-10 15:58 305456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-05-10 18:36 305456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-11-06 17:12 . 2011-05-10 18:36 907280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2726101024-492574099-2719201097-1000-8192.dat

- 2010-11-06 17:12 . 2011-05-10 15:58 907280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2726101024-492574099-2719201097-1000-8192.dat

- 2009-07-14 02:34 . 2011-05-10 16:12 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:34 . 2011-05-11 04:32 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]

"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]

"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-06 419112]

"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-06 181480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]

S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 08:43]

.

2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 08:43]

.

2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2726101024-492574099-2719201097-1000Core.job

- c:\users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-06 17:53]

.

2011-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2726101024-492574099-2719201097-1000UA.job

- c:\users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-06 17:53]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]

"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_7736&r=27360110g626l03d8z175t58k1a984

mLocal Page = c:\windows\SysWOW64\blank.htm

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2011-05-11 07:19:09

ComboFix-quarantined-files.txt 2011-05-11 05:19

ComboFix2.txt 2011-05-11 05:00

ComboFix3.txt 2011-05-10 16:32

.

Pre-Run: 581.311.205.376 bytes beschikbaar

Post-Run: 581.251.997.696 bytes beschikbaar

.

- - End Of File - - E50B824B0DA641A8B0314C96801289DB

Link naar reactie
Delen op andere sites

Kape in bijlage het nieuwe logje.

Men laptop werkt momenteel zonder problemen en terug supersnel :-)

ComboFix 11-05-10.02 - Sven 11/05/2011 16:55:14.4.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.4091.2908 [GMT 2:00]

Gestart vanuit: c:\users\Sven\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Sven\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Sven\AppData\Local\{6D907A33-42F4-4D1A-9A4F-61A992066B05}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-04-11 to 2011-05-11 ))))))))))))))))))))))))))))))

.

.

2011-05-11 15:07 . 2011-05-11 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-11 15:07 . 2011-05-11 15:07 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2011-05-09 18:02 . 2011-05-09 18:02 388096 ----a-r- c:\users\Sven\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-04-17 16:33 . 2011-04-17 16:33 -------- d--h--w- c:\programdata\Common Files

2011-04-16 18:39 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2011-04-16 18:39 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2011-04-16 16:57 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll

2011-04-16 16:57 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll

2011-04-16 16:57 . 2010-10-27 05:06 2048 ----a-w- c:\windows\system32\tzres.dll

2011-04-16 16:57 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-04-16 16:45 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-16 16:28 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-04 06:17 . 2011-04-26 17:20 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:17 . 2011-04-26 17:20 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-05-10_16.28.55 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-10-28 17:10 . 2011-05-11 14:45 56468 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-05-11 14:45 48088 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-01-03 17:18 . 2011-05-11 14:45 11630 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2726101024-492574099-2719201097-1000_UserData.bin

+ 2010-01-04 08:04 . 2011-05-11 14:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-01-04 08:04 . 2011-05-10 16:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-01-04 08:04 . 2011-05-10 16:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-01-04 08:04 . 2011-05-11 14:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-05-10 16:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-05-11 14:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-01-03 18:50 . 2011-05-10 16:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-01-03 18:50 . 2011-05-11 14:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-01-03 18:50 . 2011-05-10 16:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-01-03 18:50 . 2011-05-11 14:44 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-01-03 18:50 . 2011-05-10 16:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-01-03 18:50 . 2011-05-11 14:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-01-03 17:08 . 2011-05-11 15:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-01-03 17:08 . 2011-05-10 16:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-01-03 17:08 . 2011-05-11 15:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-01-03 17:08 . 2011-05-10 16:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-05-10 15:58 . 2011-05-10 15:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-05-11 14:43 . 2011-05-11 14:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-05-11 14:43 . 2011-05-11 14:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-05-10 15:58 . 2011-05-10 15:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2011-05-10 15:58 305456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-05-11 06:40 305456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-11-06 17:12 . 2011-05-11 06:40 907280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2726101024-492574099-2719201097-1000-8192.dat

- 2010-11-06 17:12 . 2011-05-10 15:58 907280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2726101024-492574099-2719201097-1000-8192.dat

- 2009-07-14 02:34 . 2011-05-10 16:12 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:34 . 2011-05-11 14:57 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]

"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]

"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-06 419112]

"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-06 181480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]

S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 08:43]

.

2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 08:43]

.

2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2726101024-492574099-2719201097-1000Core.job

- c:\users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-06 17:53]

.

2011-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2726101024-492574099-2719201097-1000UA.job

- c:\users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-06 17:53]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]

"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_7736&r=27360110g626l03d8z175t58k1a984

mLocal Page = c:\windows\SysWOW64\blank.htm

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components]

@Denied: (Full) (Everyone)

@Denied: (Full) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

@="Microsoft Windows Media Player"

"Version"="12,0,7600,16667"

"IsInstalled"=dword:00000000

"ComponentID"="WMPACCESS"

"LocalizedName"=expand:"@%SystemRoot%\\system32\\wmploc.dll,-128"

"StubPath"=expand:"%SystemRoot%\\system32\\unregmp2.exe /ShowWMP"

"DontAsk"=dword:00000002

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]

@="Internet Explorer"

"Version"="8,0,7600,17136"

"IsInstalled"=dword:00000001

"ComponentID"="IEACCESS"

"LocalizedName"="@c:\\Windows\\SysWOW64\\ie4uinit.exe,-21"

"StubPath"="c:\\Windows\\SysWOW64\\ie4uinit.exe -UserIconConfig"

"Dontask"=dword:00000002

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

@="Browser Customizations"

"IsInstalled"=dword:00000001

"Version"="8,0,7100,0"

"ComponentiD"="BRANDING.CAB"

"LocalizedName"="@c:\\Windows\\SysWOW64\\iedkcs32.dll,-3052"

"StubPath"="\"c:\\Windows\\SysWOW64\\rundll32.exe\" \"c:\\Windows\\SysWOW64\\iedkcs32.dll\",BrandIEActiveSetup SIGNUP"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]

@="Java (Sun)"

"ComponentID"="JAVAVM"

"IsInstalled"=dword:00000001

"KeyFileName"="c:\\Program Files (x86)\\Java\\jre6\\bin\\regutils.dll"

"Version"="5,0,5000,0"

"Locale"="EN"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

@="Microsoft Windows Media Player 12.0"

"IsInstalled"=dword:00000001

"Version"="12,0,7600,16667"

"DontAsk"=dword:00000002

"Locale"="EN"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]

@="Themes Setup"

"LocalizedName"=expand:"@%SystemRoot%\\system32\\themeui.dll,-2682"

"ComponentID"="Theme Component"

"IsInstalled"=dword:00000001

"Locale"="EN"

"StubPath"=expand:"%SystemRoot%\\system32\\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\\system32\\themeui.dll"

"Version"="1,1,1,9"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]

@="Offline Browsing Pack"

"IsInstalled"=dword:00000001

"Version"="8,0,7600,16385"

"ComponentID"="MobilePk"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

"IsInstalled"=dword:00000001

"Dontask"=dword:00000002

"Locale"="*"

"ComponentID"="MailNews"

"CloneUser"=dword:00000001

"StubPath"=expand:"\"%ProgramFiles(x86)%\\Windows Mail\\WinMail.exe\" OCInstallUserConfigOE"

"Version"="6,1,7600,16385"

@="Microsoft Windows"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]

@="DirectDrawEx"

"ComponentID"="DirectDrawEx"

"IsInstalled"=dword:00000001

"Locale"="*"

"Version"="4,71,1113,0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]

@="Internet Explorer Help"

"IsInstalled"=dword:00000001

"Version"="8,0,7600,16385"

"ComponentID"="HelpCont"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]

@="Microsoft Windows Script 5.6"

"ComponentID"="MSVBScript"

"IsInstalled"=dword:00000001

"Locale"="EN"

"Version"="5,6,0,8833"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]

@="Internet Explorer Setup Tools"

"IsInstalled"=dword:00000001

"Version"="8,0,7600,16385"

"ComponentID"="GenSetup"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]

"KeyFileName"=expand:"%SystemRoot%\\system32\\msieftp.dll"

@="Browsing Enhancements"

"IsInstalled"=dword:00000001

"Version"="8,0,7600,16385"

"ComponentID"="ExtraPack"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

@="Microsoft Windows Media Player"

"IsInstalled"=dword:00000001

"Version"="12,0,7600,16667"

"ComponentID"="Microsoft Windows Media Player"

"LocalizedName"=expand:"@%SystemRoot%\\system32\\wmploc.dll,-128"

"StubPath"=expand:"%SystemRoot%\\system32\\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI"

"DontAsk"=dword:00000002

"Locale"="EN"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]

@="MSN Site Access"

"IsInstalled"=dword:00000001

"Version"="4,9,9,2"

"ComponentID"="MSN_Auth"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

@="Address Book 7"

"Version"="6,1,7600,16684"

"IsInstalled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]

@=".NET Framework"

"Locale"=""

"ComponentID"=".NETFramework"

"Version"="2,0,50727,0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]

@="Windows Desktop Update"

"LocalizedName"=expand:"@%SystemRoot%\\system32\\shell32.dll,-32969"

"ComponentID"="IE4_SHELLID"

"IsInstalled"=dword:00000001

"Locale"="en"

"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

"Version"="6,1,7600,16644"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]

@="Web Platform Customizations"

"IsInstalled"=dword:00000001

"Version"="8,0,7600,17136"

"ComponentID"="BASEIE40_W2K"

"LocalizedName"="@c:\\Windows\\SysWOW64\\ie4uinit.exe,-2000"

"StubPath"="c:\\Windows\\SysWOW64\\ie4uinit.exe -BaseSettings"

"Locale"="en"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]

"IsInstalled"=dword:00000001

"ComponentID"="DOTNETFRAMEWORKS"

"StubPath"="c:\\Windows\\SysWOW64\\Rundll32.exe c:\\Windows\\SysWOW64\\mscories.dll,Install"

"DontAsk"=dword:00000002

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]

@="Dynamic HTML Data Binding"

"IsInstalled"=dword:00000001

"Version"="8,0,7600,16385"

"ComponentID"="Tridata"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]

@="Internet Explorer Core Fonts"

"IsInstalled"=dword:00000001

"Version"="8,0,7600,17136"

"ComponentID"="Fontcore"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]

@="Adobe Flash Player"

"ComponentID"="Flash"

"IsInstalled"=hex:01,00,00,00

"Version"="10.0.32.18"

"Locale"="EN"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]

@="HTML Help"

"IsInstalled"=dword:00000001

"Version"="6,1,7600,16385"

"ComponentID"="HTMLHelp"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

@="Active Directory Service Interface"

"ComponentID"="ADSI"

"IsInstalled"=dword:00000001

"Locale"="EN"

"Version"="5,0,00,0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}]

"Locale"=""

"Version"="4,0,30319,0"

"ComponentID"=".NETFramework"

@=".NET Framework"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2011-05-11 17:11:44

ComboFix-quarantined-files.txt 2011-05-11 15:11

ComboFix2.txt 2011-05-11 05:19

ComboFix3.txt 2011-05-11 05:00

ComboFix4.txt 2011-05-10 16:32

.

Pre-Run: 581.141.880.832 bytes beschikbaar

Post-Run: 580.854.849.536 bytes beschikbaar

.

- - End Of File - - DAC2E3437CA5B96EFF45D1D945F92E25

aangepast door arrows
Link naar reactie
Delen op andere sites

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeembeveiliging -> schakel nu systeemherstel uit door de gewenste schijf te selecteren en op "configureren" te klikken.

  • Klik nu op "verwijderen" om alle herstelpunten te verwijderen.
  • Klik op "Toepassen" en "OK".
  • Herstart nu de PC.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.