Ga naar inhoud

mailware (via msn) door iets aan te klikken op facebook


Aanbevolen berichten

ComboFix 11-05-16.02 - Aquamotion 17/05/2011 17:02:06.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.4026.2352 [GMT 2:00]

Gestart vanuit: e:\gebruikers\Aquamotion\Desktop\ComboFix.exe

gebruikte Opdracht switches :: e:\gebruikers\Aquamotion\Desktop\CFScript.txt

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

AV: G Data AntiVirus 2011 *Enabled/Outdated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Aquamotion\AppData\Local\{06A419EF-615F-4188-8219-FC959BC18CE2}

c:\users\Aquamotion\AppData\Local\{08EB0350-4CA3-4613-9938-F266734DF8E8}

c:\users\Aquamotion\AppData\Local\{0E9D0296-D2EA-4A92-B6FC-34FFF6A9B6F6}

c:\users\Aquamotion\AppData\Local\{11F70198-8B5C-4DBE-9B4B-77375713F510}

c:\users\Aquamotion\AppData\Local\{16007B50-F1D2-4165-BFFC-E2399B48D944}

c:\users\Aquamotion\AppData\Local\{3618FDBA-3828-4E3B-A39B-C352DA50BE1F}

c:\users\Aquamotion\AppData\Local\{37603EB1-D9F8-4611-84A6-8EDF212E3536}

c:\users\Aquamotion\AppData\Local\{3E3097F1-13A8-4916-82CC-209A4FA622DE}

c:\users\Aquamotion\AppData\Local\{43062B76-1911-49B1-9477-7BAB2B81A7FF}

c:\users\Aquamotion\AppData\Local\{47F0E6FE-5775-4CCB-8B77-7AB13E7603F8}

c:\users\Aquamotion\AppData\Local\{6B2E76D4-F1F2-41FC-8BCE-49E1DD5C29A2}

c:\users\Aquamotion\AppData\Local\{734C9259-12BA-45B9-A6A5-096BFCDF816B}

c:\users\Aquamotion\AppData\Local\{73AFAE83-29D2-4B8C-9267-FCD450A27F26}

c:\users\Aquamotion\AppData\Local\{8040A736-D74C-475E-9EED-3C77E6ECE2F0}

c:\users\Aquamotion\AppData\Local\{927BED24-0FC4-4B80-B0EF-1C2F1693271C}

c:\users\Aquamotion\AppData\Local\{930DA3A2-321D-4992-8DC0-B12B0FCC948E}

c:\users\Aquamotion\AppData\Local\{9F159A24-295B-42AF-AFC0-5BEDD38EE3E2}

c:\users\Aquamotion\AppData\Local\{A104D1B7-4836-4084-823F-D79D55673093}

c:\users\Aquamotion\AppData\Local\{AA5B0AE5-C966-451B-A3A2-3598796EE1A8}

c:\users\Aquamotion\AppData\Local\{AD8EB9B3-EBC9-4840-9BD1-6E0261DB0EC7}

c:\users\Aquamotion\AppData\Local\{B9354101-FD4E-4C33-B8D4-86177C0B5123}

c:\users\Aquamotion\AppData\Local\{B95F622E-3008-404D-BF91-06F910C8D6EC}

c:\users\Aquamotion\AppData\Local\{C1C06C53-B87E-4D13-86EB-8A82D0F3285A}

c:\users\Aquamotion\AppData\Local\{CA150B14-3EE5-4497-9BD0-93582DF5EA55}

c:\users\Aquamotion\AppData\Local\{D6F321C8-1A5C-41AD-8819-67A8CEE9709B}

c:\users\Aquamotion\AppData\Local\{D96E89A7-3324-4549-B16B-2FF03F708FBD}

c:\users\Aquamotion\AppData\Local\{DEA27EA9-46E1-4100-BD77-2912C905E4CE}

c:\users\Aquamotion\AppData\Local\{F02EDBB1-6AA0-4C14-99C7-04A68B64C250}

c:\users\Aquamotion\AppData\Local\{FA424521-CE17-49B3-8DA6-F4DD01ECE273}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-04-17 to 2011-05-17 ))))))))))))))))))))))))))))))

.

.

2011-05-17 15:54 . 2011-05-17 15:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-17 15:54 . 2011-05-17 15:54 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2011-05-17 10:48 . 2011-05-17 10:48 -------- d-----w- c:\users\Aquamotion\AppData\Local\{3F44DF43-E2BF-47CF-BC13-90964BD9593D}

2011-05-16 17:03 . 2011-05-16 17:03 388096 ----a-r- c:\users\Aquamotion\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-16 17:03 . 2011-05-16 17:03 -------- d-----w- c:\program files (x86)\Trend Micro

2011-05-16 07:42 . 2011-05-16 07:42 -------- d-----w- c:\users\Aquamotion\AppData\Roaming\AVG10

2011-05-16 07:40 . 2011-05-16 07:40 -------- d--h--w- c:\programdata\Common Files

2011-05-16 07:39 . 2011-05-17 12:25 -------- d-----w- c:\programdata\AVG10

2011-05-16 07:38 . 2011-05-16 10:41 -------- d-----w- c:\users\Aquamotion\AppData\Roaming\.purple

2011-05-16 07:38 . 2011-05-17 12:31 -------- d-----w- c:\program files (x86)\AVG

2011-05-16 07:32 . 2011-05-16 07:32 -------- d-----w- c:\program files (x86)\Pidgin

2011-05-11 06:30 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-05-11 06:30 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-05-11 06:30 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-05-11 06:30 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-05-11 06:30 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-05-11 06:30 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-05-11 06:30 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-05-11 06:30 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-05-11 06:30 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-05-11 06:30 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-05-10 18:01 . 2011-05-10 18:01 -------- d-----w- c:\users\Aquamotion\AppData\Roaming\Malwarebytes

2011-05-10 18:01 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-10 18:01 . 2011-05-10 18:01 -------- d-----w- c:\programdata\Malwarebytes

2011-05-10 18:01 . 2011-05-16 08:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-05-10 18:01 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-11 06:19 . 2011-04-14 00:02 1395712 ----a-w- c:\windows\system32\mfc42.dll

2011-03-11 06:19 . 2011-04-14 00:02 1359872 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-11 05:40 . 2011-04-14 00:02 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll

2011-03-11 05:40 . 2011-04-14 00:02 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll

2011-03-10 17:23 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-08 06:14 . 2011-04-14 00:02 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-08 05:38 . 2011-04-14 00:02 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-03-04 06:17 . 2011-04-27 15:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:17 . 2011-04-27 15:03 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2011-03-03 06:17 . 2011-04-14 00:02 182272 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-03-03 06:14 . 2011-04-14 00:02 30208 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-03-03 05:27 . 2011-04-14 00:02 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe

2011-03-03 03:58 . 2011-04-14 00:02 3133440 ----a-w- c:\windows\system32\win32k.sys

2011-02-24 06:30 . 2011-04-14 00:03 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-24 06:29 . 2011-04-14 00:02 1197056 ----a-w- c:\windows\system32\wininet.dll

2011-02-24 06:24 . 2011-04-14 00:02 57856 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-24 05:32 . 2011-04-14 00:03 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2011-02-24 05:32 . 2011-04-14 00:02 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2011-02-24 05:30 . 2011-04-14 00:02 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-02-24 05:05 . 2011-04-14 00:02 482816 ----a-w- c:\windows\system32\html.iec

2011-02-24 04:24 . 2011-04-14 00:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-24 04:23 . 2011-04-14 00:02 386048 ----a-w- c:\windows\SysWow64\html.iec

2011-02-24 03:50 . 2011-04-14 00:02 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-02-23 05:16 . 2011-04-14 00:02 461312 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-23 05:16 . 2011-04-14 00:02 401920 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-02-23 05:15 . 2011-04-14 00:02 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-02-23 05:15 . 2011-04-14 00:02 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-23 05:15 . 2011-04-14 00:02 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-02-23 05:15 . 2011-04-14 00:02 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-02-23 05:15 . 2011-04-14 00:02 90624 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-02-19 06:37 . 2011-03-09 07:45 1135104 ----a-w- c:\windows\system32\FntCache.dll

2011-02-19 06:37 . 2011-03-09 07:45 1540608 ----a-w- c:\windows\system32\DWrite.dll

2011-02-19 06:36 . 2011-03-09 07:45 902656 ----a-w- c:\windows\system32\d2d1.dll

2011-02-19 06:36 . 2011-04-14 00:02 46080 ----a-w- c:\windows\system32\atmlib.dll

2011-02-19 05:32 . 2011-03-09 07:45 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll

2011-02-19 05:32 . 2011-03-09 07:45 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2011-02-19 05:32 . 2011-04-14 00:02 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2011-02-19 04:13 . 2011-04-14 00:02 367104 ----a-w- c:\windows\system32\atmfd.dll

2011-02-19 03:37 . 2011-04-14 00:02 294912 ----a-w- c:\windows\SysWow64\atmfd.dll

2011-02-18 06:37 . 2011-04-14 00:02 612352 ----a-w- c:\windows\system32\vbscript.dll

2011-02-18 05:36 . 2011-04-14 00:02 428032 ----a-w- c:\windows\SysWow64\vbscript.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-05-17_12.50.44 )))))))))))))))))))))))))))))))))))))))))

.

- 2010-11-12 16:26 . 2011-05-17 12:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-11-12 16:26 . 2011-05-17 15:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-11-12 16:26 . 2011-05-17 15:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-11-12 16:26 . 2011-05-17 12:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-12 21:53 . 2011-05-17 14:50 322934 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Aquamotion\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Aquamotion\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Aquamotion\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]

"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-01-29 888120]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-01-29 3372856]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-07-27 1157128]

"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]

"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]

"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-22 181480]

"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-12 5106904]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

.

c:\users\Aquamotion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Aquamotion\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Kaspersky Security Scan.lnk - c:\program files (x86)\Kaspersky Security Scan\KSS.exe [2010-11-29 2402696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-12 135664]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 GDUpdateSvc;GDUpdateSvc;c:\program files (x86)\G Data\TotalCare\AVK\UpdatePGM\IUpdateAVK.exe [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-12 135664]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]

R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [x]

R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [x]

R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-09-15 16392]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-11-22 2480048]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]

S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2011-05-09 c:\windows\Tasks\DriverNavigator Scheduled Scan.job

- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2011-01-09 21:37]

.

2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-12 16:54]

.

2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-12 16:54]

.

2011-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2526740951-2750476161-2744510648-1000Core.job

- c:\users\Aquamotion\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-12 18:30]

.

2011-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2526740951-2750476161-2744510648-1000UA.job

- c:\users\Aquamotion\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-12 18:30]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 97792 ----a-w- c:\users\Aquamotion\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 97792 ----a-w- c:\users\Aquamotion\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 97792 ----a-w- c:\users\Aquamotion\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]

"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-06-11 301056]

"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-12 361632]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_7715z&r=27361110p905l0484z1k5t44j2e808

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_7715z&r=27361110p905l0484z1k5t44j2e808

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

FF - ProfilePath - c:\users\Aquamotion\AppData\Roaming\Mozilla\Firefox\Profiles\sktzlbfn.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dd0d4eb&v=7.004.022.004&i=26&tp=ab&iy=&ychte=us&lng=nl&q=

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-2526740951-2750476161-2744510648-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2526740951-2750476161-2744510648-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2011-05-17 18:27:40

ComboFix-quarantined-files.txt 2011-05-17 16:27

ComboFix2.txt 2011-05-17 12:53

.

Pre-Run: 207.936.372.736 bytes beschikbaar

Post-Run: 207.889.502.208 bytes beschikbaar

.

- - End Of File - - 5C39A7A0D4EAF3FA65F885F77118C21F

Link naar reactie
Delen op andere sites

Momenteel is mijn pc weer sneller. Heel erg bedankt hiervoor. :D

Wel heb ik nog niet kunnen kijken of mijn messenger nog spam verzend. Mijn account is namelijk geblokkeerd. Weet u misschien ook hoe ik dit kan oplossen?

Ik ben naar deze pagina gegaan: Your account has been temporarily blocked. En hierop staat deze link: http://g.live.com/1rewlive4tup/tupp

Maar daarna krijg ik mijn gsm nummer, maar kan ik geen instellingen doen.

Link naar reactie
Delen op andere sites

Via die pagina kan je de vraag stellen om je account te deblokkeren. Dat kan via mail naar MSN.

Ondertussen mag je ook Combofix al van je PC verwijderen en de restjes wat opruimen :

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Link naar reactie
Delen op andere sites

Als ik probeer ComboFix /Uninstall te activeren dan krijg ik enkel een venster met het verzoek opnieuw dit programma te installeren. Wat ik dan per ongeluk ook opnieuw gedaan heb en waardoor er opnieuw een scan gemaakt is. Ik zal deze ook nog even meesturen, misschien kan u er nog iets uithalen.

Wat kan ik doen om alsnog ComboFix /Uninstall te verwijderen?

ComboFix 11-05-16.02 - Aquamotion 18/05/2011 12:22:04.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.4026.1062 [GMT 2:00]

Gestart vanuit: e:\gebruikers\Aquamotion\Desktop\ComboFix.exe

gebruikte Opdracht switches :: / uninstall

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

AV: G Data AntiVirus 2011 *Enabled/Outdated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-04-18 to 2011-05-18 ))))))))))))))))))))))))))))))

.

.

2011-05-18 10:45 . 2011-05-18 10:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-18 10:45 . 2011-05-18 10:45 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2011-05-18 10:22 . 2011-05-18 10:22 -------- d-----w- c:\program files\CCleaner

2011-05-18 10:03 . 2011-05-18 10:03 -------- d-----w- c:\users\Aquamotion\AppData\Local\{BC5B2352-0828-4101-8299-02AFC7E15B51}

2011-05-18 10:03 . 2011-05-18 10:03 -------- d-----w- c:\windows\nl

2011-05-18 10:02 . 2011-05-18 10:02 -------- dc----w- c:\windows\system32\DRVSTORE

2011-05-18 10:02 . 2010-09-22 22:36 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2011-05-18 10:02 . 2011-05-18 10:02 -------- d-----w- c:\program files (x86)\Microsoft

2011-05-18 10:02 . 2011-05-18 10:02 -------- d-----w- c:\program files (x86)\MSN Toolbar

2011-05-18 10:01 . 2011-05-18 10:02 -------- d-----w- c:\program files (x86)\Bing Bar Installer

2011-05-18 10:01 . 2011-05-18 10:01 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\90d0fac81cc15420c\InstallManager_WLE_WLE.exe

2011-05-18 10:01 . 2011-05-18 10:01 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8ed91b071cc15420b\MeshBetaRemover.exe

2011-05-18 08:31 . 2011-05-18 08:31 -------- d-----w- c:\users\Aquamotion\AppData\Local\{1FD96E9F-87AB-474F-AB05-3B92C54FF138}

2011-05-17 10:48 . 2011-05-17 10:48 -------- d-----w- c:\users\Aquamotion\AppData\Local\{3F44DF43-E2BF-47CF-BC13-90964BD9593D}

2011-05-16 17:03 . 2011-05-16 17:03 388096 ----a-r- c:\users\Aquamotion\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-16 17:03 . 2011-05-16 17:03 -------- d-----w- c:\program files (x86)\Trend Micro

2011-05-16 07:42 . 2011-05-16 07:42 -------- d-----w- c:\users\Aquamotion\AppData\Roaming\AVG10

2011-05-16 07:40 . 2011-05-16 07:40 -------- d--h--w- c:\programdata\Common Files

2011-05-16 07:39 . 2011-05-17 12:25 -------- d-----w- c:\programdata\AVG10

2011-05-16 07:38 . 2011-05-16 10:41 -------- d-----w- c:\users\Aquamotion\AppData\Roaming\.purple

2011-05-16 07:38 . 2011-05-17 12:31 -------- d-----w- c:\program files (x86)\AVG

2011-05-16 07:32 . 2011-05-16 07:32 -------- d-----w- c:\program files (x86)\Pidgin

2011-05-11 06:30 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-05-11 06:30 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-05-11 06:30 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-05-11 06:30 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-05-11 06:30 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-05-11 06:30 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-05-11 06:30 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-05-11 06:30 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-05-11 06:30 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-05-11 06:30 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-05-10 18:01 . 2011-05-10 18:01 -------- d-----w- c:\users\Aquamotion\AppData\Roaming\Malwarebytes

2011-05-10 18:01 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-10 18:01 . 2011-05-10 18:01 -------- d-----w- c:\programdata\Malwarebytes

2011-05-10 18:01 . 2011-05-16 08:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-05-10 18:01 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-11 06:19 . 2011-04-14 00:02 1395712 ----a-w- c:\windows\system32\mfc42.dll

2011-03-11 06:19 . 2011-04-14 00:02 1359872 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-11 05:40 . 2011-04-14 00:02 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll

2011-03-11 05:40 . 2011-04-14 00:02 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll

2011-03-10 17:23 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-08 06:14 . 2011-04-14 00:02 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-08 05:38 . 2011-04-14 00:02 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-03-04 06:17 . 2011-04-27 15:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:17 . 2011-04-27 15:03 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2011-03-03 06:17 . 2011-04-14 00:02 182272 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-03-03 06:14 . 2011-04-14 00:02 30208 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-03-03 05:27 . 2011-04-14 00:02 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe

2011-03-03 03:58 . 2011-04-14 00:02 3133440 ----a-w- c:\windows\system32\win32k.sys

2011-02-24 06:30 . 2011-04-14 00:03 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-24 06:29 . 2011-04-14 00:02 1197056 ----a-w- c:\windows\system32\wininet.dll

2011-02-24 06:24 . 2011-04-14 00:02 57856 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-24 05:32 . 2011-04-14 00:03 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2011-02-24 05:32 . 2011-04-14 00:02 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2011-02-24 05:30 . 2011-04-14 00:02 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-02-24 05:05 . 2011-04-14 00:02 482816 ----a-w- c:\windows\system32\html.iec

2011-02-24 04:24 . 2011-04-14 00:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-24 04:23 . 2011-04-14 00:02 386048 ----a-w- c:\windows\SysWow64\html.iec

2011-02-24 03:50 . 2011-04-14 00:02 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-02-23 05:16 . 2011-04-14 00:02 461312 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-23 05:16 . 2011-04-14 00:02 401920 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-02-23 05:15 . 2011-04-14 00:02 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-02-23 05:15 . 2011-04-14 00:02 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-23 05:15 . 2011-04-14 00:02 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-02-23 05:15 . 2011-04-14 00:02 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-02-23 05:15 . 2011-04-14 00:02 90624 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-02-19 06:37 . 2011-03-09 07:45 1135104 ----a-w- c:\windows\system32\FntCache.dll

2011-02-19 06:37 . 2011-03-09 07:45 1540608 ----a-w- c:\windows\system32\DWrite.dll

2011-02-19 06:36 . 2011-03-09 07:45 902656 ----a-w- c:\windows\system32\d2d1.dll

2011-02-19 06:36 . 2011-04-14 00:02 46080 ----a-w- c:\windows\system32\atmlib.dll

2011-02-19 05:32 . 2011-03-09 07:45 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll

2011-02-19 05:32 . 2011-03-09 07:45 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2011-02-19 05:32 . 2011-04-14 00:02 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2011-02-19 04:13 . 2011-04-14 00:02 367104 ----a-w- c:\windows\system32\atmfd.dll

2011-02-19 03:37 . 2011-04-14 00:02 294912 ----a-w- c:\windows\SysWow64\atmfd.dll

2011-02-18 06:37 . 2011-04-14 00:02 612352 ----a-w- c:\windows\system32\vbscript.dll

2011-02-18 05:36 . 2011-04-14 00:02 428032 ----a-w- c:\windows\SysWow64\vbscript.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-05-17_12.50.44 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-05-18 10:02 . 2010-09-22 22:36 48488 c:\windows\system32\DRVSTORE\fssfltr_A5FA3C925848FF31CD1FDE1A2696CEACA292B950\fssfltr.sys

+ 2010-02-23 01:56 . 2011-05-18 10:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-02-23 01:56 . 2011-05-12 16:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-02-23 01:56 . 2011-05-18 10:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-02-23 01:56 . 2011-05-12 16:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-05-18 10:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-05-12 16:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-12 16:26 . 2011-05-18 10:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-11-12 16:26 . 2011-05-17 12:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-11-12 16:26 . 2011-05-18 10:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-11-12 16:26 . 2011-05-17 12:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-05-18 10:02 . 2011-05-18 10:02 24576 c:\windows\Installer\4a36c48.msp

+ 2011-05-18 10:02 . 2011-05-18 10:02 57344 c:\windows\Installer\4a36c42.msi

+ 2011-05-18 10:02 . 2011-05-18 10:02 71168 c:\windows\Installer\4a36c3e.msi

+ 2011-05-18 10:02 . 2011-05-18 10:02 80384 c:\windows\Installer\4a36c3a.msi

+ 2011-05-18 10:01 . 2011-05-18 10:01 23552 c:\windows\Installer\4a36c32.msp

+ 2010-11-12 18:02 . 2010-11-12 18:02 29696 c:\windows\Installer\4a36c2d.msi

+ 2011-05-18 10:01 . 2011-05-18 10:01 64512 c:\windows\Installer\4a36c27.msp

+ 2011-05-18 10:01 . 2011-05-18 10:01 69120 c:\windows\Installer\4a36bce.msi

+ 2011-05-18 10:01 . 2011-05-18 10:01 37888 c:\windows\Installer\4a36b64.msi

+ 2011-05-18 10:01 . 2011-05-18 10:01 53248 c:\windows\Installer\4a36b60.msi

+ 2011-05-18 10:01 . 2011-05-18 10:01 39936 c:\windows\Installer\4a36b54.msp

+ 2010-11-12 18:01 . 2010-11-12 18:01 74240 c:\windows\Installer\4a36b4f.msi

+ 2011-05-18 10:01 . 2011-05-18 10:01 26112 c:\windows\Installer\4a36b45.msi

+ 2011-05-18 10:03 . 2011-05-18 10:03 89440 c:\windows\Installer\{95140000-007A-0413-0000-0000000FF1CE}\OLCIcon.exe

+ 2010-09-22 14:33 . 2010-09-22 14:33 55136 c:\windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722\utilclasses.dll

+ 2010-09-22 14:33 . 2010-09-22 14:33 91488 c:\windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722\TesClient.dll

+ 2010-09-22 14:33 . 2010-09-22 14:33 34144 c:\windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722\SqmWrapper.dll

+ 2010-09-22 14:33 . 2010-09-22 14:33 71520 c:\windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722\MOE.exe

+ 2010-09-22 14:32 . 2010-09-22 14:32 40800 c:\windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722\logging.dll

+ 2010-09-22 14:32 . 2010-09-22 14:32 77152 c:\windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722\lkrhwlc.dll

+ 2010-09-22 14:33 . 2010-09-22 14:33 97120 c:\windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722\esestore.dll

+ 2010-11-12 21:53 . 2011-05-18 06:28 323478 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2010-11-12 18:02 . 2010-11-12 18:02 166912 c:\windows\Installer\4a36c22.msi

+ 2011-05-18 10:01 . 2011-05-18 10:01 514048 c:\windows\Installer\4a36c0b.msp

+ 2011-05-18 10:01 . 2011-05-18 10:01 468992 c:\windows\Installer\4a36bf0.msp

+ 2011-05-18 10:01 . 2011-05-18 10:01 629248 c:\windows\Installer\4a36be1.msp

+ 2011-05-18 10:01 . 2011-05-18 10:01 113664 c:\windows\Installer\4a36bb7.msp

+ 2010-09-22 10:06 . 2010-09-22 10:06 867840 c:\windows\Installer\4a36b3d.msi

+ 2011-05-18 10:02 . 2011-05-18 10:02 215040 c:\windows\Installer\4a36b2f.msi

+ 2010-09-22 14:31 . 2010-09-22 14:31 108384 c:\windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722\Microsoft.Web.dll

+ 2010-09-22 14:33 . 2010-09-22 14:33 953696 c:\windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722\MeshSessions.dll

+ 2010-09-22 14:33 . 2010-09-22 14:33 117600 c:\windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722\encoders.dll

+ 2010-09-22 14:32 . 2010-09-22 14:32 160608 c:\windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722\commengine.dll

+ 2010-09-22 14:32 . 2010-09-22 14:32 438112 c:\windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722\bitswarm.dll

+ 2011-05-18 10:02 . 2011-05-18 10:02 3103232 c:\windows\Installer\4a36c4c.msi

+ 2011-05-18 10:02 . 2011-05-18 10:02 2633216 c:\windows\Installer\4a36c36.msi

+ 2011-05-18 10:01 . 2011-05-18 10:01 2147328 c:\windows\Installer\4a36c1c.msp

+ 2010-11-12 18:02 . 2010-11-12 18:02 4278272 c:\windows\Installer\4a36c11.msi

+ 2010-11-12 18:01 . 2010-11-12 18:01 6219776 c:\windows\Installer\4a36c06.msi

+ 2011-05-18 10:01 . 2011-05-18 10:01 4301312 c:\windows\Installer\4a36c00.msp

+ 2010-11-12 18:01 . 2010-11-12 18:01 5863424 c:\windows\Installer\4a36bf6.msi

+ 2010-11-12 18:01 . 2010-11-12 18:01 1073664 c:\windows\Installer\4a36be6.msi

+ 2010-11-12 18:00 . 2010-11-12 18:00 1524736 c:\windows\Installer\4a36bd8.msi

+ 2011-05-18 10:01 . 2011-05-18 10:01 1830400 c:\windows\Installer\4a36bc8.msp

+ 2011-05-18 10:01 . 2011-05-18 10:01 3454976 c:\windows\Installer\4a36bbf.msi

+ 2011-05-18 10:01 . 2011-05-18 10:01 6195200 c:\windows\Installer\4a36bbb.msi

+ 2011-05-18 10:01 . 2011-05-18 10:01 6363136 c:\windows\Installer\4a36b7a.msi

+ 2011-05-18 10:01 . 2011-05-18 10:01 2310656 c:\windows\Installer\4a36b6c.msi

+ 2011-05-18 10:01 . 2011-05-18 10:01 9553920 c:\windows\Installer\4a36b5c.msi

+ 2011-05-18 10:01 . 2011-05-18 10:01 2856448 c:\windows\Installer\4a36b58.msi

+ 2011-05-18 10:01 . 2011-05-18 10:01 4227072 c:\windows\Installer\4a36b41.msi

+ 2011-05-18 10:02 . 2011-05-18 10:02 5269504 c:\windows\Installer\4a36b36.msp

+ 2010-09-22 23:17 . 2010-09-22 23:17 1204584 c:\windows\Installer\$PatchCache$\Managed\B53C70A248384AD4A95944B2C6980A37\15.4.3502\wlarp.exe

- 2009-07-14 02:34 . 2011-05-17 12:39 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:34 . 2011-05-18 10:11 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Aquamotion\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Aquamotion\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Aquamotion\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]

"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-01-29 888120]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-01-29 3372856]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-07-27 1157128]

"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]

"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]

"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-22 181480]

"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-12 5106904]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

.

c:\users\Aquamotion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Aquamotion\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Kaspersky Security Scan.lnk - c:\program files (x86)\Kaspersky Security Scan\KSS.exe [2010-11-29 2402696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-12 135664]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 GDUpdateSvc;GDUpdateSvc;c:\program files (x86)\G Data\TotalCare\AVK\UpdatePGM\IUpdateAVK.exe [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-12 135664]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]

R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [x]

R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [x]

R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-09-15 16392]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-11-22 2480048]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]

S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2011-05-09 c:\windows\Tasks\DriverNavigator Scheduled Scan.job

- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2011-01-09 21:37]

.

2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-12 16:54]

.

2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-12 16:54]

.

2011-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2526740951-2750476161-2744510648-1000Core.job

- c:\users\Aquamotion\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-12 18:30]

.

2011-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2526740951-2750476161-2744510648-1000UA.job

- c:\users\Aquamotion\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-12 18:30]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 97792 ----a-w- c:\users\Aquamotion\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 97792 ----a-w- c:\users\Aquamotion\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 97792 ----a-w- c:\users\Aquamotion\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]

"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-06-11 301056]

"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-12 361632]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com/chrome

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_7715z&r=27361110p905l0484z1k5t44j2e808

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

FF - ProfilePath - c:\users\Aquamotion\AppData\Roaming\Mozilla\Firefox\Profiles\sktzlbfn.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dd0d4eb&v=7.004.022.004&i=26&tp=ab&iy=&ychte=us&lng=nl&q=

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-2526740951-2750476161-2744510648-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2526740951-2750476161-2744510648-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2011-05-18 14:23:56

ComboFix-quarantined-files.txt 2011-05-18 12:23

ComboFix2.txt 2011-05-17 16:27

ComboFix3.txt 2011-05-17 12:53

.

Pre-Run: 207.408.844.800 bytes beschikbaar

Post-Run: 208.096.378.880 bytes beschikbaar

.

- - End Of File - - 777EDDACC61B74945D0F43D2EC7F0ACF

Link naar reactie
Delen op andere sites

Heb je bij het uninstallen van Combofix rekening gehouden met de spatie vóór de slash in Combofix /Uninstall. Dat wordt wel eens meer over het hoofd gezien. Zonder spatie wordt de scan opnieuw opgestart en wordt Combofix niet verwijderd.

Link naar reactie
Delen op andere sites

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.