bureaublad iconen wit vierkant te zien met gekleurde bollet

[videofan]

Tot mijn grote spijt heeft dit wel wat snelheid opgeleverd

maar de iconen blijven bedekt met het vierkantje.

Helaas.

[kape]

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[videofan]

ComboFix 11-07-23.04 - Wil 24-07-2011 12:54:44.1.8 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.6134.3941 [GMT 2:00]

Gestart vanuit: c:\users\Wil\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}

SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\HDD Regenerator\HDD Regenerator.exe

c:\users\Wil\AppData\Roaming\chrtmp

c:\users\Wil\AppData\Roaming\inst.exe

c:\users\Wil\AppData\Roaming\Local

c:\users\Wil\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr

c:\users\Wil\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx

c:\users\Wil\AppData\Roaming\QUAD Backups

c:\users\Wil\AppData\Roaming\Secure-Soft Stealer

c:\users\Wil\Documents\cc_20110704_122740.reg

c:\users\Wil\Documents\Readiris.DUS

c:\windows\Downloaded Program Files\tgctlsr.dll

c:\windows\security\Database\tmp.edb

c:\windows\XSxS

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-06-24 to 2011-07-24 ))))))))))))))))))))))))))))))

.

.

2011-07-23 17:36 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-23 17:36 . 2011-07-23 17:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-07-23 17:36 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-23 14:56 . 2011-07-23 14:56 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

2011-07-23 14:42 . 2011-07-23 14:42 -------- d-----w- c:\users\Wil\AppData\Roaming\TuneUp Software

2011-07-23 13:18 . 2011-07-23 13:18 388096 ----a-r- c:\users\Wil\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-07-23 12:16 . 2011-07-23 12:16 -------- d-----w- c:\users\Administrator\AppData\Local\Ahead

2011-07-23 12:16 . 2011-07-23 12:20 -------- d-----w- c:\users\Administrator\AppData\Roaming\Vista Start Menu

2011-07-23 12:16 . 2011-07-23 12:16 -------- d-----w- c:\users\Administrator\AppData\Roaming\Codessentials

2011-07-21 21:07 . 2011-07-21 21:07 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2011-07-21 20:56 . 2011-07-21 20:56 -------- d-----w- C:\Rbackup

2011-07-21 20:27 . 2011-07-21 20:28 -------- d-----w- c:\program files\CCleaner

2011-07-21 16:59 . 2011-07-21 16:59 -------- d-----w- c:\users\Wil\AppData\Roaming\Big Fish Games

2011-07-21 11:47 . 2011-07-21 11:47 -------- d-----w- c:\programdata\Spotnet origineel

2011-07-21 06:59 . 2011-07-21 06:59 -------- d-----w- c:\users\Wil\AppData\Roaming\Media Player Classic

2011-07-20 14:39 . 2011-07-20 14:39 -------- d-----w- c:\users\Wil\AppData\Roaming\CattaleGames

2011-07-19 12:31 . 2011-07-19 12:31 -------- d-----w- c:\programdata\TomTom

2011-07-19 12:31 . 2011-07-19 12:31 -------- d-----w- c:\users\Wil\AppData\Roaming\TomTom

2011-07-19 12:31 . 2011-07-19 12:31 -------- d-----w- c:\users\Wil\AppData\Local\TomTom

2011-07-19 12:31 . 2011-07-19 12:31 -------- d-----w- c:\program files (x86)\TomTom International B.V

2011-07-19 11:21 . 2005-07-14 10:31 32256 ----a-w- c:\windows\SysWow64\AVSredirect.dll

2011-07-19 11:21 . 2004-01-24 22:00 70656 ----a-w- c:\windows\SysWow64\yv12vfw.dll

2011-07-19 11:21 . 2004-01-24 22:00 70656 ----a-w- c:\windows\SysWow64\i420vfw.dll

2011-07-17 14:42 . 2011-07-17 14:42 -------- d-----w- c:\windows\nl

2011-07-17 14:36 . 2011-05-13 13:37 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2011-07-17 14:36 . 2011-07-17 14:43 -------- d-----w- c:\program files (x86)\Windows Live

2011-07-17 14:35 . 2011-07-17 14:36 -------- d-----w- c:\program files\Windows Live

2011-07-17 14:34 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll

2011-07-17 14:34 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2011-07-17 14:33 . 2009-09-04 15:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll

2011-07-17 14:33 . 2009-09-04 15:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll

2011-07-17 14:33 . 2009-09-04 15:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

2011-07-17 14:33 . 2009-09-04 15:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-07-17 14:32 . 2009-08-04 08:12 1103872 ----a-w- c:\windows\system32\webservices.dll

2011-07-17 14:32 . 2009-08-04 08:02 754688 ----a-w- c:\windows\SysWow64\webservices.dll

2011-07-17 14:30 . 2011-07-17 14:30 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\15ea452a1cc448e06\bingbarsetup.exe

2011-07-17 14:30 . 2011-07-17 14:30 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\481a2ba1cc448e05\MeshBetaRemover.exe

2011-07-17 14:29 . 2011-07-17 14:29 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\19e7ffa1cc448e04\DSETUP.dll

2011-07-17 14:29 . 2011-07-17 14:29 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\19e7ffa1cc448e04\DXSETUP.exe

2011-07-17 14:29 . 2011-07-17 14:29 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\19e7ffa1cc448e04\dsetup32.dll

2011-07-17 14:29 . 2011-07-17 14:29 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fde855ca1cc448d03\DSETUP.dll

2011-07-17 14:29 . 2011-07-17 14:29 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fde855ca1cc448d03\DXSETUP.exe

2011-07-17 14:29 . 2011-07-17 14:29 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fde855ca1cc448d03\dsetup32.dll

2011-07-17 14:29 . 2011-07-21 03:57 -------- d-----w- c:\users\Wil\AppData\Local\Windows Live

2011-07-17 14:22 . 2011-07-17 14:22 -------- d-----w- c:\windows\SysWow64\spool

2011-07-17 14:22 . 2011-07-17 14:22 -------- d-----w- c:\program files\Windows Portable Devices

2011-07-17 14:22 . 2011-07-17 14:22 -------- d-----w- c:\program files (x86)\Windows Portable Devices

2011-07-17 14:17 . 2009-10-01 01:02 30208 ----a-w- c:\windows\SysWow64\WPDShextAutoplay.exe

2011-07-17 14:14 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll

2011-07-17 14:13 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-07-17 14:13 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll

2011-07-17 14:13 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll

2011-07-17 14:13 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll

2011-07-17 14:13 . 2010-05-04 19:40 316928 ----a-w- c:\windows\system32\msshsq.dll

2011-07-17 14:13 . 2010-05-04 19:13 231424 ----a-w- c:\windows\SysWow64\msshsq.dll

2011-07-17 14:13 . 2011-04-21 14:17 695296 ----a-w- c:\windows\system32\drivers\bthport.sys

2011-07-17 14:13 . 2009-06-17 10:37 35328 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS

2011-07-17 13:50 . 2011-07-17 13:51 -------- d-----w- c:\program files (x86)\Windows Mail

2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\windows\SysWow64\ca-ES

2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\windows\SysWow64\eu-ES

2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\windows\SysWow64\vi-VN

2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\windows\system32\ca-ES

2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\windows\system32\eu-ES

2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\windows\system32\vi-VN

2011-07-17 13:45 . 2011-07-17 13:45 -------- d-----w- c:\windows\system32\SPReview

2011-07-17 13:32 . 2009-04-10 22:11 946688 ----a-w- c:\windows\system32\scavenge.dll

2011-07-17 13:32 . 2009-04-10 22:10 56320 ----a-w- c:\windows\system32\compcln.exe

2011-07-17 13:31 . 2009-04-28 11:14 3584 ----a-w- c:\windows\system32\drivers\nl-NL\hdaudbus.sys.mui

2011-07-17 13:31 . 2009-04-28 11:12 8704 ----a-w- c:\windows\system32\drivers\nl-NL\bthport.sys.mui

2011-07-17 13:27 . 2009-04-10 22:15 73176 ----a-w- c:\windows\system32\drivers\partmgr.sys

2011-07-17 13:26 . 2009-04-10 22:15 164328 ----a-w- c:\windows\system32\drivers\Storport.sys

2011-07-17 13:23 . 2011-07-17 13:23 -------- d-----w- c:\windows\system32\EventProviders

2011-07-17 12:19 . 2011-07-17 12:53 -------- d-----w- c:\users\Wil\AppData\Roaming\GetRightToGo

2011-07-17 12:12 . 2011-07-23 14:56 -------- d-sh--w- c:\windows\Installer

2011-07-16 21:32 . 2011-07-16 21:32 -------- d-----w- c:\users\Wil\AppData\Roaming\AnvSoft

2011-07-16 21:18 . 2011-07-16 21:18 -------- d-----w- c:\program files (x86)\OJOsoft

2011-07-16 21:07 . 2011-07-16 21:07 -------- d-----w- c:\program files (x86)\Common Files\Common Share

2011-07-16 21:07 . 2008-12-18 11:38 719872 ----a-w- c:\windows\SysWow64\devil.dll

2011-07-16 21:07 . 2009-09-27 07:39 369152 ----a-w- c:\windows\SysWow64\avisynth.dll

2011-07-15 04:29 . 2011-07-15 04:29 -------- d-----w- c:\windows\Installer orig in H gezet

2011-07-14 18:44 . 2011-07-14 18:44 -------- d-----r- C:\Sandbox

2011-07-13 10:52 . 2011-04-20 16:03 451072 ----a-w- c:\windows\system32\winsrv.dll

2011-07-13 10:52 . 2011-04-20 15:58 85504 ----a-w- c:\windows\system32\csrsrv.dll

2011-07-13 10:52 . 2011-06-02 13:50 2764288 ----a-w- c:\windows\system32\win32k.sys

2011-07-12 15:09 . 2011-07-12 15:09 -------- d-----w- c:\program files\Soluto

2011-07-09 17:18 . 2008-12-18 11:38 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2011-07-09 17:18 . 2008-12-18 11:38 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2011-07-09 17:18 . 2008-12-18 11:38 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll

2011-07-09 08:37 . 2011-07-09 08:37 -------- d-----w- c:\programdata\FirmTools

2011-07-09 07:53 . 2011-07-09 08:16 -------- d-----w- c:\users\Wil\AppData\Roaming\calibre

2011-07-09 07:52 . 2011-07-09 07:52 -------- d-----w- c:\program files (x86)\Calibre2

2011-07-09 07:44 . 2003-06-05 15:15 57436 ----a-w- c:\windows\DASShp.dll

2011-07-09 07:44 . 2003-05-22 22:15 217174 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ClearType\ctras.dll

2011-07-09 07:44 . 2000-10-05 13:55 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2011-07-09 07:44 . 2000-10-05 13:55 221184 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll

2011-07-09 07:44 . 2000-10-05 13:50 221184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2011-07-09 07:44 . 2000-10-05 13:49 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2011-07-09 07:44 . 2000-10-05 06:01 602244 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

2011-07-08 20:05 . 2011-07-08 20:06 -------- d-----w- c:\users\Wil\AppData\Roaming\MovieSpot

2011-07-08 08:53 . 2009-06-30 08:37 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys

2011-07-08 08:53 . 2011-07-08 08:53 -------- d-----w- c:\program files (x86)\Panda Security

2011-07-08 08:00 . 2011-07-08 08:00 -------- d-----w- c:\program files\Microsoft Synchronization Services

2011-07-08 08:00 . 2011-07-08 08:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2011-07-08 07:59 . 2011-07-08 07:59 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

2011-07-08 07:56 . 2011-07-08 08:00 -------- d-----w- c:\programdata\SpotGrit

2011-07-07 16:05 . 2011-07-07 16:05 8 ----a-w- c:\users\Wil\AppData\Roaming\rat.exe

2011-07-07 06:41 . 2011-07-07 06:41 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2011-07-05 11:30 . 2011-07-05 11:30 -------- d-----w- c:\programdata\TERMINAL Studio

2011-07-04 10:39 . 2011-07-04 10:39 -------- d-----w- c:\users\Wil\AppData\Roaming\GlarySoft

2011-07-04 08:55 . 2004-07-09 07:43 226304 ----a-w- c:\windows\system32\TwnLib4.dll

2011-07-04 08:55 . 2003-03-18 21:14 303616 ----a-w- c:\windows\system32\msvcp71.dll

2011-07-04 08:55 . 2003-03-18 19:12 451584 ----a-w- c:\windows\system32\mfc71u.dll

2011-07-04 08:55 . 2003-02-21 03:42 165888 ----a-w- c:\windows\system32\msvcr71.dll

2011-07-04 08:55 . 2004-07-26 15:16 928768 ----a-w- c:\windows\system32\imagX7.dll

2011-07-04 08:55 . 2004-07-26 15:16 476320 ----a-w- c:\windows\system32\imagXpr7.dll

2011-07-04 08:55 . 2004-07-26 15:16 364032 ----a-w- c:\windows\system32\imagXRA7.dll

2011-07-04 08:55 . 2004-07-26 15:16 224256 ----a-w- c:\windows\system32\imagXR7.dll

2011-07-04 08:55 . 2003-03-19 05:20 454144 ----a-w- c:\windows\system32\mfc71.dll

2011-07-03 04:36 . 2011-07-03 04:36 59839 --sh--w- c:\windows\dtmn.exe

2011-07-03 04:36 . 2011-07-03 04:36 66046 --sh--w- c:\windows\kdhr.exe

2011-07-02 19:18 . 2004-12-02 16:20 1843200 ----a-w- c:\windows\SysWow64\NCTAudioFile2.dll

2011-07-02 19:18 . 2004-12-02 16:11 315392 ----a-w- c:\windows\SysWow64\NCTAudioPlayer2.dll

2011-07-02 19:18 . 2004-05-20 13:24 196608 ----a-w- c:\windows\SysWow64\NCTWMAFile2.dll

2011-07-02 19:02 . 2011-07-02 19:03 -------- d-----w- c:\users\Wil\AppData\Roaming\MP3 Quality Modifier

2011-07-02 13:48 . 2011-07-02 13:48 -------- d-----w- C:\iSiteLogs

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-17 14:35 . 2011-03-28 16:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-07-07 06:34 . 2011-05-22 19:03 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys

2011-06-30 06:41 . 2011-05-23 19:57 319488 ----a-w- c:\windows\HideWin.exe

2011-06-30 06:12 . 2009-02-07 02:17 525792 ----a-w- c:\windows\DIFxAPI.dll

2011-06-25 10:25 . 2011-05-20 17:54 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-24 17:14 . 2010-11-28 09:12 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-05-13 14:03 . 2011-05-13 14:03 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll

2011-05-13 13:42 . 2011-05-13 13:42 302448 ----a-w- c:\windows\WLXPGSS.SCR

2011-05-04 02:52 . 2011-01-07 13:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-05-02 17:16 . 2011-06-15 07:32 739328 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-05-02 17:13 . 2011-06-15 07:32 975360 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 13:41 . 2011-06-15 07:32 176128 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-29 13:40 . 2011-06-15 07:32 145920 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-29 13:39 . 2011-06-15 07:32 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-29 13:39 . 2011-06-15 07:32 135680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-29 13:39 . 2011-06-15 07:32 107008 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll

2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll

2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll

2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-07-29 16:52 121392 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-24 68856]

"VistaStartMenu"="c:\program files (x86)\Vista Start Menu\VistaStartMenu.exe" [2008-04-26 2670296]

"RoboForm"="e:\program files (x86)\Roboform gegevens\RoboTaskBarIcon.exe" [2011-02-06 107000]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]

"Yadis"="c:\program files (x86)\codessentials\yadis\yadis.exe" [2011-01-14 1758208]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

"SandboxieControl"="i:\program files\Sandboxie\SbieCtrl.exe" [2011-06-17 604432]

"TomTomHOME.exe"="e:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]

"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-25 64112]

"RemoteControl"="e:\program files (x86)\CyberLink\PowerDVD v7.3 ultra\PDVDServ.exe" [2007-03-14 71216]

"LanguageShortcut"="e:\program files (x86)\CyberLink\PowerDVD v7.3 ultra\Language\Language.exe" [2007-03-14 54832]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Ashampoo Core Tuner"="c:\program files (x86)\Ashampoo\Ashampoo Core Tuner\autostarter.exe" [2010-02-15 428376]

"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-13 5075776]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

.

R0 rseb;rseb; [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 135664]

R3 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]

R3 ALSysIO;ALSysIO;i:\temp\ALSysIO64.sys [x]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH6.sys [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]

R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776]

R3 esihdrv;esihdrv;i:\temp\esihdrv.sys [x]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 135664]

R3 PAC207;Trust Webcam Live;c:\windows\system32\DRIVERS\PFC027.SYS [x]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]

S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\DRIVERS\tdrpm255.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]

S1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files (x86)\HWiNFO32\HWiNFO64A.SYS [2010-09-29 28032]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]

S1 VD_FileDisk;VD_FileDisk; [x]

S2 acthelper;Ashampoo CoreTuner Helper Service;c:\program files (x86)\Ashampoo\Ashampoo Core Tuner\ACTHelperService.exe [2010-02-15 902488]

S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-10-25 2475952]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-04-09 731840]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]

S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-13 24576]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2011-07-07 376352]

S2 TomTomHOMEService;TomTomHOMEService;e:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]

S3 gwfilt64;gwfilt64;c:\windows\system32\drivers\gwfilt64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]

S3 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{BBE2A330-76AD-1E64-FF0C-BFCDE34B5E8A}]

2011-07-07 16:05 8 ----a-w- c:\users\Wil\AppData\Roaming\rat.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2011-07-24 c:\windows\Tasks\AutoSmartDefrag.job

- e:\program files (x86)\IObit SmartDefrag\IObit SmartDefrag.exe [2011-04-12 17:08]

.

2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 08:08]

.

2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 08:08]

.

2011-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3516149696-3862806164-1056994232-1000Core.job

- c:\users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-30 08:13]

.

2011-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3516149696-3862806164-1056994232-1000UA.job

- c:\users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-30 08:13]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-07-29 16:53 50736 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2692008]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2009-08-11 319488]

"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2009-08-11 323584]

"Ashampoo Core Tuner"="c:\program files (x86)\Ashampoo\Ashampoo Core Tuner\autostarter.exe" [2010-02-15 428376]

"eDataSecurity Loader"="c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe" [2008-07-29 561200]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-13 357304]

"Acronis Scheduler2Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-13 357304]

"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.nl/ig?brand=ACAW&bmod=ACEU

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp64&d=1010&m=aspire_m7720

mLocal Page = %SystemRoot%\system32\blank.htm

IE: Formulieren opslaan - file://e:\program files (x86)\Roboform gegevens\RoboFormComSavePass.html

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 192.168.1.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Wil\AppData\Roaming\Mozilla\Firefox\Profiles\hkipwinx.default\

FF - prefs.js: browser.search.selectedEngine - iMesh Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.imesh.com/

FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&systemid=1&q=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - h:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

Wow6432Node-HKCU-Run-Network Drive Mapping Utility - (no file)

Wow6432Node-HKLM-Run-HDD Regenerator - c:\program files (x86)\HDD Regenerator\HDD Regenerator.exe

Toolbar-10 - (no file)

WebBrowser-{F4E6547E-325B-403C-A3BB-AD29ED37A92F} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{B80F591E-FE9A-46CF-A13E-180377240586} - (no file)

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

HKLM-Run-Skytel - Skytel.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]

"ImagePath"="\??\e:\program files (x86)\CyberLink\PowerDVD v7.3 ultra\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG12.00.00.01PROFESSIONAL"="55BFD9D9AF33430ABFE97A81D71A337A8F5842EBE267943ADAB0864644CD1C41F72B73813215D6C80F544BAD199B902781E065DAF2FAFEBB9D0F8D91DCABC3F3231AAA5D85C3C05495BA36DBE73D3218663C0569DC532561619EE155716D33F5F845F3A79698148D54BF75F71F8F83323A17425607FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CA9C6AECB7A5D1407A6A0AC4980AC7933108C02E5AD7ADB82045EB23F1EE1F55BDEBE0B8826196CFACB74C6CA641AD6AE46ED7E8E49773FECA1A0063FE86E131D243CD6E1DD3790B82EA51099B833D3387BCE86F886616CCCE650622A6228FDEECB5DCEE296F07FB76804B526CE0CFA13DE3E8F5CDDEA67B53E50C1B30C290E6F997A0F5B7C648043B6FA94FE9D67A1D5485CD5A3AD9CB82B3416DF454CDC1A31F27FF4D09D045D9A790C4B67FA5CA310AD5FDA6EB6536DA9FAAD3F7A6E84033C64EA23FE6F1566F2B2493C552554E1C2AD10E2911E3C969E69B3A4242135278A1B4F7DD048B06DF30B5C1073BB0F3FE089CA7413EE5D486BF75C1946F4D7EE8B6BD531E8E245C83950033021429F2355A302DB2F948E9BE546EAE89A6128C222CB38AA9DDF9452D36F0A4D6F23ECF9FB083CABD5E079AD58943CA78CC1B88FA557469B77C1346B46FED8D825A9B032A7E10FB5A90B9F9D804A3EA73D52EB48E04C637BB3F00E738935660C3D86FA419B822B1282A9D410126FF18481387CE2140E0684C3B760D38A6DBEE0E64DAC9C11DE511E6C3CC02F3234EE98E0F6755770233B34CEC53CF5A72A829683777EC1358FD4F8A6A25EA779E8DF0898FA3AA49DB6A0CCAC2F87C7350D66B02BE17AAF2AD1A00824A4FDA8770480B61992FCCB3697E9D36C6B7CBC7BDE3275A6CAFEE98306B1F28D69C2E7AD9FA54C076EC8D24AB8DE944D54A84C370B41F0F4D73F784BB219253DFEA51D13F83538BAA678C35CB0D91DC62A6DEF972286714891C266FD7EFBCFC256728610F128ABC0B5BCAB643CCB3F829180264157830B88E4E2448C37156663C5C7E283918D99D8F81C1BCA37B5115C106C73CB0352154F21CE24DBCE2F21938699783F80083D79B3EDAA71A7B0EB67920F5B43A01EA9EA7B8A9F4658ADFC02B631100A0ECD92498BE0F02AB1676E69E699EB27D127285E8C6BD1178E84390DD5A8741D2AA75B260BF20E3B2299FC594292B1EC5743B460CE1C59104C3D59C74A70F7A6EBF51D1F21FAA0616619BAE7BAD13F7B9BD8B45A259CD9E59476A6795D4C6E490E2B20F9A020524B134F1374CB072CAE2AE4D56BD2BF7D420BDFAD1EBCD2B01A6C4BF02FBEE0C91A5EB5B31655B393D7B1F704E6002A6C43793F3D66F9719B230B71636A950DB4E6A25C10151B2D92B908B675"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2011-07-24 13:10:33

ComboFix-quarantined-files.txt 2011-07-24 11:10

.

Pre-Run: 58.409.648.128 bytes beschikbaar

Post-Run: 58.209.771.520 bytes beschikbaar

.

- - End Of File - - 2A86F8752CAB583F95720BCA2A1F5E45

---------- Post toegevoegd om 14:18 ---------- Vorige post was om 14:17 ----------

hebnu ook iconcache hersteld.

Vergroten 2X en verkleinen icons op bureaublad.

Nog steeds geen result

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\dtmn.exe

c:\windows\kdhr.exe

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Yadis"=-

[-HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{BBE2A330-76AD-1E64-FF0C-BFCDE34B5E8A}]

Driver::

rseb

BBSvc

Firefox::

FF - ProfilePath - c:\users\Wil\AppData\Roaming\Mozilla\Firefox\Profiles\hkipwinx.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

[videofan]

helaas.

Dit is de nieuwe log:

ComboFix 11-07-23.04 - Wil 25-07-2011 12:07:44.2.8 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.6134.3333 [GMT 2:00]

Gestart vanuit: c:\users\Wil\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Wil\Desktop\CFScript.txt

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}

SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\dtmn.exe"

"c:\windows\kdhr.exe"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\dtmn.exe

c:\windows\kdhr.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_BBSvc

-------\Service_rseb

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-06-25 to 2011-07-25 ))))))))))))))))))))))))))))))

.

.

2011-07-25 10:21 . 2011-07-25 10:21 -------- d-----w- c:\users\Wil\AppData\Local\temp

2011-07-25 10:21 . 2011-07-25 10:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-25 10:21 . 2011-07-25 10:21 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2011-07-23 17:36 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-23 17:36 . 2011-07-23 17:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-07-23 17:36 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-23 14:56 . 2011-07-23 14:56 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

2011-07-23 14:42 . 2011-07-23 14:42 -------- d-----w- c:\users\Wil\AppData\Roaming\TuneUp Software

2011-07-23 13:18 . 2011-07-23 13:18 388096 ----a-r- c:\users\Wil\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-07-23 12:16 . 2011-07-23 12:16 -------- d-----w- c:\users\Administrator\AppData\Local\Ahead

2011-07-23 12:16 . 2011-07-24 12:56 -------- d-----w- c:\users\Administrator\AppData\Roaming\Vista Start Menu

2011-07-23 12:16 . 2011-07-23 12:16 -------- d-----w- c:\users\Administrator\AppData\Roaming\Codessentials

2011-07-21 21:07 . 2011-07-21 21:07 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2011-07-21 20:56 . 2011-07-21 20:56 -------- d-----w- C:\Rbackup

2011-07-21 20:27 . 2011-07-21 20:28 -------- d-----w- c:\program files\CCleaner

2011-07-21 16:59 . 2011-07-21 16:59 -------- d-----w- c:\users\Wil\AppData\Roaming\Big Fish Games

2011-07-21 11:47 . 2011-07-21 11:47 -------- d-----w- c:\programdata\Spotnet origineel

2011-07-21 06:59 . 2011-07-21 06:59 -------- d-----w- c:\users\Wil\AppData\Roaming\Media Player Classic

2011-07-20 14:39 . 2011-07-20 14:39 -------- d-----w- c:\users\Wil\AppData\Roaming\CattaleGames

2011-07-19 12:31 . 2011-07-19 12:31 -------- d-----w- c:\programdata\TomTom

2011-07-19 12:31 . 2011-07-19 12:31 -------- d-----w- c:\users\Wil\AppData\Roaming\TomTom

2011-07-19 12:31 . 2011-07-19 12:31 -------- d-----w- c:\users\Wil\AppData\Local\TomTom

2011-07-19 12:31 . 2011-07-19 12:31 -------- d-----w- c:\program files (x86)\TomTom International B.V

2011-07-19 11:21 . 2005-07-14 10:31 32256 ----a-w- c:\windows\SysWow64\AVSredirect.dll

2011-07-19 11:21 . 2004-01-24 22:00 70656 ----a-w- c:\windows\SysWow64\yv12vfw.dll

2011-07-19 11:21 . 2004-01-24 22:00 70656 ----a-w- c:\windows\SysWow64\i420vfw.dll

2011-07-17 14:42 . 2011-07-17 14:42 -------- d-----w- c:\windows\nl

2011-07-17 14:36 . 2011-05-13 13:37 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2011-07-17 14:36 . 2011-07-17 14:43 -------- d-----w- c:\program files (x86)\Windows Live

2011-07-17 14:35 . 2011-07-17 14:36 -------- d-----w- c:\program files\Windows Live

2011-07-17 14:34 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll

2011-07-17 14:34 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2011-07-17 14:33 . 2009-09-04 15:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll

2011-07-17 14:33 . 2009-09-04 15:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll

2011-07-17 14:33 . 2009-09-04 15:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

2011-07-17 14:33 . 2009-09-04 15:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-07-17 14:32 . 2009-08-04 08:12 1103872 ----a-w- c:\windows\system32\webservices.dll

2011-07-17 14:32 . 2009-08-04 08:02 754688 ----a-w- c:\windows\SysWow64\webservices.dll

2011-07-17 14:30 . 2011-07-17 14:30 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\15ea452a1cc448e06\bingbarsetup.exe

2011-07-17 14:30 . 2011-07-17 14:30 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\481a2ba1cc448e05\MeshBetaRemover.exe

2011-07-17 14:29 . 2011-07-17 14:29 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\19e7ffa1cc448e04\DSETUP.dll

2011-07-17 14:29 . 2011-07-17 14:29 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\19e7ffa1cc448e04\DXSETUP.exe

2011-07-17 14:29 . 2011-07-17 14:29 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\19e7ffa1cc448e04\dsetup32.dll

2011-07-17 14:29 . 2011-07-17 14:29 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fde855ca1cc448d03\DSETUP.dll

2011-07-17 14:29 . 2011-07-17 14:29 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fde855ca1cc448d03\DXSETUP.exe

2011-07-17 14:29 . 2011-07-17 14:29 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fde855ca1cc448d03\dsetup32.dll

2011-07-17 14:29 . 2011-07-25 06:55 -------- d-----w- c:\users\Wil\AppData\Local\Windows Live

2011-07-17 14:22 . 2011-07-17 14:22 -------- d-----w- c:\windows\SysWow64\spool

2011-07-17 14:22 . 2011-07-17 14:22 -------- d-----w- c:\program files\Windows Portable Devices

2011-07-17 14:22 . 2011-07-17 14:22 -------- d-----w- c:\program files (x86)\Windows Portable Devices

2011-07-17 14:17 . 2009-10-01 01:02 30208 ----a-w- c:\windows\SysWow64\WPDShextAutoplay.exe

2011-07-17 14:14 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll

2011-07-17 14:13 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-07-17 14:13 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll

2011-07-17 14:13 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll

2011-07-17 14:13 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll

2011-07-17 14:13 . 2010-05-04 19:40 316928 ----a-w- c:\windows\system32\msshsq.dll

2011-07-17 14:13 . 2010-05-04 19:13 231424 ----a-w- c:\windows\SysWow64\msshsq.dll

2011-07-17 14:13 . 2011-04-21 14:17 695296 ----a-w- c:\windows\system32\drivers\bthport.sys

2011-07-17 14:13 . 2009-06-17 10:37 35328 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS

2011-07-17 13:50 . 2011-07-17 13:51 -------- d-----w- c:\program files (x86)\Windows Mail

2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\windows\SysWow64\ca-ES

2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\windows\SysWow64\eu-ES

2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\windows\SysWow64\vi-VN

2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\windows\system32\ca-ES

2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\windows\system32\eu-ES

2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\windows\system32\vi-VN

2011-07-17 13:45 . 2011-07-17 13:45 -------- d-----w- c:\windows\system32\SPReview

2011-07-17 13:32 . 2009-04-10 22:11 946688 ----a-w- c:\windows\system32\scavenge.dll

2011-07-17 13:32 . 2009-04-10 22:10 56320 ----a-w- c:\windows\system32\compcln.exe

2011-07-17 13:31 . 2009-04-28 11:14 3584 ----a-w- c:\windows\system32\drivers\nl-NL\hdaudbus.sys.mui

2011-07-17 13:31 . 2009-04-28 11:12 8704 ----a-w- c:\windows\system32\drivers\nl-NL\bthport.sys.mui

2011-07-17 13:27 . 2009-04-10 22:15 73176 ----a-w- c:\windows\system32\drivers\partmgr.sys

2011-07-17 13:26 . 2009-04-10 22:15 164328 ----a-w- c:\windows\system32\drivers\Storport.sys

2011-07-17 13:23 . 2011-07-17 13:23 -------- d-----w- c:\windows\system32\EventProviders

2011-07-17 12:19 . 2011-07-17 12:53 -------- d-----w- c:\users\Wil\AppData\Roaming\GetRightToGo

2011-07-17 12:12 . 2011-07-23 14:56 -------- d-sh--w- c:\windows\Installer

2011-07-16 21:32 . 2011-07-16 21:32 -------- d-----w- c:\users\Wil\AppData\Roaming\AnvSoft

2011-07-16 21:18 . 2011-07-16 21:18 -------- d-----w- c:\program files (x86)\OJOsoft

2011-07-16 21:07 . 2011-07-16 21:07 -------- d-----w- c:\program files (x86)\Common Files\Common Share

2011-07-16 21:07 . 2008-12-18 11:38 719872 ----a-w- c:\windows\SysWow64\devil.dll

2011-07-16 21:07 . 2009-09-27 07:39 369152 ----a-w- c:\windows\SysWow64\avisynth.dll

2011-07-15 04:29 . 2011-07-15 04:29 -------- d-----w- c:\windows\Installer orig in H gezet

2011-07-14 18:44 . 2011-07-14 18:44 -------- d-----r- C:\Sandbox

2011-07-13 10:52 . 2011-04-20 16:03 451072 ----a-w- c:\windows\system32\winsrv.dll

2011-07-13 10:52 . 2011-04-20 15:58 85504 ----a-w- c:\windows\system32\csrsrv.dll

2011-07-13 10:52 . 2011-06-02 13:50 2764288 ----a-w- c:\windows\system32\win32k.sys

2011-07-12 15:09 . 2011-07-12 15:09 -------- d-----w- c:\program files\Soluto

2011-07-09 17:18 . 2008-12-18 11:38 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2011-07-09 17:18 . 2008-12-18 11:38 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2011-07-09 17:18 . 2008-12-18 11:38 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll

2011-07-09 08:37 . 2011-07-09 08:37 -------- d-----w- c:\programdata\FirmTools

2011-07-09 07:53 . 2011-07-09 08:16 -------- d-----w- c:\users\Wil\AppData\Roaming\calibre

2011-07-09 07:52 . 2011-07-09 07:52 -------- d-----w- c:\program files (x86)\Calibre2

2011-07-09 07:44 . 2003-06-05 15:15 57436 ----a-w- c:\windows\DASShp.dll

2011-07-09 07:44 . 2003-05-22 22:15 217174 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ClearType\ctras.dll

2011-07-09 07:44 . 2000-10-05 13:55 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2011-07-09 07:44 . 2000-10-05 13:55 221184 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll

2011-07-09 07:44 . 2000-10-05 13:50 221184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2011-07-09 07:44 . 2000-10-05 13:49 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2011-07-09 07:44 . 2000-10-05 06:01 602244 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

2011-07-08 20:05 . 2011-07-08 20:06 -------- d-----w- c:\users\Wil\AppData\Roaming\MovieSpot

2011-07-08 08:53 . 2009-06-30 08:37 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys

2011-07-08 08:53 . 2011-07-08 08:53 -------- d-----w- c:\program files (x86)\Panda Security

2011-07-08 08:00 . 2011-07-08 08:00 -------- d-----w- c:\program files\Microsoft Synchronization Services

2011-07-08 08:00 . 2011-07-08 08:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2011-07-08 07:59 . 2011-07-08 07:59 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

2011-07-08 07:56 . 2011-07-08 08:00 -------- d-----w- c:\programdata\SpotGrit

2011-07-07 16:05 . 2011-07-07 16:05 8 ----a-w- c:\users\Wil\AppData\Roaming\rat.exe

2011-07-07 06:41 . 2011-07-07 06:41 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2011-07-05 11:30 . 2011-07-05 11:30 -------- d-----w- c:\programdata\TERMINAL Studio

2011-07-04 10:39 . 2011-07-04 10:39 -------- d-----w- c:\users\Wil\AppData\Roaming\GlarySoft

2011-07-04 08:55 . 2004-07-09 07:43 226304 ----a-w- c:\windows\system32\TwnLib4.dll

2011-07-04 08:55 . 2003-03-18 21:14 303616 ----a-w- c:\windows\system32\msvcp71.dll

2011-07-04 08:55 . 2003-03-18 19:12 451584 ----a-w- c:\windows\system32\mfc71u.dll

2011-07-04 08:55 . 2003-02-21 03:42 165888 ----a-w- c:\windows\system32\msvcr71.dll

2011-07-04 08:55 . 2004-07-26 15:16 928768 ----a-w- c:\windows\system32\imagX7.dll

2011-07-04 08:55 . 2004-07-26 15:16 476320 ----a-w- c:\windows\system32\imagXpr7.dll

2011-07-04 08:55 . 2004-07-26 15:16 364032 ----a-w- c:\windows\system32\imagXRA7.dll

2011-07-04 08:55 . 2004-07-26 15:16 224256 ----a-w- c:\windows\system32\imagXR7.dll

2011-07-04 08:55 . 2003-03-19 05:20 454144 ----a-w- c:\windows\system32\mfc71.dll

2011-07-02 19:18 . 2004-12-02 16:20 1843200 ----a-w- c:\windows\SysWow64\NCTAudioFile2.dll

2011-07-02 19:18 . 2004-12-02 16:11 315392 ----a-w- c:\windows\SysWow64\NCTAudioPlayer2.dll

2011-07-02 19:18 . 2004-05-20 13:24 196608 ----a-w- c:\windows\SysWow64\NCTWMAFile2.dll

2011-07-02 19:02 . 2011-07-02 19:03 -------- d-----w- c:\users\Wil\AppData\Roaming\MP3 Quality Modifier

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-17 14:35 . 2011-03-28 16:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-07-07 06:34 . 2011-05-22 19:03 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys

2011-06-30 06:41 . 2011-05-23 19:57 319488 ----a-w- c:\windows\HideWin.exe

2011-06-30 06:12 . 2009-02-07 02:17 525792 ----a-w- c:\windows\DIFxAPI.dll

2011-06-25 10:25 . 2011-05-20 17:54 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-24 17:14 . 2010-11-28 09:12 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-05-13 14:03 . 2011-05-13 14:03 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll

2011-05-13 13:42 . 2011-05-13 13:42 302448 ----a-w- c:\windows\WLXPGSS.SCR

2011-05-04 02:52 . 2011-01-07 13:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-05-02 17:16 . 2011-06-15 07:32 739328 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-05-02 17:13 . 2011-06-15 07:32 975360 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 13:41 . 2011-06-15 07:32 176128 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-29 13:40 . 2011-06-15 07:32 145920 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-29 13:39 . 2011-06-15 07:32 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-29 13:39 . 2011-06-15 07:32 135680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-29 13:39 . 2011-06-15 07:32 107008 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll

2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll

2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll

2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-07-24_11.08.46 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-10-24 20:48 . 2011-07-25 10:26 19672 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3516149696-3862806164-1056994232-1000_UserData.bin

- 2010-10-24 20:43 . 2011-07-24 10:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-10-24 20:43 . 2011-07-25 06:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-10-24 20:43 . 2011-07-25 06:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-10-24 20:43 . 2011-07-24 10:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-10-24 20:43 . 2011-07-24 10:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-10-24 20:43 . 2011-07-25 06:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2006-11-02 12:40 . 2011-07-25 04:40 51200 c:\windows\inf\infpub.dat

- 2006-11-02 12:40 . 2011-07-17 14:22 51200 c:\windows\inf\infpub.dat

+ 2008-01-21 02:23 . 2011-07-25 04:35 113242 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:45 . 2011-07-25 10:26 127502 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-01-21 08:09 . 2011-07-24 10:43 770668 c:\windows\system32\perfh013.dat

+ 2008-01-21 08:09 . 2011-07-25 04:43 770668 c:\windows\system32\perfh013.dat

+ 2006-11-02 12:46 . 2011-07-25 04:43 677268 c:\windows\system32\perfh009.dat

- 2006-11-02 12:46 . 2011-07-24 10:43 677268 c:\windows\system32\perfh009.dat

- 2008-01-21 08:09 . 2011-07-24 10:43 172824 c:\windows\system32\perfc013.dat

+ 2008-01-21 08:09 . 2011-07-25 04:43 172824 c:\windows\system32\perfc013.dat

+ 2006-11-02 12:46 . 2011-07-25 04:43 137012 c:\windows\system32\perfc009.dat

- 2006-11-02 12:46 . 2011-07-24 10:43 137012 c:\windows\system32\perfc009.dat

+ 2011-02-15 11:45 . 2011-07-25 10:21 491832 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-System.dat

- 2011-02-15 11:45 . 2011-07-24 10:35 491832 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-System.dat

- 2011-07-17 14:45 . 2011-07-24 10:35 474808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-07-17 14:45 . 2011-07-25 10:21 474808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-07-23 12:34 . 2011-07-23 12:34 809552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3516149696-3862806164-1056994232-500-12288.dat

+ 2011-07-23 12:34 . 2011-07-24 12:56 809552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3516149696-3862806164-1056994232-500-12288.dat

- 2006-11-02 12:40 . 2011-07-17 14:22 143360 c:\windows\inf\infstrng.dat

+ 2006-11-02 12:40 . 2011-07-25 04:40 143360 c:\windows\inf\infstrng.dat

+ 2006-11-02 12:40 . 2011-07-25 04:40 143360 c:\windows\inf\infstor.dat

- 2006-11-02 12:40 . 2011-07-17 14:22 143360 c:\windows\inf\infstor.dat

+ 2011-02-15 11:45 . 2011-07-25 10:21 1234953 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-S-1-5-21-3516149696-3862806164-1056994232-1000-8192.dat

- 2011-02-15 11:45 . 2011-07-24 10:35 1234953 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-S-1-5-21-3516149696-3862806164-1056994232-1000-8192.dat

+ 2011-07-17 14:45 . 2011-07-25 10:21 1085580 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3516149696-3862806164-1056994232-1000-8192.dat

- 2011-06-02 14:55 . 2011-07-24 10:35 10136392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-06-02 14:55 . 2011-07-25 10:21 10136392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-07-29 16:52 121392 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-24 68856]

"VistaStartMenu"="c:\program files (x86)\Vista Start Menu\VistaStartMenu.exe" [2008-04-26 2670296]

"RoboForm"="e:\program files (x86)\Roboform gegevens\RoboTaskBarIcon.exe" [2011-02-06 107000]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

"SandboxieControl"="i:\program files\Sandboxie\SbieCtrl.exe" [2011-06-17 604432]

"TomTomHOME.exe"="e:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]

"Network Drive Mapping Utility"="" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]

"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-25 64112]

"RemoteControl"="e:\program files (x86)\CyberLink\PowerDVD v7.3 ultra\PDVDServ.exe" [2007-03-14 71216]

"LanguageShortcut"="e:\program files (x86)\CyberLink\PowerDVD v7.3 ultra\Language\Language.exe" [2007-03-14 54832]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Ashampoo Core Tuner"="c:\program files (x86)\Ashampoo\Ashampoo Core Tuner\autostarter.exe" [2010-02-15 428376]

"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-13 5075776]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 135664]

R3 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]

R3 ALSysIO;ALSysIO;i:\temp\ALSysIO64.sys [x]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH6.sys [x]

R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776]

R3 esihdrv;esihdrv;i:\temp\esihdrv.sys [x]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 135664]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]

R3 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]

R3 PAC207;Trust Webcam Live;c:\windows\system32\DRIVERS\PFC027.SYS [x]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]

S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\DRIVERS\tdrpm255.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]

S1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files (x86)\HWiNFO32\HWiNFO64A.SYS [2010-09-29 28032]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]

S1 VD_FileDisk;VD_FileDisk; [x]

S2 acthelper;Ashampoo CoreTuner Helper Service;c:\program files (x86)\Ashampoo\Ashampoo Core Tuner\ACTHelperService.exe [2010-02-15 902488]

S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-10-25 2475952]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-04-09 731840]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]

S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-13 24576]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2011-07-07 376352]

S2 TomTomHOMEService;TomTomHOMEService;e:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]

S3 gwfilt64;gwfilt64;c:\windows\system32\drivers\gwfilt64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2011-07-25 c:\windows\Tasks\AutoSmartDefrag.job

- e:\program files (x86)\IObit SmartDefrag\IObit SmartDefrag.exe [2011-04-12 17:08]

.

2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 08:08]

.

2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 08:08]

.

2011-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3516149696-3862806164-1056994232-1000Core.job

- c:\users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-30 08:13]

.

2011-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3516149696-3862806164-1056994232-1000UA.job

- c:\users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-30 08:13]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-07-29 16:53 50736 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF23172.cfxxe" [X]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2692008]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2009-08-11 319488]

"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2009-08-11 323584]

"Ashampoo Core Tuner"="c:\program files (x86)\Ashampoo\Ashampoo Core Tuner\autostarter.exe" [2010-02-15 428376]

"eDataSecurity Loader"="c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe" [2008-07-29 561200]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-13 357304]

"Acronis Scheduler2Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-13 357304]

"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]

"Skytel"="Skytel.exe" [bU]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.nl/ig?brand=ACAW&bmod=ACEU

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp64&d=1010&m=aspire_m7720

mLocal Page = %SystemRoot%\system32\blank.htm

IE: Formulieren opslaan - file://e:\program files (x86)\Roboform gegevens\RoboFormComSavePass.html

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 192.168.1.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Wil\AppData\Roaming\Mozilla\Firefox\Profiles\hkipwinx.default\

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - h:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

WebBrowser-{F4E6547E-325B-403C-A3BB-AD29ED37A92F} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{B80F591E-FE9A-46CF-A13E-180377240586} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]

"ImagePath"="\??\e:\program files (x86)\CyberLink\PowerDVD v7.3 ultra\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG12.00.00.01PROFESSIONAL"="55BFD9D9AF33430ABFE97A81D71A337A8F5842EBE267943ADAB0864644CD1C41F72B73813215D6C80F544BAD199B902781E065DAF2FAFEBB9D0F8D91DCABC3F3231AAA5D85C3C05495BA36DBE73D3218663C0569DC532561619EE155716D33F5F845F3A79698148D54BF75F71F8F83323A17425607FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CA9C6AECB7A5D1407A6A0AC4980AC7933108C02E5AD7ADB82045EB23F1EE1F55BDEBE0B8826196CFACB74C6CA641AD6AE46ED7E8E49773FECA1A0063FE86E131D243CD6E1DD3790B82EA51099B833D3387BCE86F886616CCCE650622A6228FDEECB5DCEE296F07FB76804B526CE0CFA13DE3E8F5CDDEA67B53E50C1B30C290E6F997A0F5B7C648043B6FA94FE9D67A1D5485CD5A3AD9CB82B3416DF454CDC1A31F27FF4D09D045D9A790C4B67FA5CA310AD5FDA6EB6536DA9FAAD3F7A6E84033C64EA23FE6F1566F2B2493C552554E1C2AD10E2911E3C969E69B3A4242135278A1B4F7DD048B06DF30B5C1073BB0F3FE089CA7413EE5D486BF75C1946F4D7EE8B6BD531E8E245C83950033021429F2355A302DB2F948E9BE546EAE89A6128C222CB38AA9DDF9452D36F0A4D6F23ECF9FB083CABD5E079AD58943CA78CC1B88FA557469B77C1346B46FED8D825A9B032A7E10FB5A90B9F9D804A3EA73D52EB48E04C637BB3F00E738935660C3D86FA419B822B1282A9D410126FF18481387CE2140E0684C3B760D38A6DBEE0E64DAC9C11DE511E6C3CC02F3234EE98E0F6755770233B34CEC53CF5A72A829683777EC1358FD4F8A6A25EA779E8DF0898FA3AA49DB6A0CCAC2F87C7350D66B02BE17AAF2AD1A00824A4FDA8770480B61992FCCB3697E9D36C6B7CBC7BDE3275A6CAFEE98306B1F28D69C2E7AD9FA54C076EC8D24AB8DE944D54A84C370B41F0F4D73F784BB219253DFEA51D13F83538BAA678C35CB0D91DC62A6DEF972286714891C266FD7EFBCFC256728610F128ABC0B5BCAB643CCB3F829180264157830B88E4E2448C37156663C5C7E283918D99D8F81C1BCA37B5115C106C73CB0352154F21CE24DBCE2F21938699783F80083D79B3EDAA71A7B0EB67920F5B43A01EA9EA7B8A9F4658ADFC02B631100A0ECD92498BE0F02AB1676E69E699EB27D127285E8C6BD1178E84390DD5A8741D2AA75B260BF20E3B2299FC594292B1EC5743B460CE1C59104C3D59C74A70F7A6EBF51D1F21FAA0616619BAE7BAD13F7B9BD8B45A259CD9E59476A6795D4C6E490E2B20F9A020524B134F1374CB072CAE2AE4D56BD2BF7D420BDFAD1EBCD2B01A6C4BF02FBEE0C91A5EB5B31655B393D7B1F704E6002A6C43793F3D66F9719B230B71636A950DB4E6A25C10151B2D92B908B675"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

c:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

c:\windows\SysWOW64\IoctlSvc.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

e:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\windows\SysWOW64\vmnat.exe

c:\program files (x86)\VMware\VMware Player\vmware-authd.exe

c:\windows\SysWOW64\vmnetdhcp.exe

c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe

c:\program files (x86)\Ashampoo\Ashampoo Core Tuner\ct.exe

c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe

c:\program files\Linksys\Network Storage\Network Drive Mapping Utility.exe

c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files (x86)\northstar\smartcopy\smartcopy.exe

c:\program files (x86)\northstar\smartlauncher\smartlauncher.exe

.

**************************************************************************

.

Voltooingstijd: 2011-07-25 12:30:40 - machine werd herstart

ComboFix-quarantined-files.txt 2011-07-25 10:30

.

Pre-Run: 67.186.151.424 bytes beschikbaar

Post-Run: 66.429.501.440 bytes beschikbaar

.

- - End Of File - - DEBF4DCC1FA4AA2CEB5C3021281D6153

[videofan]

misschien een domme opmerking?

Ik moest van een collega het programma [msconfig] opstarten.

Dit herkent windows niet!

Overal gezocht! En gevonden in de map [C;/Windows/WINSXS].

Kan het vandaar uit wel opstarten en werkt ook.

Kan het niet zo zijn dat windows in de verkeerde map zoekt?

Domme vragen bestaan niet dus ik stel ze hier.

[kweezie wabbit]

Als C:/Windows/WINSXS de enige map is waar het bestand msconfig.exe gevonden werd; mag je het bestand kopieren naar de map C:\WINDOWS\system32\dllcache