Rundll32.exe

[kape]

Er zijn nog meer mogelijkheden, maar – bij wijze van proef – gaan we eerst die bewuste job van PC Unleashed even aanpakken :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\Tasks\PC Unleashed Registration3.job

c:\windows\SysWow64\ConduitEngine.tmp

c:\windows\system32\dlumd9.dll

c:\windows\system32\dlumd11.dll

c:\windows\system32\dlumd10.dll

c:\programfiles\BEARSHARE\MediaBar\Datamngr\x64\IEBHO.dll

Folder::

c:\program files (x86)\ConduitEngine

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[ceeszu]

Hier weer de Combofix van vanmorgen, zit toc ook nu weer aan 190 x Rundll32.exe.

ComboFix 11-10-18.01 - Cees 18-10-2011 12:19:53.3.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.4095.2072 [GMT 2:00]

Gestart vanuit: c:\users\Cees\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Cees\Desktop\CFScript.txt

AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\programfiles\BEARSHARE\MediaBar\Datamngr\x64\IEBHO.dll"

"c:\windows\system32\dlumd10.dll"

"c:\windows\system32\dlumd11.dll"

"c:\windows\system32\dlumd9.dll"

"c:\windows\SysWow64\ConduitEngine.tmp"

"c:\windows\Tasks\PC Unleashed Registration3.job"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\ConduitEngine

c:\program files (x86)\ConduitEngine\appContextMenu.xml

c:\program files (x86)\ConduitEngine\ConduitEngin.dll

c:\program files (x86)\ConduitEngine\ConduitEngineHelper.exe

c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe

c:\program files (x86)\ConduitEngine\engineContextMenu.xml

c:\program files (x86)\ConduitEngine\EngineSettings.json

c:\program files (x86)\ConduitEngine\ldrConduitEngin.dll

c:\program files (x86)\ConduitEngine\prxConduitEngin.dll

c:\program files (x86)\ConduitEngine\toolbar.cfg

c:\programdata\PCDr\5830\Downloads\0fc909b5-f105-4459-82f3-583c6ea5d734.dll

c:\programdata\PCDr\5830\Downloads\482517d4-aaa6-47f8-a7ad-de5cf6021ac2.dll

c:\programdata\PCDr\5830\Downloads\ca1d3e50-4692-4c3f-877c-4f9917ab37a5.dll

c:\programdata\PCDr\5830\Downloads\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-09-18 to 2011-10-18 ))))))))))))))))))))))))))))))

.

.

2011-10-18 10:55 . 2011-10-18 10:55 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FDB300A-AA53-46C3-8612-DE5AF5710DC7}\offreg.dll

2011-10-18 10:51 . 2011-10-18 10:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-10-18 10:51 . 2011-10-18 10:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-18 07:11 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FDB300A-AA53-46C3-8612-DE5AF5710DC7}\mpengine.dll

2011-10-17 11:48 . 2011-10-17 16:53 -------- d-----w- C:\Aanvraag activiteiten TOP

2011-10-17 08:20 . 2011-10-17 08:20 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp

2011-10-17 08:20 . 2011-10-17 08:20 -------- d-----w- c:\program files (x86)\SFT_Netherlands

2011-10-16 10:27 . 2011-10-16 10:27 -------- d-----w- c:\users\Cees\AppData\Roaming\Malwarebytes

2011-10-16 10:26 . 2011-10-16 10:26 -------- d-----w- c:\programdata\Malwarebytes

2011-10-16 10:26 . 2011-10-16 10:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-10-16 10:26 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files\iTunes

2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files (x86)\iTunes

2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files\iPod

2011-10-15 10:20 . 2011-10-15 10:20 -------- d-----w- c:\program files\Bonjour

2011-10-15 10:20 . 2011-10-15 10:20 -------- d-----w- c:\program files (x86)\Bonjour

2011-10-13 22:03 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys

2011-10-13 22:03 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 22:03 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 22:03 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2011-10-13 22:03 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax

2011-10-13 22:03 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-10-13 22:03 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-10-13 22:03 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 22:03 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-10-13 10:07 . 2011-10-13 10:07 388096 ----a-r- c:\users\Cees\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-10-13 10:07 . 2011-10-13 10:07 -------- d-----w- c:\program files (x86)\Trend Micro

2011-10-13 10:04 . 2011-10-13 10:15 -------- d-----w- C:\HiJack

2011-10-12 19:33 . 2011-10-12 19:33 -------- d-----w- c:\windows\Downloaded Program Files

2011-10-12 19:29 . 2011-10-12 19:30 -------- d-----w- C:\procexp

2011-10-12 13:53 . 2011-10-12 13:53 -------- d-----w- c:\programdata\Uniblue

2011-10-12 13:27 . 2011-10-12 13:27 -------- d-----w- c:\users\Cees\AppData\Roaming\TeamViewer

2011-10-12 13:25 . 2011-10-12 13:25 -------- d-----w- c:\program files (x86)\TeamViewer

2011-10-11 08:44 . 2011-10-18 11:10 -------- d-----w- c:\users\Cees\AppData\Local\Temp

2011-10-09 09:26 . 2011-10-09 09:26 -------- d-----w- c:\users\Cees\AppData\Roaming\OpenOffice.org

2011-10-09 09:24 . 2011-10-09 09:46 -------- d-----w- c:\program files (x86)\OpenOffice.org 3

2011-10-09 09:05 . 2011-10-09 09:05 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-10-07 09:42 . 2011-10-07 09:42 -------- d-----w- c:\windows\system32\Macromed

2011-10-06 14:08 . 2011-10-06 14:08 -------- d-----w- c:\program files\DisplayLink iPad Software

2011-10-06 12:31 . 2011-10-06 12:32 -------- d-----w- c:\program files\DisplayLink Graphics

2011-10-06 12:30 . 2011-10-06 12:31 -------- d-----w- c:\program files\DisplayLink Core Software

2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd9.dll

2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd11.dll

2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd10.dll

2011-10-06 11:33 . 2011-10-06 12:34 -------- d-----w- c:\users\Cees\AppData\Local\IM

2011-10-06 11:32 . 2011-10-06 11:41 -------- d-----w- c:\programdata\IM

2011-10-06 11:32 . 2011-10-06 11:32 -------- d-----w- c:\programdata\IncrediMail

2011-10-06 11:31 . 2011-10-06 11:38 -------- d-----w- c:\program files (x86)\DealPly

2011-10-06 11:31 . 2011-10-06 11:31 -------- d-----w- c:\program files (x86)\FoxTabMusicConverter

2011-10-04 06:47 . 2011-10-04 06:47 -------- d-----w- C:\TOP Algemeen

2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\users\Cees\AppData\Roaming\DriverCure

2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\users\Cees\AppData\Roaming\PC Unleashed Online

2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\program files (x86)\Common Files\PC Unleashed Online

2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\programdata\PC Unleashed Online

2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\program files (x86)\PC Unleashed Online

2011-09-30 07:05 . 2011-10-09 09:44 -------- d-----w- C:\TOP A1

2011-09-28 14:57 . 2011-09-28 14:57 -------- d-----w- c:\users\Cees\AppData\Local\G DATA

2011-09-28 14:55 . 2011-09-28 14:55 106488 ----a-w- c:\windows\system32\drivers\GRD.sys

2011-09-28 13:34 . 2011-09-28 13:34 58584 ----a-w- c:\windows\system32\drivers\PktIcpt.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-07 09:42 . 2011-09-07 09:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-28 13:32 . 2011-06-05 19:31 47320 ----a-w- c:\windows\system32\drivers\GDBehave.sys

2011-09-28 13:32 . 2011-06-05 19:30 102616 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys

2011-09-28 13:32 . 2011-06-05 19:30 63704 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys

2011-08-30 21:05 . 2011-08-30 21:05 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-30 21:05 . 2011-08-30 21:05 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-08-30 21:05 . 2011-08-30 21:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll

2011-08-30 21:05 . 2011-08-30 21:05 212840 ----a-w- c:\windows\system32\dnssdX.dll

2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-08-30 21:05 . 2011-08-30 21:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll

2011-08-30 21:05 . 2011-08-30 21:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll

2011-07-23 09:54 . 2011-07-23 09:54 53248 ----a-r- c:\users\Cees\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"DriverScanner"="c:\progra~2\Uniblue\DRIVER~1\launcher.exe" [2011-09-05 338296]

"SpeedUpMyPC"="c:\program files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" [2011-09-09 67960]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-02-16 112608]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"ISTray"="c:\program files (x86)\Spyware Doctor\pctsTray.exe" [2010-10-25 1287120]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 GFI_ReportCenter35;GFI ReportCenter 3.5;c:\program files (x86)\Common Files\GFI\ReportCenter\Framework v3.5\gfireporterservice.exe [2009-06-16 111912]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 135664]

R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 Common Toolkit Tools;Common Toolkit Tools;c:\program files (x86)\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe [2011-02-02 121480]

R3 DMRepairService;Performance Toolkit Disk Repair Service;c:\program files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2011-02-16 1034208]

R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2010-11-24 21712]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]

R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 135664]

R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]

R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-05-12 25072]

R3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2011-02-04 162328]

R3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [x]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]

R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-24 140672]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]

S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-04-10 9663848]

S2 DMDefragService;Performance Toolkit Disk Defrag Service;c:\program files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2011-02-16 1050592]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]

S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-02-16 632800]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]

S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]

S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files (x86)\Fighters\SPAMfighter\sfus.exe service [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]

S2 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe [2011-09-16 1302152]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Inhoud van de 'Gedeelde Taken' map

.

2011-10-03 c:\windows\Tasks\!.job

- c:\program files (x86)\Common Files\PC Unleashed Online\UUS3\Update3.exe [2011-09-06 18:27]

.

2011-10-03 c:\windows\Tasks\!PC Unleashed Defrag.job

- c:\program files (x86)\PC Unleashed Online\Suite\pcu.exe [2011-09-06 18:27]

.

2011-10-17 c:\windows\Tasks\!PC Unleashed Registration3.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

2011-10-03 c:\windows\Tasks\!PC Unleashed.job

- c:\program files (x86)\PC Unleashed Online\Suite\pcu.exe [2011-09-06 18:27]

.

2011-10-16 c:\windows\Tasks\!PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

2011-10-18 c:\windows\Tasks\DriverScanner.job

- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2011-10-12 14:20]

.

2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 20:33]

.

2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 20:33]

.

2011-10-18 c:\windows\Tasks\PC Unleashed Registration3.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

2011-10-17 c:\windows\Tasks\PTSchedule.job

- c:\program files (x86)\PC Tools Utilities\pt.exe [2011-06-06 07:02]

.

2011-10-18 c:\windows\Tasks\RegistryBooster.job

- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 13:29]

.

2011-10-18 c:\windows\Tasks\SpeedUpMyPC.job

- c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-10-12 07:23]

.

2011-10-18 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-20 8306208]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.kpnvandaag.nl/

uInternet Settings,ProxyOverride = *.local

IE: &Verzenden naar OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki...

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Cees\AppData\Roaming\Mozilla\Firefox\Profiles\qbpvl446.default\

FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/mb68?u=92823106547538112

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

AddRemove-conduitEngine - c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Fighters\SPAMfighter\sfus.exe

c:\program files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrvProxy.exe

c:\progra~2\Uniblue\DRIVER~1\driverscanner.exe

c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

.

**************************************************************************

.

Voltooingstijd: 2011-10-18 13:12:34 - machine werd herstart

ComboFix-quarantined-files.txt 2011-10-18 11:12

ComboFix2.txt 2011-10-17 15:26

ComboFix3.txt 2011-10-17 09:02

.

Pre-Run: 674.216.394.752 bytes beschikbaar

Post-Run: 673.752.104.960 bytes beschikbaar

.

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - EB39DB832310B4B8C8DC7121CF6ACBA5

[kape]

Ondanks het verwijderen van 1 job van PC Unleashed, heeft zich dat opnieuw volledig genesteld op je PC. Kan je dat programma - op één of andere manier - (tijdelijk) verwijderen of uninstallen ? Indien dat geen resultaat oplevert, kan je het daarna opnieuw installeren (al heb ik daar zo mijn twijfels over).

[ceeszu]

inmiddels alweer 140 processen met daaronder weer veeeel rundll32.exe. PC underleashed verwijderd van het systeem en zoveel mogelijk andere programma's niet laten starten, maar wellicht moet ik alle non microsoft pakketten verwijderen????

Hier weer het bestand:

ComboFix 11-10-18.02 - Cees 18-10-2011 17:22:42.4.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.4095.2175 [GMT 2:00]

Gestart vanuit: c:\users\Cees\Desktop\ComboFix.exe

AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-09-18 to 2011-10-18 ))))))))))))))))))))))))))))))

.

.

2011-10-18 15:56 . 2011-10-18 15:56 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FDB300A-AA53-46C3-8612-DE5AF5710DC7}\offreg.dll

2011-10-18 15:52 . 2011-10-18 15:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-10-18 15:52 . 2011-10-18 15:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-18 07:11 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FDB300A-AA53-46C3-8612-DE5AF5710DC7}\mpengine.dll

2011-10-17 11:48 . 2011-10-17 16:53 -------- d-----w- C:\Aanvraag activiteiten TOP

2011-10-17 08:20 . 2011-10-17 08:20 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp

2011-10-17 08:20 . 2011-10-17 08:20 -------- d-----w- c:\program files (x86)\SFT_Netherlands

2011-10-16 10:27 . 2011-10-16 10:27 -------- d-----w- c:\users\Cees\AppData\Roaming\Malwarebytes

2011-10-16 10:26 . 2011-10-16 10:26 -------- d-----w- c:\programdata\Malwarebytes

2011-10-16 10:26 . 2011-10-16 10:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-10-16 10:26 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files\iTunes

2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files (x86)\iTunes

2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files\iPod

2011-10-15 10:20 . 2011-10-15 10:20 -------- d-----w- c:\program files\Bonjour

2011-10-15 10:20 . 2011-10-15 10:20 -------- d-----w- c:\program files (x86)\Bonjour

2011-10-13 22:03 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys

2011-10-13 22:03 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 22:03 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 22:03 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2011-10-13 22:03 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax

2011-10-13 22:03 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-10-13 22:03 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-10-13 22:03 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 22:03 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-10-13 10:07 . 2011-10-13 10:07 388096 ----a-r- c:\users\Cees\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-10-13 10:07 . 2011-10-13 10:07 -------- d-----w- c:\program files (x86)\Trend Micro

2011-10-13 10:04 . 2011-10-13 10:15 -------- d-----w- C:\HiJack

2011-10-12 19:33 . 2011-10-12 19:33 -------- d-----w- c:\windows\Downloaded Program Files

2011-10-12 19:29 . 2011-10-12 19:30 -------- d-----w- C:\procexp

2011-10-12 13:53 . 2011-10-12 13:53 -------- d-----w- c:\programdata\Uniblue

2011-10-12 13:27 . 2011-10-12 13:27 -------- d-----w- c:\users\Cees\AppData\Roaming\TeamViewer

2011-10-12 13:25 . 2011-10-12 13:25 -------- d-----w- c:\program files (x86)\TeamViewer

2011-10-11 08:44 . 2011-10-18 16:13 -------- d-----w- c:\users\Cees\AppData\Local\Temp

2011-10-09 09:26 . 2011-10-09 09:26 -------- d-----w- c:\users\Cees\AppData\Roaming\OpenOffice.org

2011-10-09 09:24 . 2011-10-09 09:46 -------- d-----w- c:\program files (x86)\OpenOffice.org 3

2011-10-09 09:05 . 2011-10-09 09:05 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-10-07 09:42 . 2011-10-07 09:42 -------- d-----w- c:\windows\system32\Macromed

2011-10-06 14:08 . 2011-10-06 14:08 -------- d-----w- c:\program files\DisplayLink iPad Software

2011-10-06 12:31 . 2011-10-06 12:32 -------- d-----w- c:\program files\DisplayLink Graphics

2011-10-06 12:30 . 2011-10-06 12:31 -------- d-----w- c:\program files\DisplayLink Core Software

2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd9.dll

2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd11.dll

2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd10.dll

2011-10-06 11:33 . 2011-10-06 12:34 -------- d-----w- c:\users\Cees\AppData\Local\IM

2011-10-06 11:32 . 2011-10-06 11:41 -------- d-----w- c:\programdata\IM

2011-10-06 11:32 . 2011-10-06 11:32 -------- d-----w- c:\programdata\IncrediMail

2011-10-06 11:31 . 2011-10-06 11:38 -------- d-----w- c:\program files (x86)\DealPly

2011-10-06 11:31 . 2011-10-06 11:31 -------- d-----w- c:\program files (x86)\FoxTabMusicConverter

2011-10-04 06:47 . 2011-10-04 06:47 -------- d-----w- C:\TOP Algemeen

2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\users\Cees\AppData\Roaming\DriverCure

2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\users\Cees\AppData\Roaming\PC Unleashed Online

2011-10-03 11:47 . 2011-10-18 14:33 -------- d-----w- c:\programdata\PC Unleashed Online

2011-09-30 07:05 . 2011-10-09 09:44 -------- d-----w- C:\TOP A1

2011-09-28 14:57 . 2011-09-28 14:57 -------- d-----w- c:\users\Cees\AppData\Local\G DATA

2011-09-28 14:55 . 2011-09-28 14:55 106488 ----a-w- c:\windows\system32\drivers\GRD.sys

2011-09-28 13:34 . 2011-09-28 13:34 58584 ----a-w- c:\windows\system32\drivers\PktIcpt.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-07 09:42 . 2011-09-07 09:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-28 13:32 . 2011-06-05 19:31 47320 ----a-w- c:\windows\system32\drivers\GDBehave.sys

2011-09-28 13:32 . 2011-06-05 19:30 102616 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys

2011-09-28 13:32 . 2011-06-05 19:30 63704 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys

2011-08-30 21:05 . 2011-08-30 21:05 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-30 21:05 . 2011-08-30 21:05 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-08-30 21:05 . 2011-08-30 21:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll

2011-08-30 21:05 . 2011-08-30 21:05 212840 ----a-w- c:\windows\system32\dnssdX.dll

2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-08-30 21:05 . 2011-08-30 21:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll

2011-08-30 21:05 . 2011-08-30 21:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll

2011-07-23 09:54 . 2011-07-23 09:54 53248 ----a-r- c:\users\Cees\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-18_11.10.12 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2011-10-18 10:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-10-18 14:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-10-18 10:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-10-18 14:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-09-27 14:29 . 2011-10-18 15:03 83864 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-10-18 15:03 33942 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-09-27 20:39 . 2011-10-18 15:03 24672 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2398009579-1224830499-2648912689-1000_UserData.bin

+ 2011-10-18 15:54 . 2011-10-18 15:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-10-18 10:52 . 2011-10-18 10:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-10-18 15:54 . 2011-10-18 15:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-10-18 10:52 . 2011-10-18 10:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 04:54 . 2011-10-18 14:41 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-10-18 10:52 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-09-28 07:08 . 2011-10-18 15:52 890736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2010-09-28 07:08 . 2011-10-18 10:51 890736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-07-14 05:01 . 2011-10-18 15:52 432436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-10-18 10:51 432436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-11-09 09:45 . 2011-10-18 15:52 15563960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2398009579-1224830499-2648912689-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"DriverScanner"="c:\progra~2\Uniblue\DRIVER~1\launcher.exe" [2011-09-05 338296]

"SpeedUpMyPC"="c:\program files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" [2011-09-09 67960]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"ISTray"="c:\program files (x86)\Spyware Doctor\pctsTray.exe" [2010-10-25 1287120]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 GFI_ReportCenter35;GFI ReportCenter 3.5;c:\program files (x86)\Common Files\GFI\ReportCenter\Framework v3.5\gfireporterservice.exe [2009-06-16 111912]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 135664]

R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 DMRepairService;Performance Toolkit Disk Repair Service;c:\program files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2011-02-16 1034208]

R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2010-11-24 21712]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]

R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 135664]

R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]

R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-05-12 25072]

R3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2011-02-04 162328]

R3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [x]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]

R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 Common Toolkit Tools;Common Toolkit Tools;c:\program files (x86)\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe [2011-02-02 121480]

R4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files (x86)\Fighters\SPAMfighter\sfus.exe service [x]

R4 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe [2011-09-16 1302152]

R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-24 140672]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]

S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-04-10 9663848]

S2 DMDefragService;Performance Toolkit Disk Defrag Service;c:\program files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2011-02-16 1050592]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]

S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-02-16 632800]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]

S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Inhoud van de 'Gedeelde Taken' map

.

2011-10-17 c:\windows\Tasks\!PC Unleashed Registration3.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

2011-10-16 c:\windows\Tasks\!PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

2011-10-18 c:\windows\Tasks\DriverScanner.job

- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2011-10-12 14:20]

.

2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 20:33]

.

2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 20:33]

.

2011-10-17 c:\windows\Tasks\PTSchedule.job

- c:\program files (x86)\PC Tools Utilities\pt.exe [2011-06-06 07:02]

.

2011-10-18 c:\windows\Tasks\RegistryBooster.job

- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 13:29]

.

2011-10-18 c:\windows\Tasks\SpeedUpMyPC.job

- c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-10-12 07:23]

.

2011-10-18 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-20 8306208]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.kpnvandaag.nl/

uInternet Settings,ProxyOverride = *.local

IE: &Verzenden naar OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki...

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Cees\AppData\Roaming\Mozilla\Firefox\Profiles\qbpvl446.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3031769&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - SFT_Netherlands Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3031769&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=IMH&o=2420&locale=nl_NL&apn_uid=45c5971b-ca01-439c-8931-de6650852d1b&apn_ptnrs=^A31&apn_sauid=B2FE4502-421E-4AB8-BF1A-1D77593E86B4&apn_dtid=^YYYYYY^YY^NL&atb=sysid%3D1%3Aappid%3D315%3Auc76012506&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrvProxy.exe

c:\progra~2\Uniblue\DRIVER~1\driverscanner.exe

c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

.

**************************************************************************

.

Voltooingstijd: 2011-10-18 18:15:49 - machine werd herstart

ComboFix-quarantined-files.txt 2011-10-18 16:15

ComboFix2.txt 2011-10-18 11:12

ComboFix3.txt 2011-10-17 15:26

ComboFix4.txt 2011-10-17 09:02

.

Pre-Run: 672.947.888.128 bytes beschikbaar

Post-Run: 672.773.271.552 bytes beschikbaar

.

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - E0B2FAF39A49866F7524F0AD32BF5524

[kape]

Niet alles van PC Unleashed is verdwenen ... er er komt nog niet ongewenst spul opdagen.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\SysWow64\ConduitEngine.tmp

c:\windows\Tasks\!PC Unleashed Registration3.job

c:\windows\Tasks\!PCDoctorBackgroundMonitorTask.job

Folder::

c:\users\Cees\AppData\Roaming\PC Unleashed Online

c:\programdata\PC Unleashed Online

c:\program files (x86)\SFT_Netherlands

Firefox::

FF - ProfilePath - c:\users\Cees\AppData\Roaming\Mozilla\Firefox\Profiles\qbpvl446.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[ceeszu]

Tot op heden meer dan 150 processen en zeker zo'n, even tellen, 92 rndll32.exe processen.................

hier het log bestand:

ComboFix 11-10-19.03 - Cees 19-10-2011 16:53:11.5.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.4095.2036 [GMT 2:00]

Gestart vanuit: c:\users\Cees\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Cees\Desktop\CFScript.txt

AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\SysWow64\ConduitEngine.tmp"

"c:\windows\Tasks\!PC Unleashed Registration3.job"

"c:\windows\Tasks\!PCDoctorBackgroundMonitorTask.job"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\SFT_Netherlands

c:\program files (x86)\SFT_Netherlands\GottenAppsContextMenu.xml

c:\program files (x86)\SFT_Netherlands\ldrtbSFT_.dll

c:\program files (x86)\SFT_Netherlands\OtherAppsContextMenu.xml

c:\program files (x86)\SFT_Netherlands\prxtbSFT_.dll

c:\program files (x86)\SFT_Netherlands\SFT_NetherlandsToolbarHelper.exe

c:\program files (x86)\SFT_Netherlands\SharedAppsContextMenu.xml

c:\program files (x86)\SFT_Netherlands\tbSFT_.dll

c:\program files (x86)\SFT_Netherlands\toolbar.cfg

c:\program files (x86)\SFT_Netherlands\ToolbarContextMenu.xml

c:\program files (x86)\SFT_Netherlands\uninstall.exe

c:\programdata\PC Unleashed Online

c:\users\Cees\AppData\Roaming\PC Unleashed Online

c:\users\Cees\AppData\Roaming\PC Unleashed Online\PC Unleashed\Client.txt

c:\users\Cees\AppData\Roaming\PC Unleashed Online\PC Unleashed\Server.txt

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-09-19 to 2011-10-19 ))))))))))))))))))))))))))))))

.

.

2011-10-19 15:37 . 2011-10-19 15:37 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FDB300A-AA53-46C3-8612-DE5AF5710DC7}\offreg.dll

2011-10-19 15:32 . 2011-10-19 15:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-10-19 15:32 . 2011-10-19 15:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-18 07:11 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FDB300A-AA53-46C3-8612-DE5AF5710DC7}\mpengine.dll

2011-10-17 11:48 . 2011-10-17 16:53 -------- d-----w- C:\Aanvraag activiteiten TOP

2011-10-17 08:20 . 2011-10-17 08:20 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp

2011-10-16 10:27 . 2011-10-16 10:27 -------- d-----w- c:\users\Cees\AppData\Roaming\Malwarebytes

2011-10-16 10:26 . 2011-10-16 10:26 -------- d-----w- c:\programdata\Malwarebytes

2011-10-16 10:26 . 2011-10-16 10:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-10-16 10:26 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files\iTunes

2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files (x86)\iTunes

2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files\iPod

2011-10-15 10:20 . 2011-10-15 10:20 -------- d-----w- c:\program files\Bonjour

2011-10-15 10:20 . 2011-10-15 10:20 -------- d-----w- c:\program files (x86)\Bonjour

2011-10-13 22:03 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys

2011-10-13 22:03 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 22:03 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 22:03 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2011-10-13 22:03 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax

2011-10-13 22:03 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-10-13 22:03 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-10-13 22:03 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 22:03 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-10-13 10:07 . 2011-10-13 10:07 388096 ----a-r- c:\users\Cees\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-10-13 10:07 . 2011-10-13 10:07 -------- d-----w- c:\program files (x86)\Trend Micro

2011-10-13 10:04 . 2011-10-13 10:15 -------- d-----w- C:\HiJack

2011-10-12 19:33 . 2011-10-12 19:33 -------- d-----w- c:\windows\Downloaded Program Files

2011-10-12 19:29 . 2011-10-12 19:30 -------- d-----w- C:\procexp

2011-10-12 13:53 . 2011-10-12 13:53 -------- d-----w- c:\programdata\Uniblue

2011-10-12 13:27 . 2011-10-12 13:27 -------- d-----w- c:\users\Cees\AppData\Roaming\TeamViewer

2011-10-12 13:25 . 2011-10-12 13:25 -------- d-----w- c:\program files (x86)\TeamViewer

2011-10-11 08:44 . 2011-10-19 16:43 -------- d-----w- c:\users\Cees\AppData\Local\Temp

2011-10-09 09:26 . 2011-10-09 09:26 -------- d-----w- c:\users\Cees\AppData\Roaming\OpenOffice.org

2011-10-09 09:24 . 2011-10-09 09:46 -------- d-----w- c:\program files (x86)\OpenOffice.org 3

2011-10-09 09:05 . 2011-10-09 09:05 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-10-07 09:42 . 2011-10-07 09:42 -------- d-----w- c:\windows\system32\Macromed

2011-10-06 14:08 . 2011-10-06 14:08 -------- d-----w- c:\program files\DisplayLink iPad Software

2011-10-06 12:31 . 2011-10-06 12:32 -------- d-----w- c:\program files\DisplayLink Graphics

2011-10-06 12:30 . 2011-10-06 12:31 -------- d-----w- c:\program files\DisplayLink Core Software

2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd9.dll

2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd11.dll

2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd10.dll

2011-10-06 11:33 . 2011-10-06 12:34 -------- d-----w- c:\users\Cees\AppData\Local\IM

2011-10-06 11:32 . 2011-10-06 11:41 -------- d-----w- c:\programdata\IM

2011-10-06 11:32 . 2011-10-06 11:32 -------- d-----w- c:\programdata\IncrediMail

2011-10-06 11:31 . 2011-10-06 11:38 -------- d-----w- c:\program files (x86)\DealPly

2011-10-06 11:31 . 2011-10-06 11:31 -------- d-----w- c:\program files (x86)\FoxTabMusicConverter

2011-10-04 06:47 . 2011-10-04 06:47 -------- d-----w- C:\TOP Algemeen

2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\users\Cees\AppData\Roaming\DriverCure

2011-09-30 07:05 . 2011-10-09 09:44 -------- d-----w- C:\TOP A1

2011-09-28 14:57 . 2011-09-28 14:57 -------- d-----w- c:\users\Cees\AppData\Local\G DATA

2011-09-28 14:55 . 2011-09-28 14:55 106488 ----a-w- c:\windows\system32\drivers\GRD.sys

2011-09-28 13:34 . 2011-09-28 13:34 58584 ----a-w- c:\windows\system32\drivers\PktIcpt.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-07 09:42 . 2011-09-07 09:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-28 13:32 . 2011-06-05 19:31 47320 ----a-w- c:\windows\system32\drivers\GDBehave.sys

2011-09-28 13:32 . 2011-06-05 19:30 102616 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys

2011-09-28 13:32 . 2011-06-05 19:30 63704 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys

2011-08-30 21:05 . 2011-08-30 21:05 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-30 21:05 . 2011-08-30 21:05 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-08-30 21:05 . 2011-08-30 21:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll

2011-08-30 21:05 . 2011-08-30 21:05 212840 ----a-w- c:\windows\system32\dnssdX.dll

2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-08-30 21:05 . 2011-08-30 21:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll

2011-08-30 21:05 . 2011-08-30 21:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll

2011-07-23 09:54 . 2011-07-23 09:54 53248 ----a-r- c:\users\Cees\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-18_11.10.12 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2011-10-18 10:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-10-18 14:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-10-18 10:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-10-18 14:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-09-27 14:29 . 2011-10-18 16:14 84140 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-10-19 14:38 33942 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-09-27 20:39 . 2011-10-19 14:38 24704 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2398009579-1224830499-2648912689-1000_UserData.bin

+ 2010-09-27 12:23 . 2011-10-18 17:25 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-09-27 12:23 . 2011-10-18 07:10 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-09-27 12:23 . 2011-10-18 17:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-09-27 12:23 . 2011-10-18 07:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-10-18 17:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-10-18 07:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-10-18 10:52 . 2011-10-18 10:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-10-19 15:35 . 2011-10-19 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-10-19 15:35 . 2011-10-19 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-10-18 10:52 . 2011-10-18 10:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 04:54 . 2011-10-18 10:52 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-10-18 14:41 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-09-27 19:29 . 2011-10-18 22:34 334272 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

+ 2009-07-14 09:16 . 2011-10-18 17:14 704504 c:\windows\system32\perfh013.dat

+ 2009-07-14 02:36 . 2011-10-18 17:14 618936 c:\windows\system32\perfh009.dat

+ 2009-07-14 09:16 . 2011-10-18 17:14 134626 c:\windows\system32\perfc013.dat

+ 2009-07-14 02:36 . 2011-10-18 17:14 107256 c:\windows\system32\perfc009.dat

- 2010-09-28 07:08 . 2011-10-18 10:51 890736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2010-09-28 07:08 . 2011-10-19 15:33 890736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-07-14 05:01 . 2011-10-19 15:33 432436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-10-18 10:51 432436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-11-09 09:45 . 2011-10-19 15:33 15723553 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2398009579-1224830499-2648912689-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"DriverScanner"="c:\progra~2\Uniblue\DRIVER~1\launcher.exe" [2011-09-05 338296]

"SpeedUpMyPC"="c:\program files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" [2011-09-09 67960]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"ISTray"="c:\program files (x86)\Spyware Doctor\pctsTray.exe" [2010-10-25 1287120]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 GFI_ReportCenter35;GFI ReportCenter 3.5;c:\program files (x86)\Common Files\GFI\ReportCenter\Framework v3.5\gfireporterservice.exe [2009-06-16 111912]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 135664]

R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 DMRepairService;Performance Toolkit Disk Repair Service;c:\program files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2011-02-16 1034208]

R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2010-11-24 21712]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]

R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 135664]

R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]

R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-05-12 25072]

R3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2011-02-04 162328]

R3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [x]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]

R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 Common Toolkit Tools;Common Toolkit Tools;c:\program files (x86)\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe [2011-02-02 121480]

R4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files (x86)\Fighters\SPAMfighter\sfus.exe service [x]

R4 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe [2011-09-16 1302152]

R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-24 140672]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]

S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-04-10 9663848]

S2 DMDefragService;Performance Toolkit Disk Defrag Service;c:\program files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2011-02-16 1050592]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]

S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-02-16 632800]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]

S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Inhoud van de 'Gedeelde Taken' map

.

2011-10-17 c:\windows\Tasks\!PC Unleashed Registration3.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

2011-10-16 c:\windows\Tasks\!PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

2011-10-19 c:\windows\Tasks\DriverScanner.job

- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2011-10-12 14:20]

.

2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 20:33]

.

2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 20:33]

.

2011-10-18 c:\windows\Tasks\PTSchedule.job

- c:\program files (x86)\PC Tools Utilities\pt.exe [2011-06-06 07:02]

.

2011-10-19 c:\windows\Tasks\RegistryBooster.job

- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 13:29]

.

2011-10-19 c:\windows\Tasks\SpeedUpMyPC.job

- c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-10-12 07:23]

.

2011-10-19 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-20 8306208]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.kpnvandaag.nl/

uInternet Settings,ProxyOverride = *.local

IE: &Verzenden naar OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki...

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Cees\AppData\Roaming\Mozilla\Firefox\Profiles\qbpvl446.default\

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=IMH&o=2420&locale=nl_NL&apn_uid=45c5971b-ca01-439c-8931-de6650852d1b&apn_ptnrs=^A31&apn_sauid=B2FE4502-421E-4AB8-BF1A-1D77593E86B4&apn_dtid=^YYYYYY^YY^NL&atb=sysid%3D1%3Aappid%3D315%3Auc76012506&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

AddRemove-SFT_Netherlands Toolbar - c:\program files (x86)\SFT_Netherlands\uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrvProxy.exe

c:\progra~2\Uniblue\DRIVER~1\driverscanner.exe

c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

.

**************************************************************************

.

Voltooingstijd: 2011-10-19 18:46:01 - machine werd herstart

ComboFix-quarantined-files.txt 2011-10-19 16:46

ComboFix2.txt 2011-10-18 16:15

ComboFix3.txt 2011-10-18 11:12

ComboFix4.txt 2011-10-17 15:26

ComboFix5.txt 2011-10-19 14:52

.

Pre-Run: 673.828.417.536 bytes beschikbaar

Post-Run: 673.471.614.976 bytes beschikbaar

.

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 79E6ED36CB8410C8090C6B1139AA3BA3

[kape]

Ondanks alle pogingen om de geplande taken te blokkeren, blijven deze maar opduiken. Om (mogelijk) een definitief einde te stellen aan dit verschijnsel, zou je deze map eens volledig moeten leegmaken : c:\windows\Tasks. Dit betekent dat je alle - terechte of ten onrechte - geplande taken hieronder :

2011-10-17 c:\windows\Tasks\!PC Unleashed Registration3.job

2011-10-16 c:\windows\Tasks\!PCDoctorBackgroundMonitorTask.job

2011-10-19 c:\windows\Tasks\DriverScanner.job

2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2011-10-18 c:\windows\Tasks\PTSchedule.job

2011-10-19 c:\windows\Tasks\RegistryBooster.job

2011-10-19 c:\windows\Tasks\SpeedUpMyPC.job

2011-10-19 c:\windows\Tasks\SystemToolsDailyTest.job

die bijna dagelijks uitgevoerd worden, tijdelijk uitschakelt. En dan bekijken wat er gaat gebeuren.