Vraag & Antwoord

Beveiliging & privacy

Hijack log vanwege virus

7 antwoorden
  • Hallo, Mijn laptop krijgt elke keer als ik opstart deze foutmelding. Dit zou te maken hebben met ene Registery Cleaner. Iets waar ik niks vanaf weet. Ik vermoed dat het om een virus gaat. Als ik de foutmelding weg klik werkt het systeem verder prima. [img:177f80f9e0]http://img21.imageshack.us/img21/2122/naamloosem.png[/img:177f80f9e0] http://img21.imageshack.us/img21/2122/naamloosem.png [quote:177f80f9e0]Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:22:53, on 8-9-2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe C:\Windows\PLFSetI.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_5740&r=27360510l706l0438z145t5411d50p R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_5740&r=27360510l706l0438z145t5411d50p R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_5740&r=27360510l706l0438z145t5411d50p R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Productivity 2.2 - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files (x86)\Productivity_2.2\prxtbPro0.dll O3 - Toolbar: Productivity 2.2 Toolbar - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files (x86)\Productivity_2.2\prxtbPro0.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll O3 - Toolbar: Sopcast Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\Npm\Bin\Zanda.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13862 bytes[/quote:177f80f9e0]
  • Hoi Lorenzo, dat vraagt inderdaad om tegenaktie! [b:8ae0227900]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:8ae0227900] [color=#0000BF:8ae0227900][list:8ae0227900][*:8ae0227900]Lees alle instrukties goed door. [*:8ae0227900]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat serieuze problemen in Windows veroorzaken. [*:8ae0227900]Onthou je van het gebruik van tools cq. updates anders dan die ik jou adviseer te gebruiken. [*:8ae0227900]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken. [*:8ae0227900]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht. [*:8ae0227900]De fix, eenmaal gestart, moet afgewerkt worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:8ae0227900][/color:8ae0227900] [b:8ae0227900]Welk programma[/b:8ae0227900]: ComboFix [b:8ae0227900]Waarvoor/waarom[/b:8ae0227900]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:8ae0227900]Moeilijkheidsgraad[/b:8ae0227900]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:8ae0227900]Downloadlokatie[/b:8ae0227900]: Dit programma absoluut naar het bureaublad downloaden! [b:8ae0227900]Download ComboFix via één van deze locaties[/b:8ae0227900]: [list:8ae0227900][*:8ae0227900][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:8ae0227900]Bleepingcomputer[/b:8ae0227900][/url] [*:8ae0227900][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:8ae0227900]ForoSpyware[/b:8ae0227900][/url] [*:8ae0227900][url=http://subs.geekstogo.com/ComboFix.exe][b:8ae0227900]Geekstogo[/b:8ae0227900][/url][/list:u:8ae0227900] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:8ae0227900]Hier[/b:8ae0227900][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:8ae0227900]Hier[/b:8ae0227900][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:8ae0227900]hier[/b:8ae0227900][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:8ae0227900]Voor alle duidelijkheid nogmaals[/b:8ae0227900]: ComboFix dient vanaf het bureaublad gestart te worden. [b:8ae0227900]Opmerkingen[/b:8ae0227900]: [list:8ae0227900][*:8ae0227900] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:8ae0227900]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:8ae0227900]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:8ae0227900] [b:8ae0227900]ComboFix is opgestart[/b:8ae0227900]: [list:8ae0227900][*:8ae0227900]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:8ae0227900]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:8ae0227900]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:8ae0227900]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:8ae0227900]Post de inhoud van dit logbestand in je volgende bericht. [*:8ae0227900]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:8ae0227900] [b:8ae0227900]Belangrijke opmerking[/b:8ae0227900]: [list:8ae0227900][*:8ae0227900][b:8ae0227900][color=Red:8ae0227900]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:8ae0227900][/b:8ae0227900] [*:8ae0227900][b:8ae0227900][color=blue:8ae0227900]Illegal operation attempted on a registery key that has been marked for deletion.[/color:8ae0227900][/b:8ae0227900] [*:8ae0227900][b:8ae0227900][color=Red:8ae0227900]Start dan de computer opnieuw op.[/color:8ae0227900][/b:8ae0227900][/list:u:8ae0227900]
  • Bedankt voor de snelle reactie! Ik ga het vanavond uitvoeren.
  • [quote:4d0c0afa13]ComboFix 11-09-12.02 - Hetty 12-09-2011 18:38:46.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3956.2308 [GMT 2:00] Gestart vanuit: c:\users\Hetty\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\ClickPotatoLite c:\program files (x86)\ClickPotatoLite\bin\10.0.701.0\ClickPotatoLiteSAAX.dll c:\program files (x86)\ClickPotatoLite\bin\10.0.701.0\ClickPotatoLiteSACB.exe c:\program files (x86)\ClickPotatoLite\bin\10.0.701.0\copyright.txt c:\program files (x86)\ClickPotatoLite\bin\10.0.701.0\firefox\extensions\install.rdf c:\program files (x86)\ClickPotatoLite\bin\10.0.701.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll c:\program files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll c:\program files (x86)\ShoppingReport2 c:\program files (x86)\ShoppingReport2\Uninst.exe c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 c:\programdata\ClickPotatoLiteSA c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA.dat c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk . . (((((((((((((((((((( Bestanden Gemaakt van 2011-08-12 to 2011-09-12 )))))))))))))))))))))))))))))) . . 2011-09-12 16:44 . 2011-09-12 16:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-09-09 05:58 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BC00122-7F71-456F-9DDA-E27F11F8E634}\mpengine.dll 2011-09-08 11:19 . 2011-09-08 11:19 -------- d-----w- c:\program files (x86)\Trend Micro 2011-08-24 05:30 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-08-24 05:30 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-06 12:04 . 2011-08-06 12:04 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-07-25 20:11 . 2011-05-25 12:04 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-07-22 05:42 . 2011-08-10 22:04 2303488 ----a-w- c:\windows\system32\jscript9.dll 2011-07-22 05:36 . 2011-08-10 22:04 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-07-22 05:32 . 2011-08-10 22:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-22 02:54 . 2011-08-10 22:04 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-07-22 02:48 . 2011-08-10 22:04 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-07-22 02:44 . 2011-08-10 22:04 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-07-16 05:41 . 2011-08-10 08:02 362496 ----a-w- c:\windows\system32\wow64win.dll 2011-07-16 05:41 . 2011-08-10 08:02 243200 ----a-w- c:\windows\system32\wow64.dll 2011-07-16 05:41 . 2011-08-10 08:02 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2011-07-16 05:39 . 2011-08-10 08:02 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2011-07-16 05:37 . 2011-08-10 08:02 421888 ----a-w- c:\windows\system32\KernelBase.dll 2011-07-16 05:21 . 2011-08-10 08:02 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2011-07-16 04:29 . 2011-08-10 08:02 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2011-07-16 04:26 . 2011-08-10 08:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-16 04:25 . 2011-08-10 08:02 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2011-07-16 04:24 . 2011-08-10 08:02 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2011-07-16 04:24 . 2011-08-10 08:02 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll 2011-07-16 04:15 . 2011-08-10 08:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2011-07-16 02:21 . 2011-08-10 08:02 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2011-07-16 02:21 . 2011-08-10 08:02 2048 ----a-w- c:\windows\SysWow64\user.exe 2011-07-16 02:17 . 2011-08-10 08:02 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:17 . 2011-08-10 08:02 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:17 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:17 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-07-09 02:46 . 2011-08-10 08:02 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-07-04 11:43 . 2011-07-25 19:55 40112 ----a-w- c:\windows\avastSS.scr 2011-07-04 11:43 . 2011-07-25 19:55 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe 2011-07-04 11:43 . 2011-07-25 19:55 253888 ----a-w- c:\windows\system32\aswBoot.exe 2011-07-04 11:36 . 2011-07-25 19:55 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-07-04 11:36 . 2011-07-25 19:55 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-07-04 11:35 . 2011-07-25 19:55 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-07-04 11:32 . 2011-07-25 19:55 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-07-04 11:32 . 2011-07-25 19:55 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-07-04 11:32 . 2011-07-25 19:55 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-06-24 05:34 . 2011-08-10 08:02 214528 ----a-w- c:\windows\system32\winsrv.dll 2011-06-24 05:25 . 2011-08-10 08:02 338432 ----a-w- c:\windows\system32\conhost.exe 2011-06-23 05:43 . 2011-08-10 08:02 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-06-23 04:33 . 2011-08-10 08:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-06-23 04:33 . 2011-08-10 08:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-06-21 06:34 . 2011-08-10 08:02 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-15 10:02 . 2011-08-10 08:02 106496 ----a-w- c:\windows\system32\odbccu32.dll 2011-06-15 10:02 . 2011-08-10 08:02 106496 ----a-w- c:\windows\system32\odbccr32.dll 2011-06-15 10:02 . 2011-08-10 08:02 212992 ----a-w- c:\windows\system32\odbctrac.dll 2011-06-15 10:02 . 2011-08-10 08:02 163840 ----a-w- c:\windows\system32\odbccp32.dll 2011-06-15 08:55 . 2011-08-10 08:02 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll 2011-06-15 08:55 . 2011-08-10 08:02 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll 2011-06-15 08:55 . 2011-08-10 08:02 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll 2011-06-15 08:55 . 2011-08-10 08:02 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-03 09:16 175400 ------w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-09-28 21:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{e84cc2c1-b722-48fc-a39c-edb8b525c777}] 2011-01-03 09:16 175400 ----a-w- c:\program files (x86)\Productivity_2.2\prxtbPro0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{e84cc2c1-b722-48fc-a39c-edb8b525c777}"= "c:\program files (x86)\Productivity_2.2\prxtbPro0.dll" [2011-01-03 175400] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-03 175400] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712] . [HKEY_CLASSES_ROOT\clsid\{e84cc2c1-b722-48fc-a39c-edb8b525c777}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888] "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-10 98304] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736] "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112] "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-11-13 181480] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720] . c:\users\Wim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 136176] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 136176] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 20:05] . 2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 20:05] . 2011-09-12 c:\windows\Tasks\WinMaximizer-Hetty-Startup.job - c:\program files (x86)\WinMaximizer\WinMaximizer.exe [2011-07-18 14:21] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-02-25 200704] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.startpagina.nl/ mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_5740&r=27360510l706l0438z145t5411d50p mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Hetty\AppData\Roaming\Mozilla\Firefox\Profiles\g14umyw9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q= FF - prefs.js: browser.startup.homepage - hxxp://g.live.com/1rewlive4startup/home FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-Norman ZANDA - c:\program files\Norman\Npm\Bin\ZLH.EXE SafeBoot-mcmscsvc SafeBoot-MCODS Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{E84CC2C1-B722-48FC-A39C-EDB8B525C777} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe . ************************************************************************** . Voltooingstijd: 2011-09-12 18:51:25 - machine werd herstart ComboFix-quarantined-files.txt 2011-09-12 16:51 . Pre-Run: 307.535.298.560 bytes beschikbaar Post-Run: 307.549.167.616 bytes beschikbaar . - - End Of File - - D03592B3A256B860914F9A7B80ABB589 [/quote:4d0c0afa13]
  • Dat was de eerste run. Ben je die rare melding al kwijt? Je gaat nu het volgende doen: open een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:728e4a73be]Kladblok[/b:728e4a73be]". Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:728e4a73be][color=Blue:728e4a73be]Folder:: c:\program files (x86)\ConduitEngine c:\program files (x86)\Ask.com c:\program files (x86)\Productivity_2.2[/color:728e4a73be][/b:728e4a73be] Sla dit kladblokbestand op je bureaublad op als [b:728e4a73be]CFScript.txt[/b:728e4a73be]. [b:728e4a73be][color=Red:728e4a73be]Nu eerst de antivirus deaktiveren![/color:728e4a73be][/b:728e4a73be] Sleep CFScript.txt in ComboFix.exe [img:728e4a73be]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/img:728e4a73be] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix log dat na het opnieuw starten wordt getoond!
  • [quote:9ee346f153]ComboFix 11-09-16.01 - Hetty 16-09-2011 18:51:34.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3956.2607 [GMT 2:00] Gestart vanuit: c:\users\Hetty\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Hetty\Desktop\CFScript.txt AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Ask.com c:\program files (x86)\Ask.com\cb_5f20.ico c:\program files (x86)\Ask.com\cobrand.ico c:\program files (x86)\Ask.com\config.xml c:\program files (x86)\Ask.com\favicon.ico c:\program files (x86)\Ask.com\fv_5cfd.ico c:\program files (x86)\Ask.com\GenericAskToolbar.dll c:\program files (x86)\Ask.com\mupcfg.xml c:\program files (x86)\Ask.com\SaUpdate.exe c:\program files (x86)\Ask.com\UpdateTask.exe c:\program files (x86)\ConduitEngine c:\program files (x86)\ConduitEngine\~GLH000b.TMP c:\program files (x86)\ConduitEngine\appContextMenu.xml c:\program files (x86)\ConduitEngine\ConduitEngine.dll c:\program files (x86)\ConduitEngine\ConduitEngineHelper.exe c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe c:\program files (x86)\ConduitEngine\engineContextMenu.xml c:\program files (x86)\ConduitEngine\EngineSettings.json c:\program files (x86)\ConduitEngine\INSTALL.LOG c:\program files (x86)\ConduitEngine\prxConduitEngine.dll c:\program files (x86)\ConduitEngine\toolbar.cfg c:\program files (x86)\Productivity_2.2 c:\program files (x86)\Productivity_2.2\GottenAppsContextMenu.xml c:\program files (x86)\Productivity_2.2\OtherAppsContextMenu.xml c:\program files (x86)\Productivity_2.2\Productivity_2.2ToolbarHelper.exe c:\program files (x86)\Productivity_2.2\prxtbPro0.dll c:\program files (x86)\Productivity_2.2\prxtbProd.dll c:\program files (x86)\Productivity_2.2\SharedAppsContextMenu.xml c:\program files (x86)\Productivity_2.2\tbProd.dll c:\program files (x86)\Productivity_2.2\toolbar.cfg c:\program files (x86)\Productivity_2.2\ToolbarContextMenu.xml c:\program files (x86)\Productivity_2.2\uninstall.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-08-16 to 2011-09-16 )))))))))))))))))))))))))))))) . . 2011-09-16 16:58 . 2011-09-16 16:58 -------- d-----w- c:\users\Wim\AppData\Local\temp 2011-09-16 16:58 . 2011-09-16 16:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-09-16 06:17 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97DA81B1-8DFD-4F5A-8CEB-01ED722BE004}\mpengine.dll 2011-09-08 11:19 . 2011-09-08 11:19 -------- d-----w- c:\program files (x86)\Trend Micro 2011-08-24 05:30 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-08-24 05:30 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-06 20:45 . 2011-07-25 19:55 41184 ----a-w- c:\windows\avastSS.scr 2011-09-06 20:45 . 2011-07-25 19:55 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe 2011-09-06 20:45 . 2011-07-25 19:55 254400 ----a-w- c:\windows\system32\aswBoot.exe 2011-09-06 20:38 . 2011-07-25 19:55 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-06 20:38 . 2011-07-25 19:55 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-09-06 20:36 . 2011-07-25 19:55 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-09-06 20:36 . 2011-07-25 19:55 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-09-06 20:36 . 2011-07-25 19:55 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-09-06 20:36 . 2011-07-25 19:55 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-08-06 12:04 . 2011-08-06 12:04 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-07-25 20:11 . 2011-05-25 12:04 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-07-22 05:42 . 2011-08-10 22:04 2303488 ----a-w- c:\windows\system32\jscript9.dll 2011-07-22 05:36 . 2011-08-10 22:04 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-07-22 05:32 . 2011-08-10 22:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-22 02:54 . 2011-08-10 22:04 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-07-22 02:48 . 2011-08-10 22:04 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-07-22 02:44 . 2011-08-10 22:04 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-07-16 05:41 . 2011-08-10 08:02 362496 ----a-w- c:\windows\system32\wow64win.dll 2011-07-16 05:41 . 2011-08-10 08:02 243200 ----a-w- c:\windows\system32\wow64.dll 2011-07-16 05:41 . 2011-08-10 08:02 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2011-07-16 05:39 . 2011-08-10 08:02 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2011-07-16 05:37 . 2011-08-10 08:02 421888 ----a-w- c:\windows\system32\KernelBase.dll 2011-07-16 05:21 . 2011-08-10 08:02 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2011-07-16 04:29 . 2011-08-10 08:02 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2011-07-16 04:26 . 2011-08-10 08:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-16 04:25 . 2011-08-10 08:02 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2011-07-16 04:24 . 2011-08-10 08:02 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2011-07-16 04:24 . 2011-08-10 08:02 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll 2011-07-16 04:15 . 2011-08-10 08:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2011-07-16 02:21 . 2011-08-10 08:02 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2011-07-16 02:21 . 2011-08-10 08:02 2048 ----a-w- c:\windows\SysWow64\user.exe 2011-07-16 02:17 . 2011-08-10 08:02 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:17 . 2011-08-10 08:02 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:17 . 2011-08-10 08:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:17 . 2011-08-10 08:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-07-09 02:46 . 2011-08-10 08:02 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-24 05:34 . 2011-08-10 08:02 214528 ----a-w- c:\windows\system32\winsrv.dll 2011-06-24 05:25 . 2011-08-10 08:02 338432 ----a-w- c:\windows\system32\conhost.exe 2011-06-23 05:43 . 2011-08-10 08:02 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-06-23 04:33 . 2011-08-10 08:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-06-23 04:33 . 2011-08-10 08:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-06-21 06:34 . 2011-08-10 08:02 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((( SnapShot@2011-09-12_16.46.01 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2011-09-16 16:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-09-12 16:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-09-16 16:47 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-09-12 16:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-09-12 16:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-09-16 16:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-11-05 00:35 . 2011-09-16 17:02 58272 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-09-16 16:48 46476 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-05-28 17:27 . 2011-09-16 17:02 15046 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2828477609-592702333-4183062531-1003_UserData.bin + 2010-05-26 09:31 . 2011-09-16 05:16 10424 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2828477609-592702333-4183062531-1001_UserData.bin - 2010-05-27 01:25 . 2011-09-12 16:43 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-05-27 01:25 . 2011-09-13 19:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-05-27 01:25 . 2011-09-12 16:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-05-27 01:25 . 2011-09-13 19:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-09-12 16:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-09-13 19:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2011-09-16 13:44 93904 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2011-06-16 11:30 . 2011-06-16 11:30 49936 c:\windows\Installer\{95120000-00AF-0413-0000-0000000FF1CE}\ppvwicon.exe + 2011-09-16 07:52 . 2011-09-16 07:52 49936 c:\windows\Installer\{95120000-00AF-0413-0000-0000000FF1CE}\ppvwicon.exe + 2009-11-05 03:23 . 2011-09-16 07:52 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe - 2009-11-05 03:23 . 2011-06-16 11:30 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe + 2009-11-05 03:23 . 2011-09-16 07:52 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe - 2009-11-05 03:23 . 2011-06-16 11:30 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe + 2009-11-05 03:23 . 2011-09-16 07:52 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe - 2009-11-05 03:23 . 2011-06-16 11:30 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe - 2010-05-27 18:28 . 2011-08-10 22:12 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe + 2010-05-27 18:28 . 2011-09-16 07:52 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2010-05-27 18:28 . 2011-08-10 22:12 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2010-05-27 18:28 . 2011-09-16 07:52 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2010-05-27 18:28 . 2011-08-10 22:12 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2010-05-27 18:28 . 2011-09-16 07:52 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe - 2011-06-16 11:29 . 2011-06-16 11:29 35600 c:\windows\Installer\{90120000-0020-0413-0000-0000000FF1CE}\O12ConvIcon.exe + 2011-09-16 07:52 . 2011-09-16 07:52 35600 c:\windows\Installer\{90120000-0020-0413-0000-0000000FF1CE}\O12ConvIcon.exe + 2010-06-23 21:52 . 2011-09-12 16:54 3502 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2011-09-16 17:00 . 2011-09-16 17:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-09-12 16:45 . 2011-09-12 16:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-09-12 16:45 . 2011-09-12 16:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-09-16 17:00 . 2011-09-16 17:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-13 23:26 . 2009-07-14 01:15 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL + 2011-09-16 06:16 . 2011-07-27 04:27 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL + 2010-07-25 21:36 . 2011-09-15 09:47 240420 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2010-05-26 11:56 . 2011-09-16 14:38 274334 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2011-09-16 06:16 . 2011-07-27 05:33 546304 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL - 2009-07-13 23:40 . 2009-07-14 01:41 546304 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL + 2009-07-14 05:01 . 2011-09-16 17:00 393752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2011-09-12 16:44 393752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-11-05 03:23 . 2011-09-16 07:52 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe - 2009-11-05 03:23 . 2011-06-16 11:30 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe + 2009-11-05 03:23 . 2011-09-16 07:52 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe - 2009-11-05 03:23 . 2011-06-16 11:30 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe + 2009-11-05 03:23 . 2011-09-16 07:52 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe - 2009-11-05 03:23 . 2011-06-16 11:30 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe + 2009-11-05 03:23 . 2011-09-16 07:52 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe - 2009-11-05 03:23 . 2011-06-16 11:30 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe + 2010-05-27 18:28 . 2011-09-16 07:52 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2010-05-27 18:28 . 2011-08-10 22:12 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2010-05-27 18:28 . 2011-09-16 07:52 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2010-05-27 18:28 . 2011-08-10 22:12 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2010-05-27 18:28 . 2011-08-10 22:12 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2010-05-27 18:28 . 2011-09-16 07:52 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2010-05-27 18:28 . 2011-09-16 07:52 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2010-05-27 18:28 . 2011-08-10 22:12 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2010-05-27 18:28 . 2011-08-10 22:12 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2010-05-27 18:28 . 2011-09-16 07:52 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2010-05-27 18:28 . 2011-08-10 22:12 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2010-05-27 18:28 . 2011-09-16 07:52 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2010-05-27 18:28 . 2011-08-10 22:12 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2010-05-27 18:28 . 2011-09-16 07:52 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2011-01-14 05:10 . 2011-01-14 05:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL + 2011-01-14 05:10 . 2011-01-14 05:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL + 2009-07-14 04:45 . 2011-09-16 07:56 7162691 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2011-08-24 07:02 7162691 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2010-10-21 16:18 . 2011-09-16 17:00 7495435 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2828477609-592702333-4183062531-1003-8192.dat - 2011-05-25 21:07 . 2011-09-12 16:44 1011084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2828477609-592702333-4183062531-1003-12288.dat + 2011-05-25 21:07 . 2011-09-16 17:00 1011084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2828477609-592702333-4183062531-1003-12288.dat + 2010-10-21 16:18 . 2011-09-16 05:17 2906920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2828477609-592702333-4183062531-1001-8192.dat + 2011-08-10 15:43 . 2011-08-10 15:43 3795968 c:\windows\Installer\5b15d0.msp + 2011-09-06 19:46 . 2011-09-06 19:46 9006080 c:\windows\Installer\5b15b7.msp + 2011-06-21 09:59 . 2011-06-21 09:59 1764352 c:\windows\Installer\5b15a0.msp + 2011-08-24 04:37 . 2011-08-24 04:37 4985856 c:\windows\Installer\5b1588.msp + 2011-08-10 15:42 . 2011-08-10 15:42 7070208 c:\windows\Installer\5b155a.msp + 2011-07-21 10:34 . 2011-07-21 10:34 3456000 c:\windows\Installer\5b1544.msp + 2011-09-06 19:48 . 2011-09-06 19:48 8181248 c:\windows\Installer\5b1513.msp + 2011-07-27 05:39 . 2011-07-27 05:39 9892352 c:\windows\Installer\5b14c0.msp + 2011-09-07 23:36 . 2011-09-07 23:36 6069248 c:\windows\Installer\1c00a.msp - 2009-11-05 03:23 . 2011-06-16 11:30 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe + 2009-11-05 03:23 . 2011-09-16 07:52 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe - 2010-05-27 18:28 . 2011-08-10 22:12 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2010-05-27 18:28 . 2011-09-16 07:52 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2010-05-27 18:28 . 2011-09-16 07:52 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe - 2010-05-27 18:28 . 2011-08-10 22:12 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2011-01-14 05:10 . 2011-01-14 05:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL + 2011-01-14 05:10 . 2011-01-14 05:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL + 2011-01-14 05:10 . 2011-01-14 05:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL - 2009-07-14 02:34 . 2011-08-24 05:59 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:34 . 2011-09-16 07:52 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2010-05-26 10:52 . 2011-09-16 07:02 47946184 c:\windows\system32\MRT.exe + 2011-07-27 05:37 . 2011-07-27 05:37 11592192 c:\windows\Installer\5b150a.msp . -- Snapshot teruggezet naar huidige datum -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888] "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-10 98304] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736] "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112] "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-11-13 181480] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416] . c:\users\Wim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 136176] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 136176] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2011-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 20:05] . 2011-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 20:05] . 2011-09-16 c:\windows\Tasks\WinMaximizer-Hetty-Startup.job - c:\program files (x86)\WinMaximizer\WinMaximizer.exe [2011-07-18 14:21] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-02-25 200704] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.startpagina.nl/ mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_5740&r=27360510l706l0438z145t5411d50p mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Hetty\AppData\Roaming\Mozilla\Firefox\Profiles\g14umyw9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://g.live.com/1rewlive4startup/home FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF . - - - - ORPHANS VERWIJDERD - - - - . BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\prxConduitEngine.dll BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll BHO-{e84cc2c1-b722-48fc-a39c-edb8b525c777} - c:\program files (x86)\Productivity_2.2\prxtbPro0.dll Toolbar-Locked - (no file) Toolbar-{e84cc2c1-b722-48fc-a39c-edb8b525c777} - c:\program files (x86)\Productivity_2.2\prxtbPro0.dll Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\prxConduitEngine.dll Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{E84CC2C1-B722-48FC-A39C-EDB8B525C777} - (no file) AddRemove-conduitEngine - c:\progra~2\CONDUI~1\ConduitEngineUninstall.exe AddRemove-Productivity_2.2 Toolbar - c:\progra~2\PRODUC~1.2\UNINST~1.EXE . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe . ************************************************************************** . Voltooingstijd: 2011-09-16 19:06:36 - machine werd herstart ComboFix-quarantined-files.txt 2011-09-16 17:06 ComboFix2.txt 2011-09-12 16:51 . Pre-Run: 307.633.655.808 bytes beschikbaar Post-Run: 307.565.608.960 bytes beschikbaar . - - End Of File - - B2DB7ACA452620EA15CDBB4E8999729E [/quote:9ee346f153] Helaas is nog steeds die vervelende melding zichtbaar. Overigens wel bedankt voor je snelle reacties telkens! :D
  • Kijk nu eerst in "Configuratieschrm\[b:f759dcd407]Programma's en onderdelen[/b:f759dcd407]" en controleer of dat WinMaximizer daar staat vermeld. Zoja - dan deïnstalleren! En blijf in het vervolg ver van dit soort programma's. Er is nog geen registeropschoonprogramma gemaakt, dat Windows daadwerkelijk sneller maakt, meestal wordt Windows juist iets trager, vanwege fragmentering van het Windows register!

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.