Vraag & Antwoord
Kan iemand mijn Hijacklog bekijken s.v.p.?
19 antwoorden
- Hallo Abraham54,
Hartelijk dank voor je uitvoerige antwoord/hulp. Ik gebruikte Emisoft vroeger altijd alleen om af en toe eens een scan te doen. Van de week een update en die heeft er direct een actieve beveiliger van gemaakt. Ik heb alles direct uitgezet. Voor wat betreft Malware Antybites, die gebruikte ik vroeger ook alleen om af en toe te scannen maar ik kreeg hem gratis en had die inderdaad altijd actief op de achtergrond. Ik had geen idee dat dit Norton in de weg kon zitten. Ook die heb ik nu niet meer actief en gebruik ik af en toe voor een scan.
Verder heb ik alles gedaan wat je voorstelde. Ik kreeg alleen bij je link voor AdwCleaner een popup van Microsoft die mij niet toestond het te downloaden. Toen maar even op Google gezocht en gedownload. Ook bij dit prog kreeg ik een log:
AdwCleaner v2.005 - Verslag gemaakt op 23/10/2012 om 19:37:06
# Geactualiseerd op 14/10/2012 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruiker : Ruurd - RUURD-PC
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\Ruurd\Desktop\AdwCleaner.exe
# Optie [Verwijderen]
***** [Diensten] *****
***** [Files / Mappen] *****
Map Verwijdert : C:\Program Files (x86)\Smartdl
***** [Register] *****
Sleutel Verwijdert : HKCU\Software\Softonic
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
***** [Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Het register bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner[S1].txt - [1039 octets] - [23/10/2012 19:37:06]
########## EOF - C:\AdwCleaner[S1].txt - [1099 octets] ##########
Toen, zoals je voorstelde HitmanPro gedraaid. Die vond alleen cookies. Zie log:
code]
HitmanPro 3.6.2.171
www.hitmanpro.com
Computer name . . . . : RUURD-PC
Windows . . . . . . . : 6.1.1.7601.X64/2
User name . . . . . . : Ruurd-PC\Ruurd
UAC . . . . . . . . . : Disabled
License . . . . . . . : Free
Scan date . . . . . . : 2012-10-23 19:42:51
Scan mode . . . . . . : Normal
Scan duration . . . . : 3m 45s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 6
Objects scanned . . . : 1.957.053
Files scanned . . . . : 30.791
Remnants scanned . . : 723.755 files / 1.202.507 keys
Cookies _____________________________________________________________________
C:\Users\Ruurd\AppData\Roaming\Microsoft\Windows\Cookies\4SM0QOP1.txt
C:\Users\Ruurd\AppData\Roaming\Microsoft\Windows\Cookies\CY233Q6X.txt
C:\Users\Ruurd\AppData\Roaming\Microsoft\Windows\Cookies\DJCUBDKE.txt
C:\Users\Ruurd\AppData\Roaming\Microsoft\Windows\Cookies\MJJFFZ5F.txt
C:\Users\Ruurd\AppData\Roaming\Microsoft\Windows\Cookies\SP5F7633.txt
C:\Users\Ruurd\AppData\Roaming\Microsoft\Windows\Cookies\U9KO2600.txt
Het ziet er dus naar uit dat de actieve Emisoft en Malware Antybites de boosdoeners waren. Ik ga vanavond eens goed bekijken of alles nu wat sneller is.
Nogmaals heel hartelijk dank voor je antwoord en hulp!
Groet
Ruurd - Hallo,
Mijn computer is de laatste dagen erg traag. Voor de zekerheid even een HijackThis gedraaid. Hieronder het log. Kan iemand, geen leek als ik, s.v.p. even kijken of alles in orde is? Hartelijk dank en groet. Ruurd
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:41:14, on 22-10-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Ruurd\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/do/mypage.pl?prf=b632e9ac9ee9ab4ba4801a3d128aadfd
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL
O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Ruurd\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Emsisoft Anti-Malware 6.6 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Realtek11nSU - Realtek - C:\Program Files (x86)\REALTEK\Wireless LAN Utility\RtlService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 8081 bytes - Je gebruikt Norton.
En aktief zijn ook Emisoft antimalware (= ook antivirus) en Malwarebytes MBAM
(Spywarescanner en webbeveiliging)
Norton verzorgt ook al datgene wat die twee andere tools doen.
Dus zullen er conflicten zijn en het feit dat daardoor de beoogde beveiliging juist in mindere mate aanwezig is!
Dus deaktiveer in beide tools de aktieve onderdelen! - Hoi Ruurd, je mag het volgende gaan doen:
[b:d8fc865414]Welk programma[/b:d8fc865414]: - Beste Abraham54,
Gedaan wat je gezegd hebt. Hier het log van Combifix:
ComboFix 12-10-24.02 - Ruurd 24-10-2012 17:52:25.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.2047.945 [GMT 2:00]
Gestart vanuit: c:\users\Ruurd\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ruurd\AppData\Roaming\Ruurdlog.dat
c:\windows\IsUn0413.exe
c:\windows\SysWow64\FlashPlayerInstaller.exe
c:\windows\SysWow64\install
c:\windows\SysWow64\win32
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . konden niet verwijderd worden
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . konden niet verwijderd worden
.
Besmet exemplaar van c:\windows\SysWow64\kernel32.dll werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_fc20fc2ea15dceba\kernel32.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-09-24 to 2012-10-24 ))))))))))))))))))))))))))))))
.
.
2012-10-23 18:46 . 2012-10-08 12:28 34656 —-a-w- c:\windows\system32\TURegOpt.exe
2012-10-23 18:46 . 2012-10-08 12:28 25952 —-a-w- c:\windows\system32\authuitu.dll
2012-10-23 18:46 . 2012-10-08 12:28 21344 —-a-w- c:\windows\SysWow64\authuitu.dll
2012-10-23 18:45 . 2012-10-23 18:46 ——– d—–w- c:\program files (x86)\TuneUp Utilities 2013
2012-10-23 18:43 . 2012-10-23 18:49 ——– d-sh–w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-10-22 17:32 . 2012-10-22 17:32 ——– d—–w- c:\program files (x86)\OpenOffice.org 3
2012-10-22 17:11 . 2012-10-22 17:11 ——– d—–w- c:\users\Ruurd\AppData\Roaming\OpenOffice.org
2012-10-22 16:00 . 2012-10-22 16:00 ——– d—–w- c:\program files (x86)\Common Files\Steam
2012-10-22 15:47 . 2012-10-22 15:55 ——– d—–w- c:\program files (x86)\stinger
2012-10-17 19:11 . 2012-10-17 19:11 ——– d—–w- c:\program files (x86)\Daedalic Entertainment
2012-10-17 15:40 . 2012-10-17 15:40 ——– d—–w- c:\users\Ruurd\AppData\Roaming\Auslogics
2012-10-17 15:40 . 2012-10-17 15:40 ——– d—–w- c:\program files (x86)\Auslogics
2012-10-15 15:22 . 2012-10-15 15:22 ——– d—–w- c:\program files\Common Files\Adobe
2012-10-15 15:19 . 2012-08-10 01:01 56336 ——w- c:\windows\system32\drivers\PxHlpa64.sys
2012-10-15 15:18 . 2012-10-15 15:18 ——– d—–w- c:\program files (x86)\Common Files\Sonic Shared
2012-10-13 14:14 . 2012-10-13 14:14 ——– d—–w- c:\users\Ruurd\AppData\Roaming\Specialbit
2012-10-13 12:31 . 2012-10-13 12:31 ——– d—–w- c:\users\Ruurd\AppData\Local\Electronic Arts
2012-10-13 11:04 . 2012-10-13 11:04 ——– d—–w- c:\users\Ruurd\AppData\Roaming\Frogwares
2012-10-13 11:00 . 2012-10-13 11:00 ——– d—–w- c:\program files (x86)\NVIDIA Corporation
2012-10-12 19:17 . 2012-10-12 19:45 ——– d—–w- c:\users\Ruurd\AppData\Local\Postbox
2012-10-12 19:17 . 2012-10-12 19:17 ——– d—–w- c:\users\Ruurd\AppData\Roaming\Postbox
2012-10-12 19:17 . 2012-10-13 11:21 ——– d—–w- c:\program files (x86)\Postbox
2012-10-12 16:50 . 2012-10-12 16:50 ——– d—–w- c:\users\Ruurd\AppData\Roaming\KLS Soft
2012-10-12 15:49 . 2012-10-12 18:15 ——– d—–w- c:\programdata\firebird
2012-10-12 15:34 . 2012-10-12 15:34 ——– d—–w- c:\users\Ruurd\AppData\Roaming\Thunderbird
2012-10-11 14:34 . 2005-11-23 18:55 385024 —-a-w- c:\windows\SysWow64\XPControls.ocx
2012-10-11 14:34 . 2004-03-09 10:30 152848 —-a-w- c:\windows\SysWow64\COMDLG32.OCX
2012-10-11 14:34 . 2004-03-09 10:30 132880 —-a-w- c:\windows\SysWow64\MSINET.OCX
2012-10-11 14:34 . 2000-07-15 10:30 101888 —-a-w- c:\windows\SysWow64\VB6STKIT.DLL
2012-10-11 14:33 . 2012-08-31 18:19 1659760 —-a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-11 14:33 . 2012-08-30 18:03 5559664 —-a-w- c:\windows\system32\ntoskrnl.exe
2012-10-11 14:33 . 2012-08-30 17:12 3968880 —-a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-11 14:33 . 2012-08-30 17:12 3914096 —-a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-09 17:20 . 2012-10-09 17:20 ——– d—–w- c:\users\Ruurd\AppData\Roaming\Sirrix AG
2012-10-09 17:18 . 2012-10-09 17:18 ——– d—–w- c:\programdata\Sirrix AG
2012-10-09 17:14 . 2011-12-21 11:15 219440 —-a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-10-09 17:14 . 2011-12-21 11:15 44848 —-a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-10-06 09:46 . 2012-10-16 15:12 ——– d—–w- c:\windows\system32\drivers\NISx64\1309000.009
2012-10-06 09:30 . 2012-08-21 21:01 245760 —-a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 15:47 . 2012-02-14 17:27 16200 —-a-w- c:\windows\stinger.sys
2012-10-14 08:30 . 2012-02-15 16:49 696760 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-14 08:30 . 2011-05-16 16:32 73656 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-11 14:37 . 2011-04-23 17:18 65309168 —-a-w- c:\windows\system32\MRT.exe
2012-09-29 17:54 . 2011-09-26 17:04 25928 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-09-12 14:07 . 2012-09-12 14:07 58368 —-a-w- c:\windows\SysWow64\sirenacm.dll
2012-08-22 18:12 . 2012-09-12 11:23 1913200 —-a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 11:23 950128 —-a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 11:23 376688 —-a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 11:23 288624 —-a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 11:01 . 2012-09-14 15:34 33240 —-a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 11:01 . 2012-09-14 15:30 125872 —-a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2012-09-14 15:30 106928 —-a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 19:06 . 2012-08-20 19:06 388096 —-a-r- c:\users\Ruurd\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-20 17:38 . 2012-10-11 14:32 44032 —-a-w- c:\windows\apppatch\acwow64.dll
2012-08-15 16:40 . 2011-04-25 16:02 18960 —-a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-08-09 18:13 . 2012-08-09 18:13 175736 —-a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-08-02 17:58 . 2012-09-12 11:23 574464 —-a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 11:23 490496 —-a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-26 17:08 . 2012-07-26 17:08 862664 —-a-w- c:\windows\SysWow64\msvcr110.dll
2012-07-26 17:08 . 2012-07-26 17:08 534480 —-a-w- c:\windows\SysWow64\msvcp110.dll
2012-07-26 17:08 . 2012-07-26 17:08 251864 —-a-w- c:\windows\SysWow64\vccorlib110.dll
2012-07-26 17:08 . 2012-07-26 17:08 153536 —-a-w- c:\windows\SysWow64\atl110.dll
2012-07-26 17:08 . 2012-07-26 17:08 115656 —-a-w- c:\windows\SysWow64\vcomp110.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
.
R1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 14120]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-05 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-05 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-05 94808]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-15 99384]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-15 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-09-19 11880]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-23 1255736]
R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-14 250808]
R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-04-23 79360]
R4 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-04-02 96768]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R4 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-05-29 1301088]
R4 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-05-29 681056]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-10-08 2365792]
R4 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
R4 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1066896]
R4 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 491920]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2012-08-10 56336]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [2011-08-15 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-08-31 1385120]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [2012-06-07 167072]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-04-11 31432]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20121023.002\IDSvia64.sys [2012-10-05 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [2012-04-18 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-09-23 171600]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\REALTEK\Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 288768]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-05 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-05 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-05 94808]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [2010-10-22 714368]
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2009-10-07 271640]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-06 30232]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
S3 LVUVC64;Logitech QuickCam Fusion(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 448512]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2011-09-14 398112]
.
.
— Andere Services/Drivers In Geheugen —
.
*NewlyCreated* - WS2IFSL
.
Inhoud van de 'Gedeelde Taken' map
.
2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-15 08:30]
.
2012-09-15 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-05-09 21:13]
.
2012-06-09 c:\windows\Tasks\GlaryUpdate.job
- c:\program files (x86)\Glary Utilities\webupdate.exe [2012-05-09 21:16]
.
.
——— X64 Entries ———–
.
.
——- Bijkomende Scan ——-
.
uStart Page = https://startpage.com/do/mypage.pl?prf=b632e9ac9ee9ab4ba4801a3d128aadfd
uInternet Settings,ProxyOverride = fritz.box;*.local
TCP: DhcpNameServer = 192.168.178.1
.
.
——- Bestandsassociaties ——-
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
AddRemove-{4567EA14-6BCA-3EF9-859B-92CE48B1D704}.KB2478663 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe
AddRemove-{4567EA14-6BCA-3EF9-859B-92CE48B1D704}.KB2518870 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2446708 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478663 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2633870 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a3,64,9e,30,2f,6b,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\REALTEK\Wireless LAN Utility\RtWlan.exe
.
**************************************************************************
.
Voltooingstijd: 2012-10-24 18:07:12 - machine werd herstart
ComboFix-quarantined-files.txt 2012-10-24 16:07
.
Pre-Run: 237.287.014.400 bytes beschikbaar
Post-Run: 236.906.950.656 bytes beschikbaar
.
- - End Of File - - 3636D12676EBC0C9E1063F3114B51F0F - Download [b:a36158b5d8]RogueKiller[/b:a36158b5d8] naar je bureaublad.
Sluit alle overige programma's.
Start het programma.
[b:a36158b5d8] - Hallo,
Helaas lukt het mij niet Roguekiller te downloaden. Norton geeft direct aan dat het programma niet safe is. Ik heb geprobeerd dit te omzeilen maar als ik het programma opstart, komt Norton weer in beeld en verwijdert het.
Weet je misschien een andere oplossing?
Groet en dank
Ruurd - Na heel veel gepruts het prog tóch langs Norton gekregen en laten draaien. Ik bleef maar een melding krijgen dat het niet veilig was. Ik
ben maar even afgegaan op de deskundigheid van de mensen hier.
Hier de inhoud van het log:
RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ruurd [Admin rights]
Mode : Scan – Date : 10/25/2012 19:02:20
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 14 ¤¤¤
[TASK][SUSP PATH] {32E36785-EF10-43BC-A59E-F9287BD5380F} : C:\Windows\system32\pcalua.exe -a "C:\Users\Ruurd\Desktop\Art of Murder The Secret Files NL (basp)\MystSetupVideo.exe" -d "C:\Users\Ruurd\Desktop\Art of Murder The Secret Files NL (basp)" -> FOUND
[TASK][SUSP PATH] {F2D1198D-8681-4832-B406-0990B5AFDF15} : C:\Windows\system32\pcalua.exe -a C:\Users\Ruurd\Desktop\backup\mp610swin64101ea24.exe -d C:\Users\Ruurd\Desktop\backup -> FOUND
[HJPOL] HKLM\[…]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[…]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[…]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[…]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[…]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[…]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[…]\Advanced : Start_ShowVideos (0) -> FOUND
[HJ DESK] HKCU\[…]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[…]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[…]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
–> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Volume0 +++++
— User —
[MBR] d17be1e12a2e477a5566b298b57d3c88
[BSP] 3987b2db95c3072c72c6bc3375c1bd2a : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 276634 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 566548480 | Size: 150000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 873748480 | Size: 52104 Mo
User = LL1 … OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt - Heb jij via een registerhack de UAC - gebruikersaccountbeheer uitgeschakeld?
- Niet via een 'registerhack'. Die heb ik zelf bij installatie van Windows 7
zelf uitgezet. Ik werd n.l. helemaal gek van al die popups die om toestemming vroegen. - Als je die UAC op de middenstand hebt staan, zal je zelden toestemming moeten geven en wat is daar verkeerd aan?
Want nu door het uitschakelen van de UAC is Windows net iets veiliger dan het inmiddels antieke Windows XP, met ingeschakelde UAC: 16 x veiliger! - Ok, ik zal daar naar kijken. Maar even terug naar de laatste log van Roguekiller. Is alles in orde nu?
Groet
Ruurd - [b:ede50b70d4]Doe de ESET online scan (Klik).[/b:ede50b70d4]
[list:ede50b70d4]
[*:ede50b70d4]Klik op de knop [b:ede50b70d4]ESET Online Scanner[/b:ede50b70d4]
[*:ede50b70d4]Zet een vinkje bij [b:ede50b70d4]YES, I accept the Terms of Use[/b:ede50b70d4]
[*:ede50b70d4]Klik op [b:ede50b70d4]Start[/b:ede50b70d4]
[*:ede50b70d4]Sta het ActiveX control toe om te installeren.
[*:ede50b70d4]Zet een vinkje bij de volgende opties:
[list:ede50b70d4][*:ede50b70d4][b:ede50b70d4]Remove found threats[/b:ede50b70d4]
[*:ede50b70d4][b:ede50b70d4]Scan archives[/b:ede50b70d4][/list:u:ede50b70d4]
[*:ede50b70d4]Klik vervolgens op [b:ede50b70d4] - Hallo,
Ook hier weer een irritant probleem. Eerst kon ik de scan opstarten maar kreeg de melding dat een proxy de updates tegen zou houden. Ik werk dus niet met een proxy! CCleaner gedraaid de pc opnieuw opgestart en weer terug naar de site. Als ik nu klik op 'akkoord' dan gaat het vinkje automatisch weer weg en gebeurt er niets.
Is er een mooi alternatief voor Eset?
Groet
Ruurd - Doe nu eerst maar het volgende:
download MiniToolBox en plaats dit tool op jouw bureaublad.
[b:8767f15659]"Farbar MiniToolBox" gebruiken[/b:8767f15659]:
[list:8767f15659][*:8767f15659] [b:8767f15659] - Na heel veel proberen is het toch gelukt. Een scan van iets meer dan een uur. Eset heeft niets gevonden. Ik kreeg geen log!
Groet
Ruurd - Oké, ook de Mini Toolbox gedaan. Met het volgende log als resultaat:
MiniToolBox by Farbar Version: 23-07-2012
Ran by Ruurd (administrator) on 26-10-2012 at 18:36:42
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP-configuratie
De DNS-omzettingscache is leeggemaakt.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
FRITZ!WLAN USB Stick N = Draadloze netwerkverbinding 2 (Connected)
Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller = LAN-verbinding (Media disconnected)
Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller = LAN-verbinding 2 (Media disconnected)
Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter = Draadloze netwerkverbinding (Media disconnected)
# ———————————-
# IPv4-configuratie
# ———————————-
pushd interface ipv4
reset
set global
set interface interface="LAN-verbinding" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="LAN-verbinding 2" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Draadloze netwerkverbinding" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Draadloze netwerkverbinding 2" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
popd
# Einde van IPv4-configuratie
Windows IP-configuratie
Hostnaam . . . . . . . . . . . . : Ruurd-PC
Primair DNS-achtervoegsel . . . . :
Knooppunttype . . . . . . . . . . : hybride
IP-routering ingeschakeld . . . . : nee
WINS-proxy ingeschakeld . . . . . : nee
DNS-achtervoegselzoeklijst. . . . : fritz.box
Draadloos LAN-adapter voor Draadloze netwerkverbinding 2:
Verbindingsspec. DNS-achtervoegsel: fritz.box
Beschrijving. . . . . . . . . . . : FRITZ!WLAN USB Stick N
Fysiek adres. . . . . . . . . . . : BC-05-43-06-8E-69
DHCP ingeschakeld . . . . . . . . : ja
Autom. configuratie ingeschakeld : ja
IPv6-adres. . . . . . . . . . . . : 2001:980:63a0:1:2014:e7f3:bea7:b431(voorkeur)
Tijdelijk IPv6-adres. . . . . . . : 2001:980:63a0:1:7df7:e130:96b2:31ff(voorkeur)
Link-local IPv6-adres . . . . . . : fe80::2014:e7f3:bea7:b431%15(voorkeur)
IPv4-adres. . . . . . . . . . . . : 192.168.178.25(voorkeur)
Subnetmasker. . . . . . . . . . . : 255.255.255.0
Lease verkregen . . . . . . . . . : vrijdag 26 oktober 2012 17:22:07
Lease verlopen. . . . . . . . . . : maandag 5 november 2012 17:22:07
Standaardgateway. . . . . . . . . : fe80::be05:43ff:fef2:8ba0%15
192.168.178.1
DHCP-server . . . . . . . . . . . : 192.168.178.1
DHCPv6 IAID . . . . . . . . . . . : 498861379
DHCPv6-client DUID. . . . . . . . : 00-01-00-01-15-44-AC-5A-00-18-F3-D0-04-36
DNS-servers . . . . . . . . . . . : fd00::be05:43ff:fef2:8ba0
192.168.178.1
NetBIOS via TCPIP . . . . . . . . : ingeschakeld
Draadloos LAN-adapter voor Draadloze netwerkverbinding:
Mediumstatus. . . . . . . . . . . : medium ontkoppeld
Verbindingsspec. DNS-achtervoegsel:
Beschrijving. . . . . . . . . . . : Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
Fysiek adres. . . . . . . . . . . : 00-15-AF-0B-8F-1D
DHCP ingeschakeld . . . . . . . . : ja
Autom. configuratie ingeschakeld : ja
Ethernet-adapter voor LAN-verbinding 2:
Mediumstatus. . . . . . . . . . . : medium ontkoppeld
Verbindingsspec. DNS-achtervoegsel:
Beschrijving. . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Fysiek adres. . . . . . . . . . . : 00-18-F3-D0-0A-7C
DHCP ingeschakeld . . . . . . . . : ja
Autom. configuratie ingeschakeld : ja
Ethernet-adapter voor LAN-verbinding:
Mediumstatus. . . . . . . . . . . : medium ontkoppeld
Verbindingsspec. DNS-achtervoegsel:
Beschrijving. . . . . . . . . . . : Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
Fysiek adres. . . . . . . . . . . : 00-18-F3-D0-04-36
DHCP ingeschakeld . . . . . . . . : ja
Autom. configuratie ingeschakeld : ja
Tunnel-adapter voor isatap.fritz.box:
Mediumstatus. . . . . . . . . . . : medium ontkoppeld
Verbindingsspec. DNS-achtervoegsel: fritz.box
Beschrijving. . . . . . . . . . . : Microsoft ISATAP Adapter #2
Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP ingeschakeld . . . . . . . . : nee
Autom. configuratie ingeschakeld : ja
Tunnel-adapter voor Teredo Tunneling Pseudo-Interface:
Verbindingsspec. DNS-achtervoegsel:
Beschrijving. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP ingeschakeld . . . . . . . . : nee
Autom. configuratie ingeschakeld : ja
IPv6-adres. . . . . . . . . . . . : 2001:0:5ef5:79fb:18d6:1d27:3f57:4de6(voorkeur)
Link-local IPv6-adres . . . . . . : fe80::18d6:1d27:3f57:4de6%13(voorkeur)
Standaardgateway. . . . . . . . . :
NetBIOS via TCPIP . . . . . . . . : uitgeschakeld
Server: fritz.box
Address: fd00::be05:43ff:fef2:8ba0
Naam: google.com
Addresses: 2a00:1450:400c:c03::66
74.125.132.138
74.125.132.100
74.125.132.101
74.125.132.139
74.125.132.102
74.125.132.113
Pingen naar google.com [2a00:1450:400c:c03::66] met 32 bytes aan gegevens:
Antwoord van 2a00:1450:400c:c03::66: tijd=23 ms
Antwoord van 2a00:1450:400c:c03::66: tijd=23 ms
Ping-statistieken voor 2a00:1450:400c:c03::66:
Pakketten: verzonden = 2, ontvangen = 2, verloren = 0
(0% verlies).
De gemiddelde tijd voor het uitvoeren van ‚‚n bewerking in milliseconden:
Minimum = 23ms, Maximum = 23ms, Gemiddelde = 23ms
Server: fritz.box
Address: fd00::be05:43ff:fef2:8ba0
Naam: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109
Pingen naar yahoo.com [98.139.183.24] met 32 bytes aan gegevens:
Antwoord van 98.139.183.24: bytes=32 tijd=655 ms TTL=50
Antwoord van 98.139.183.24: bytes=32 tijd=559 ms TTL=50
Ping-statistieken voor 98.139.183.24:
Pakketten: verzonden = 2, ontvangen = 2, verloren = 0
(0% verlies).
De gemiddelde tijd voor het uitvoeren van ‚‚n bewerking in milliseconden:
Minimum = 559ms, Maximum = 655ms, Gemiddelde = 607ms
Server: fritz.box
Address: fd00::be05:43ff:fef2:8ba0
Naam: bleepingcomputer.com
Address: 208.43.87.2
Pingen naar bleepingcomputer.com [208.43.87.2] met 32 bytes aan gegevens:
Antwoord van 208.43.87.2: De doelhost is niet bereikbaar.
Antwoord van 208.43.87.2: De doelhost is niet bereikbaar.
Ping-statistieken voor 208.43.87.2:
Pakketten: verzonden = 2, ontvangen = 2, verloren = 0
(0% verlies).
Pingen naar 127.0.0.1 met 32 bytes aan gegevens:
Antwoord van 127.0.0.1: bytes=32 tijd<1 ms TTL=128
Antwoord van 127.0.0.1: bytes=32 tijd<1 ms TTL=128
Ping-statistieken voor 127.0.0.1:
Pakketten: verzonden = 2, ontvangen = 2, verloren = 0
(0% verlies).
De gemiddelde tijd voor het uitvoeren van ‚‚n bewerking in milliseconden:
Minimum = 0ms, Maximum = 0ms, Gemiddelde = 0ms
===========================================================================
Interfacelijst
15…bc 05 43 06 8e 69 ……FRITZ!WLAN USB Stick N
12…00 15 af 0b 8f 1d ……Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
11…00 18 f3 d0 0a 7c ……Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
10…00 18 f3 d0 04 36 ……Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
1………………………Software Loopback Interface 1
17…00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13…00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 routetabel
===========================================================================
Actieve routes:
Netwerkadres Netmasker Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.178.1 192.168.178.25 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.178.0 255.255.255.0 On-link 192.168.178.25 281
192.168.178.25 255.255.255.255 On-link 192.168.178.25 281
192.168.178.255 255.255.255.255 On-link 192.168.178.25 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.178.25 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.178.25 281
===========================================================================
Permanente routes:
Geen
IPv6 routetabel
===========================================================================
Actieve routes:
Indien metrische netwerkbestemming Gateway
15 41 ::/0 fe80::be05:43ff:fef2:8ba0
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:5ef5:79fb:18d6:1d27:3f57:4de6/128
On-link
15 33 2001:980:63a0:1::/64 On-link
15 281 2001:980:63a0:1:2014:e7f3:bea7:b431/128
On-link
15 281 2001:980:63a0:1:7df7:e130:96b2:31ff/128
On-link
15 281 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::18d6:1d27:3f57:4de6/128
On-link
15 281 fe80::2014:e7f3:bea7:b431/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
15 281 ff00::/8 On-link
===========================================================================
Permanente routes:
Geen
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (10/23/2012 07:39:44 PM) (Source: Application Error) (User: )
Description: Naam van toepassing met fout: TuneUpUtilitiesApp64.exe, versie: 12.0.3600.83, tijdstempel: 0x4fc4eaf5
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutoffset: 0x0000000001d8f180 - Verwijder TuneUp Utilities maar.
Genoeg Windows computers die door dat tool in de problemen zijn gekomen.
Het gratis Glary Utilities is een fijn alternatief!
Krijg je overigens als je weer naar Eset gaat nog die verbindingsproblemen? - Dank, dank. Nee, het lukt nu wel verbinding te krijgen bij Eset. Alles is nu dus in orde. Ik heb Glary Utities ook nog op mijn pc staan. Was ik vergeten. Ik zal TuneUp er af halen.
Een goed weekend verder en groet
Ruurd
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
