Archief - Worm/ainslot.a/svhost

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
f

fty

Legacy Member
Beste,

Na het downloaden van een besmet bestand, ik weet niet het welk, heb ik last gekregen van een virus. Dit is al enige tijd geleden (ik heb véél te lang gewacht om er iets aan te doen en dat is niet slim natuurlijk).

In het begin kreeg ik na het opstarten van de PC twee waarschuwingen van Windows security essentials, nu nog maar 1:
Code: 
Worm:Win32/Ainslot.A
bij meer informatie staat:
Code: 
Items: 
process:pid:3732
Hierna krijg ik de melding van security essentials met de vraag om een niet geclassificeerd bestand door te sturen naar microsoft:
Code: 
svhost.exe
Dit bestand komt altijd terug bij de volgende herstart na het verwijderen.

Als de security essentials zogezegd klaar is met het verwijderen van de infectie dan lijkt de pc vrij te zijn zolang er niet opnieuw opgestart wordt.
Ook krijg ik sinds het downloaden van het bestand vlak na het opstarten 2 tekstboxen met het bericht
Code: 
error: toegang geweigerd
met een OK knop onderaan(Het komt wel in het duits want mijn pc staat in het duits)

Hijjackthis zegt dit:

Code: 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:10:43, on 16/04/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Spellen\Steam\Steam.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Users\Walter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Walter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Walter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Walter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Walter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [] C:\Users\Walter\AppData\Roaming\.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Walter\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Spellen\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [rundll32] C:\Users\Walter\AppData\Local\Temp\rundll32 .exe
O4 - HKCU\..\Run: [] C:\Users\Walter\AppData\Roaming\.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: license.dll
O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Startup: rundll32 .exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Download alles met Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download met Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selectie met Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video met Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Autodesk Moldflow Inventor Tool Suite Integration 2011 Job Manager (mitsijm2011) - Unknown owner - C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12251 bytes

Alvast bedankt voor uw hulp.
J

Juisterr

Legacy Member
Download ComboFix van één van deze locaties:

Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier staat een handleiding over hoe je deze kan uitschakelen:)

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
f

fty

Legacy Member
ComboFix 11-04-16.03 - Walter 17/04/2011 20:48:13.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1043.18.8190.6150 [GMT 2:00]
Gestart vanuit: c:\users\Walter\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Walter\AppData\Roaming\.exe
c:\users\Walter\AppData\Roaming\23225.exe
c:\users\Walter\AppData\Roaming\40253.exe
c:\users\Walter\AppData\Roaming\52089.exe
c:\users\Walter\AppData\Roaming\78098.exe
c:\users\Walter\AppData\Roaming\95300.exe
c:\users\Walter\AppData\Roaming\data.dat
c:\users\Walter\AppData\Roaming\lovely.ini
c:\users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\license.dll
c:\users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe
c:\windows\Downloaded Program Files\IDropPTB.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-03-17 to 2011-04-17 ))))))))))))))))))))))))))))))
.
.
2011-04-17 18:51 . 2011-04-17 18:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-17 18:51 . 2011-04-17 18:51 -------- d-----w- c:\users\Marlies\AppData\Local\temp
2011-04-17 17:37 . 2011-04-17 17:37 -------- d-----w- c:\users\Walter\AppData\Local\Lazy 8 Studios
2011-04-17 09:15 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8628B313-A930-4325-B761-633D96E7B8BD}\mpengine.dll
2011-04-17 09:05 . 2011-04-17 09:05 -------- d-----w- c:\users\Walter\AppData\Local\{18AF4E26-0FFA-4A61-BAB9-BAED476670AC}
2011-04-16 08:31 . 2011-04-16 08:31 -------- d-----w- c:\users\Walter\AppData\Local\{A97BFFD7-06EE-4E98-83F7-40B5C3923E38}
2011-04-16 08:31 . 2011-04-16 08:31 -------- d-----w- c:\users\Walter\AppData\Local\{15DEDCE2-A9D4-44EC-B872-16E2C85B52D7}
2011-04-15 08:28 . 2011-04-15 08:28 -------- d-----w- c:\users\Walter\AppData\Local\{412C7C0D-77D6-4E92-A30F-E2A51F4912C4}
2011-04-15 08:27 . 2011-04-15 08:28 -------- d-----w- c:\users\Walter\AppData\Local\{71551FF5-3658-42F1-B3D3-1D95E6E80227}
2011-04-14 07:53 . 2011-04-14 07:53 -------- d-----w- c:\users\Walter\AppData\Local\{19BF83D9-635E-46BF-B6A3-4B8866AEEDB9}
2011-04-14 07:53 . 2011-04-14 07:53 -------- d-----w- c:\users\Walter\AppData\Local\{0C424AD7-15D3-4FF6-8B59-163B7B4DD23A}
2011-04-13 14:56 . 2011-04-13 14:56 -------- d-----w- c:\users\Walter\AppData\Local\{26BA90AC-49B4-47A3-9B1E-8F6367564BC5}
2011-04-13 14:56 . 2011-04-13 14:56 -------- d-----w- c:\users\Walter\AppData\Local\{90D2F19F-7107-40CD-9DFC-5E6C80CEC038}
2011-04-12 13:54 . 2011-04-12 13:54 -------- d-----w- c:\users\Walter\AppData\Local\{6A63356D-28DE-41A8-8258-185268736661}
2011-04-12 13:54 . 2011-04-12 13:54 -------- d-----w- c:\users\Walter\AppData\Local\{92760C1D-2E67-4647-8DEA-017B36155C60}
2011-04-11 07:51 . 2011-04-11 07:52 -------- d-----w- c:\users\Walter\AppData\Local\{669A0760-AC93-4501-9AFF-B9CA233F9ABB}
2011-04-11 07:51 . 2011-04-11 07:51 -------- d-----w- c:\users\Walter\AppData\Local\{707CF75F-E1E1-4A33-88F5-EC38B628BF33}
2011-04-10 15:25 . 2011-04-10 15:26 -------- d-----w- c:\users\Walter\AppData\Local\123KickIt
2011-04-10 11:06 . 2011-04-10 11:07 -------- d-----w- c:\users\Walter\AppData\Local\{769D787E-1A01-4D94-9CC8-AB8C60741747}
2011-04-10 11:06 . 2011-04-10 11:06 -------- d-----w- c:\users\Walter\AppData\Local\{E9A73086-BBA4-4462-8948-A04C15C1F04D}
2011-04-09 14:38 . 2011-04-09 14:39 -------- d-----w- c:\users\Walter\AppData\Local\Bit.Trip Beat
2011-04-09 14:35 . 2011-04-09 14:35 -------- d--h--w- c:\windows\msdownld.tmp
2011-04-09 14:26 . 2011-04-09 14:29 -------- d-----w- c:\users\Walter\AppData\Local\AaaaaRecklessDisregard
2011-04-09 08:26 . 2011-04-09 08:27 -------- d-----w- c:\users\Walter\AppData\Local\{50338B84-4E52-470B-BC4F-139194EC9BF4}
2011-04-09 08:26 . 2011-04-09 08:26 -------- d-----w- c:\users\Walter\AppData\Local\{D9BDC5ED-BA14-417B-8955-B67F02BCA8C3}
2011-04-08 17:59 . 2011-04-08 17:59 -------- d-----w- c:\programdata\Messenger Plus!
2011-04-08 17:59 . 2011-04-08 17:59 -------- d-----w- c:\program files (x86)\Yuna Software
2011-04-08 08:11 . 2011-04-08 08:11 -------- d-----w- c:\users\Walter\AppData\Local\{E24F6AE8-E489-494E-9B2B-9FCE031C1FF3}
2011-04-07 20:53 . 2011-04-07 20:53 -------- d-----w- c:\program files (x86)\DsNET Corp
2011-04-06 08:56 . 2011-04-08 08:11 -------- d-----w- c:\users\Walter\AppData\Local\{A35A9701-7336-4786-99ED-9E73AD4AB285}
2011-04-05 20:13 . 2011-04-05 20:13 -------- d-----w- c:\programdata\ATI
2011-04-05 20:13 . 2011-04-05 20:13 -------- d-----w- c:\program files (x86)\AMD APP
2011-04-05 18:38 . 2010-12-24 10:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50A2D849-23CB-44F6-A707-8F35989490DB}\gapaengine.dll
2011-04-05 11:28 . 2011-04-05 11:28 -------- d-----w- c:\users\Walter\AppData\Local\{0BE638FD-58B2-40D4-B935-4886015C92B0}
2011-04-04 14:52 . 2011-04-04 14:52 -------- d-----w- c:\users\Walter\AppData\Local\{CC266044-2723-4AC9-B408-89D032E41BF3}
2011-04-04 14:51 . 2011-04-05 11:28 -------- d-----w- c:\users\Walter\AppData\Local\{D836B5A3-D5F2-4F17-B9DC-7F4834FE8261}
2011-04-03 09:15 . 2011-04-03 09:16 -------- d-----w- c:\users\Walter\AppData\Local\{DF60DCB9-102C-4F69-A8F5-9D441C6A5B01}
2011-04-01 16:27 . 2011-04-03 09:16 -------- d-----w- c:\users\Walter\AppData\Local\{368FB58C-25EF-4482-8724-63C7C21E9B31}
2011-03-31 15:58 . 2011-03-31 15:58 -------- d-----w- c:\windows\system32\SPReview
2011-03-27 16:46 . 2011-03-27 16:47 -------- d-----w- C:\Fraps
2011-03-26 11:06 . 2010-12-24 10:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-23 16:24 . 2011-03-23 16:24 -------- d-----w- c:\users\Walter\AppData\Local\ExtractNow
2011-03-23 16:24 . 2011-03-23 16:24 -------- d-----w- c:\program files (x86)\ExtractNow
2011-03-21 17:56 . 2011-03-21 17:56 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-03-21 17:56 . 2011-03-21 17:56 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-03-21 17:56 . 2011-03-21 17:56 53760 ----a-w- c:\windows\system32\OpenCL.dll
2011-03-21 17:56 . 2011-03-21 17:56 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-03-21 17:55 . 2011-03-21 17:55 16115712 ----a-w- c:\windows\system32\amdocl64.dll
2011-03-21 17:55 . 2011-03-21 17:55 12385792 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-03-20 18:44 . 2011-03-20 18:44 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-03-20 17:54 . 2011-03-20 17:54 -------- d-----w- c:\users\Walter\AppData\Local\Two Worlds II
2011-03-20 10:35 . 2011-03-20 10:35 388096 ----a-r- c:\users\Walter\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-20 10:35 . 2011-03-20 10:35 -------- d-----w- c:\program files (x86)\Trend Micro
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 05:17 . 2010-12-01 16:04 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-15 05:01 . 2011-03-15 05:01 86016 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-03-15 05:01 . 2011-03-15 05:01 84992 ----a-w- c:\windows\system32\frapsv64.dll
2011-03-09 16:34 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-09 09:22 . 2011-03-09 09:22 9258496 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-03-09 05:41 . 2011-03-09 05:41 22518272 ----a-w- c:\windows\system32\atio6axx.dll
2011-03-09 05:19 . 2011-03-09 05:19 17397248 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-03-09 04:57 . 2011-03-09 04:57 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-03-09 04:56 . 2010-10-27 02:55 679424 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-03-09 04:55 . 2010-10-27 02:54 795136 ----a-w- c:\windows\system32\aticfx64.dll
2011-03-09 04:53 . 2011-03-09 04:53 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-03-09 04:53 . 2011-03-09 04:53 480256 ----a-w- c:\windows\system32\atieclxx.exe
2011-03-09 04:53 . 2011-03-09 04:53 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-03-09 04:52 . 2011-03-09 04:52 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-03-09 04:51 . 2011-03-09 04:51 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-03-09 04:51 . 2011-03-09 04:51 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-03-09 04:51 . 2011-03-09 04:51 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-03-09 04:51 . 2011-03-09 04:51 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-03-09 04:51 . 2011-03-09 04:51 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-03-09 04:51 . 2011-03-09 04:51 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-03-09 04:48 . 2010-10-27 02:46 4277760 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-03-09 04:40 . 2009-07-13 21:59 5044224 ----a-w- c:\windows\system32\atidxx64.dll
2011-03-09 04:34 . 2011-03-09 04:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-03-09 04:34 . 2011-03-09 04:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-03-09 04:34 . 2011-03-09 04:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-03-09 04:34 . 2011-03-09 04:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-03-09 04:34 . 2011-03-09 04:34 7025152 ----a-w- c:\windows\system32\aticaldd64.dll
2011-03-09 04:32 . 2011-03-09 04:32 5618688 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-03-09 04:30 . 2010-10-27 02:28 4294656 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-03-09 04:24 . 2010-10-27 02:22 5438976 ----a-w- c:\windows\system32\atiumd64.dll
2011-03-09 04:18 . 2011-03-09 04:18 360448 ----a-w- c:\windows\system32\atiadlxx.dll
2011-03-09 04:18 . 2011-03-09 04:18 258048 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-03-09 04:18 . 2011-03-09 04:18 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-03-09 04:17 . 2011-03-09 04:17 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 300544 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-03-09 04:17 . 2010-10-27 02:13 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2011-03-09 04:17 . 2010-10-27 02:13 31232 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-03-09 04:16 . 2010-10-27 02:13 38400 ----a-w- c:\windows\system32\atiu9p64.dll
2011-03-09 04:16 . 2010-10-27 02:13 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-03-09 04:16 . 2011-03-09 04:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-03-09 04:11 . 2010-10-27 02:14 58880 ----a-w- c:\windows\system32\coinst.dll
2011-03-09 03:42 . 2011-03-09 03:42 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-03-09 03:42 . 2011-03-09 03:42 1912832 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-03-09 03:41 . 2010-10-27 01:57 3239936 ----a-w- c:\windows\system32\atiumd6a.dll
2011-03-09 03:34 . 2010-10-27 01:50 3471872 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-03-09 03:18 . 2011-03-09 03:18 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-03-09 03:18 . 2011-03-09 03:18 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-03-09 03:18 . 2011-03-09 03:18 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-03-09 03:18 . 2011-03-09 03:18 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-03-06 15:24 . 2011-03-06 15:24 0 ----a-w- c:\windows\DXT6675.tmp
2011-03-06 15:24 . 2011-03-06 15:24 0 ----a-w- c:\windows\DXT6674.tmp
2011-03-06 15:24 . 2011-03-06 15:24 0 ----a-w- c:\windows\DXT6673.tmp
2011-03-06 15:24 . 2011-03-06 15:24 0 ----a-w- c:\windows\DXT6663.tmp
2011-03-06 15:24 . 2011-03-06 15:24 0 ----a-w- c:\windows\DXT6662.tmp
2011-02-19 06:37 . 2011-03-09 16:45 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 16:45 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 16:45 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 16:45 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 16:45 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-02 20:40 . 2010-12-02 17:16 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-01-26 06:53 . 2011-02-10 09:05 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:53 . 2011-02-10 09:05 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:31 . 2011-02-10 09:05 144384 ----a-w- c:\windows\system32\cdd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\spellen\Steam\Steam.exe" [2010-11-30 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Free Download Manager"="c:\program files (x86)\Free Download Manager\fdm.exe" [2010-04-28 3727411]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-11-29 74752]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2008-03-03 55856]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
.
c:\users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-12-1 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-13 136176]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-30 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-30 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-04 1436424]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 Job Manager;c:\program files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [2010-01-22 673792]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhoud van de 'Gedeelde Taken' map
.
2011-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-13 20:04]
.
2011-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-13 20:04]
.
2011-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1136696869-1884167452-3135596246-1000Core.job
- c:\users\Walter\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-30 11:25]
.
2011-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1136696869-1884167452-3135596246-1000UA.job
- c:\users\Walter\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-30 11:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Verzenden naar OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Download alles met Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download met Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Download selectie met Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video met Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\9o64b9y8.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1136696869-1884167452-3135596246-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1136696869-1884167452-3135596246-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1136696869-1884167452-3135596246-1000\Software\SecuROM\License information*]
"datasecu"=hex:b8,aa,75,07,c4,25,5b,de,c6,ee,d6,f2,b7,6d,ce,6e,ae,90,6e,c2,db,
29,f3,29,77,66,3b,f1,0b,c0,8e,7a,22,6d,85,1d,a5,f9,e8,05,65,91,35,9d,0b,e3,\
"rkeysecu"=hex:09,c8,48,c2,d5,c9,55,a8,3b,91,50,03,8a,c4,99,bf
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-04-17 20:53:55
ComboFix-quarantined-files.txt 2011-04-17 18:53
.
Pre-Run: 374.752.038.912 bytes beschikbaar
Post-Run: 375.774.089.216 bytes beschikbaar
.
- - End Of File - - 9F1D2FEA73552FF3A1E094273BE63A51
J

Juisterr

Legacy Member
En hoe gaat het nu ?

Zet je berichten in
en niet in
Code: 
 aub.
f

fty

Legacy Member
De problemen lijken weg te zijn. Er komt geen melding meer van security essentials en er komt ook geen 'toegang geweigerd' kader meer. Bedankt voor de hulp.
En ik zal er in de toekomst aan denken om alles in spoiler tags te zetten.
J

Juisterr

Legacy Member
Ga naar Start - Uitvoeren
en Geef hier het volgende in: Combofix /Uninstall
Druk daarna op OK.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.

Voorbeeld:

CFUninstall.PNG


Uitvoeren kan ook gestart worden door de toetsencombinatie
W+R.jpg
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan