babylon komt steeds terug.

[anoniem]

Hallo, Ik zocht een nieuwe driver, dacht die te hebben gevonden en klikte op "installeren". Tja, geen nieuwe driver dus maar wel een opdringerige "Babylon" als toolbar. Ik heb het meeste eraf kunnen krijgen en Windows' zoekfunctie kan niets meer vinden met de naam Babylon erin, maar toch: Babylon is er dus nog altijd. Kan iemand me helpen ? Alvast bedankt.

[anoniem]

Hoi Paul, [b:8beaa84d57]ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:8beaa84d57] [color=#0000FF:8beaa84d57][list:8beaa84d57][*:8beaa84d57]Lees alle instrukties goed door. [*:8beaa84d57]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat serieuze problemen in Windows veroorzaken. [*:8beaa84d57]Onthou je van het gebruik van tools cq. updates anders dan die ik jou adviseer te gebruiken. [*:8beaa84d57]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken. [*:8beaa84d57]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht. [*:8beaa84d57]De fix, eenmaal gestart, moet afgewerkt worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:8beaa84d57][/color:8beaa84d57] [color=#FF0000:8beaa84d57][b:8beaa84d57]Stap •1•[/b:8beaa84d57][/color:8beaa84d57] [b:8beaa84d57]Welk programma[/b:8beaa84d57]: Trend Micro [b:8beaa84d57]Hijack This Versie 2.0.4[/b:8beaa84d57] [b:8beaa84d57]Waarvoor/waarom[/b:8beaa84d57]: maakt een duidelijk overzicht van Windows door middel van een scan. [b:8beaa84d57]Moeilijkheidsgraad[/b:8beaa84d57]: geen, enkel Vista- en Win 7 gebruikers dienen even extra aandacht te geven. [b:8beaa84d57]Download[/b:8beaa84d57] de [url=http://www.trendmicro.com/ftp/products/hijackthis/HiJackThis.msi][b:8beaa84d57]HijackThis Installer[/b:8beaa84d57][/url] [b:8beaa84d57]Installatie[/b:8beaa84d57]: [list:8beaa84d57][*:8beaa84d57]Installeer HijackThis op de aangegeven lokatie - daarmee wordt voorkomen dat eventuele back-ups niet terugvindbaar zijn![/list:u:8beaa84d57] Gebruikers van [b:8beaa84d57]Windows Vista[/b:8beaa84d57] en [b:8beaa84d57]Windows 7[/b:8beaa84d57] gaan daarna naar de installatielokatie van HijackThis. [list:8beaa84d57][*:8beaa84d57]Vervolgens met rechts "hijackthis.exe" aanklikken en dan "Eigenschappen" kiezen. [*:8beaa84d57]Klik nu op de tab "Comptabiliteit" en zet dan een vinkje bij "Als Administrator uitvoeren". [*:8beaa84d57]Als laatste wordt dan nog op [b:8beaa84d57]Toepassen[/b:8beaa84d57] en [b:8beaa84d57]OK[/b:8beaa84d57] geklikt[/list:u:8beaa84d57] [b:8beaa84d57]Hijack This gebruiken[/b:8beaa84d57]: [list:8beaa84d57][*:8beaa84d57]Sluit eerst alle openstaande programma's en de webbrowsers. [*:8beaa84d57]Start nu 'Hijack This' en klik vervolgens op de knop 'Do a system scan and save a logfile' [list:8beaa84d57][*:8beaa84d57]Start HijackThis op met het scanvenster, klik dan eerst op de knop 'Main Menu'[/list:u:8beaa84d57] [*:8beaa84d57]Sluit nu alle openstaande vensters en start vervolgens 'HijackThis' en kies voor 'Do a system scan and save a logfile'. [*:8beaa84d57]Kopieer en plak de inhoud van het Hijack This-logfile in je aansluitende bericht. [*:8beaa84d57]Hierna mag je Hijack This weer sluiten[/list:u:8beaa84d57] [color=#FF0000:8beaa84d57][b:8beaa84d57]Stap •2•[/b:8beaa84d57][/color:8beaa84d57] [b:8beaa84d57]Welk programma[/b:8beaa84d57]: Malwarebytes MBAM [b:8beaa84d57]Waarvoor/waarom[/b:8beaa84d57]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware. [b:8beaa84d57]Moeilijkheidsgraad[/b:8beaa84d57]: geen. [b:8beaa84d57]Download Malwarebytes MBAM via één van deze locaties[/b:8beaa84d57]: [list:8beaa84d57][*:8beaa84d57][url=http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?][b:8beaa84d57]Download.com[/b:8beaa84d57][/url] [*:8beaa84d57][url=http://www.softpedia.com/result.php?sid=&pid=1-423&r=Z2V0L0FudGl2aXJ1cy9NYWx3YXJlYnl0ZXMtQW50aS1NYWx3YXJlLnNodG1s][b:8beaa84d57]Softpedia.com[/b:8beaa84d57][/url][*:8beaa84d57][url=http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html][b:8beaa84d57]Majorgeeks.com[/b:8beaa84d57][/url][/list:u:8beaa84d57] [b:8beaa84d57]Allereerst[/b:8beaa84d57]:[list:8beaa84d57][*:8beaa84d57] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus. [*:8beaa84d57] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'! [/list:u:8beaa84d57] [b:8beaa84d57]Malwarebytes MBAM opstarten[/b:8beaa84d57]: Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling. Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren. [list:8beaa84d57][*:8beaa84d57][b:8beaa84d57]Let op:[/b:8beaa84d57] [list:8beaa84d57][*:8beaa84d57]Malwarebytes verstrekt nu de volledige versie van MBAM. [*:8beaa84d57]Bij de eerstse start kijg je de mogelijkheid de volledige versie te gebruiken of de gratis versie. [*:8beaa84d57]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken. [*:8beaa84d57]Zodoende zal MBAM als gratis versie verder te gebruiken zijn[/list:u:8beaa84d57][/list:u:8beaa84d57] [img:8beaa84d57]http://img30.imageshack.us/img30/3928/mbam2.png[/img:8beaa84d57] [list:8beaa84d57][*:8beaa84d57][b:8beaa84d57]Doe ook nog het volgende:[/b:8beaa84d57] [list:8beaa84d57][*:8beaa84d57]Zodra het programma gestart is, ga dan naar het tabblad "[b:8beaa84d57]Instellingen[/b:8beaa84d57]". [*:8beaa84d57]Vink hier aan: "[b:8beaa84d57]Sluit Internet Explorer tijdens verwijdering van malware[/b:8beaa84d57]".[/list:u:8beaa84d57][/list:u:8beaa84d57] [b:8beaa84d57]Scannen[/b:8beaa84d57]: [list:8beaa84d57][*:8beaa84d57] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'. [*:8beaa84d57]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'. [*:8beaa84d57]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:8beaa84d57] [b:8beaa84d57]Infecties gevonden[/b:8beaa84d57]: [list:8beaa84d57][*:8beaa84d57]Klik nu eerst op OK om de melding weg te klikken [*:8beaa84d57]Klik vervolgens rechtsonder op de knop Bekijk resultaten. [*:8beaa84d57]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde. [*:8beaa84d57]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [*:8beaa84d57]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken! [*:8beaa84d57]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:8beaa84d57] [b:8beaa84d57]MBAM-Log[/b:8beaa84d57]: [list:8beaa84d57][*:8beaa84d57] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:8beaa84d57] [b:8beaa84d57]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:8beaa84d57] [color=#FF0000:8beaa84d57][b:8beaa84d57]Stap •3•[/b:8beaa84d57][/color:8beaa84d57] [b:8beaa84d57]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:8beaa84d57] [list:8beaa84d57][*:8beaa84d57] een Hijackthis-log [*:8beaa84d57] MBAM scanlog[/list:u:8beaa84d57]

[anoniem]

Stap 1: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:16:23, on 30/12/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe C:\WINDOWS\system32\winlogon.exe C:\Program Files\ScanSoft\PDF Professional 3.0\PdfPro3Hook.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tijd.be/home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab.com/?s=0&chnl=irn R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [Acronis Scheduler2Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)" -"http://www.hotelaquatel.be/html/nl/beschrijving.html" O4 - HKUS\S-1-5-21-842925246-1592454029-1417001333-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'arno') O4 - HKUS\S-1-5-21-842925246-1592454029-1417001333-1007\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'arno') O4 - HKUS\S-1-5-21-842925246-1592454029-1417001333-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: NaturalColorLoad.lnk = ? O8 - Extra context menu item: PDF in Word openen (PDF Converter 3.0) - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /700 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/select/asusTek_sys_ctrl3.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.spector.be/DesktopModules/SpectorAlbum/ImageUploader5.cab O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224070674171 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://sligachanhotel.remotemanager.co.uk/common/activex/MJPEGRender.ocx O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Acronis Nonstop Backup-service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9c7b35e2a82cc) (gupdate1c9c7b35e2a82cc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpdj - HP - C:\DOCUME~1\paul\LOCALS~1\Temp\hpdj.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- End of file - 12319 bytes

[anoniem]

P.S. Vooraleer hijackthis van start wou gaan werd blijkbaar eerst een recente printerdriver verwijderd.

[anoniem]

Dat het niet helemaal lekker gaat met jouw Windows is min of meer duidelijk. Met en Avira Antivir en AVG 2012 als antivirussoftware in jouw Windows kan je problemen verwachten, doordat beide tools meer aandacht hebben voor de onderlingen conflicten! Dus één van de twee moet er uit!

[anoniem]

Sorry voor mijn laat antwoord: scan Mbam duurde ruim 3 uur (2 HD). Log staat hieronder. (!) Wat virusscanners betreft: alleen Avira is actief. Ik heb onlangs AVG geinstalleerd maar er bleek nogal wat trager te lopen. Dan maar terug naar Avira maar AVG staat dus nog wel op mijn computer. Ondertussen ben ik er niet meer zo zeker van dat AVG de oorzaak was van de problemen... Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Databaseversie: v2011.12.24.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 paul :: STILLEPC [administrator] 30/12/2011 15:32:58 mbam-log-2011-12-30 (15-32-58).txt Scantype: Volledige scan Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 825728 Verstreken tijd: 3 uur/uren, 10 minuut/minuten, Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab FLV Player (Adware.Agent) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 6 C:\Program Files\VideoConverterSetup.exe (Adware.Agent) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\IrfanView\Languages\Nederlands.dll (Trojan.ModifiedUPX) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\FoxTabFLVPlayer\Uninstall\Uninstall.exe (Adware.Agent) -> Succesvol in quarantaine geplaatst en verwijderd. F:\Program Files\VideoConverterSetup.exe (Adware.Agent) -> Succesvol in quarantaine geplaatst en verwijderd. F:\Program Files\IrfanView\Languages\Nederlands.dll (Trojan.ModifiedUPX) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\gb.dll (Spyware.OnlineGames) -> Succesvol in quarantaine geplaatst en verwijderd. (einde)

[anoniem]

Oke", dan gaan we nu eerst kijken of AVG zich volledig laat verwijderen: AVG Remover (32-bits) 2012: http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x86_2012_1796.exe Post hierna een nieuw Hijack This-log. En dan nog iets: ik had een snelle scan door MBAM gevraagd, jij hebt een volledige gedaan! Graag in het vervolg wel doen wat ik je vraag te doen.

[anoniem]

Sorry, niet op gelet vrees ik. :oops: nieuwe log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:28:15, on 30/12/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tijd.be/home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab.com/?s=0&chnl=irn R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [Acronis Scheduler2Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet O4 - HKLM\..\RunOnce: [AvgRemover] C:\Documents and Settings\paul\Local Settings\Temporary Internet Files\Content.IE5\W3Z5HZCH\avg_remover_stf_x86_2012_1796[1].exe /run_number=2 /avgdir="C:\Program Files\AVG\AVG2012\" /avgdatadir="C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2012\" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)" -"http://www.hotelaquatel.be/html/nl/beschrijving.html" O4 - HKUS\S-1-5-21-842925246-1592454029-1417001333-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: NaturalColorLoad.lnk = ? O8 - Extra context menu item: PDF in Word openen (PDF Converter 3.0) - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /700 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/select/asusTek_sys_ctrl3.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.spector.be/DesktopModules/SpectorAlbum/ImageUploader5.cab O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224070674171 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://sligachanhotel.remotemanager.co.uk/common/activex/MJPEGRender.ocx O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Acronis Nonstop Backup-service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9c7b35e2a82cc) (gupdate1c9c7b35e2a82cc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- End of file - 11886 bytes

[anoniem]

Hoi, zo te zien heeft de remover goed werk verricht. [b:006356e2ed]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:006356e2ed] [color=blue:006356e2ed][list:006356e2ed][*:006356e2ed]Lees alle instrukties goed door. [*:006356e2ed]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat serieuze problemen in Windows veroorzaken. [*:006356e2ed]Onthou je van het gebruik van tools cq. updates anders dan die ik jou adviseer te gebruiken. [*:006356e2ed]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken. [*:006356e2ed]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht. [*:006356e2ed]De fix, eenmaal gestart, moet afgewerkt worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:006356e2ed][/color:006356e2ed] [color=#FF0000:006356e2ed][b:006356e2ed]Stap •1•[/b:006356e2ed][/color:006356e2ed] [[b:006356e2ed]Welk programma[/b:006356e2ed]: Kaspersky [b:006356e2ed]TDSSKiller[/b:006356e2ed] [b:006356e2ed]Waarvoor/waarom[/b:006356e2ed]: Rootkitscanner [b:006356e2ed]Moeilijkheidsgraad[/b:006356e2ed]: geen [b:006356e2ed]Downloadlokatie[/b:006356e2ed]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen! [b:006356e2ed]Download[/b:006356e2ed] [b:006356e2ed]TDSSKiller[/b:006356e2ed] [url=http://support.kaspersky.com/downloads/utils/tdsskiller.zip][b:006356e2ed]hier[/b:006356e2ed][/url]. [b:006356e2ed]Installatie[/b:006356e2ed]: [list:006356e2ed][*:006356e2ed] pak het bestand uit op je bureaublad.[/list:u:006356e2ed] [b:006356e2ed]TDSSKiller gebruiken[/b:006356e2ed]: [list:006356e2ed][*:006356e2ed]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe. [*:006356e2ed]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:006356e2ed]Als Administrator uitvoeren[/b:006356e2ed].[/list:u:006356e2ed] [list:006356e2ed][*:006356e2ed]Idien TDSSKiller met een bericht komt over een beschikbare update, dan voer je deze eerst uit, [*:006356e2ed]klik daarvoor op de knop "Load update"[/list:u:006356e2ed] [img:006356e2ed]http://www.malwareinfo.nl/files/screens/TDSSkiller(update).jpg[/img:006356e2ed] [list:006356e2ed][*:006356e2ed]Een nieuwe versie van TDSSkiller zal nu gedownload worden en sla deze op het bureaublad op. [*:006356e2ed]Start nu TDSSkiller opnieuw. [*:006356e2ed] Klik op "[b:006356e2ed]Change parameters[/b:006356e2ed]" en zorg dat de onderstaande opties allemaal aangevinkt zijn.[/list:u:006356e2ed] [img:006356e2ed]http://www.malwareinfo.nl/files/screens/TDSSkiller(opties).jpg[/img:006356e2ed] [list:006356e2ed][*:006356e2ed]Klik vervolgens op de knop [b:006356e2ed]"Start Scan"[/b:006356e2ed] en volg de instructies. [*:006356e2ed] Nadat de scan klaar is klik je op de knop [b:006356e2ed]"Report"[/b:006356e2ed]. [*:006356e2ed]Er opent een kladblokbestand. Post de inhoud van dit bestand.[/list:u:006356e2ed] [list:006356e2ed][*:006356e2ed][b:006356e2ed]Herstart de pc indien TDSSKiller die optie aangeeft (Reboot now).[/b:006356e2ed] [*:006356e2ed]Wanneer het opnieuw opstarten noodzakelijk is, vind je de logfile in [b:006356e2ed]C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt[/b:006356e2ed][/list:u:006356e2ed] [color=#FF0000:006356e2ed][b:006356e2ed]Stap •2•[/b:006356e2ed][/color:006356e2ed] [b:006356e2ed]Welk programma[/b:006356e2ed]: ComboFix [b:006356e2ed]Waarvoor/waarom[/b:006356e2ed]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:006356e2ed]Moeilijkheidsgraad[/b:006356e2ed]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:006356e2ed]Downloadlokatie[/b:006356e2ed]: Dit programma absoluut naar het bureaublad downloaden! [b:006356e2ed]Download ComboFix via één van deze locaties[/b:006356e2ed]: [list:006356e2ed][*:006356e2ed][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:006356e2ed]Bleepingcomputer[/b:006356e2ed][/url] [*:006356e2ed][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:006356e2ed]ForoSpyware[/b:006356e2ed][/url] [*:006356e2ed][url=http://subs.geekstogo.com/ComboFix.exe][b:006356e2ed]Geekstogo[/b:006356e2ed][/url][/list:u:006356e2ed] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:006356e2ed]Hier[/b:006356e2ed][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:006356e2ed]Hier[/b:006356e2ed][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:006356e2ed]hier[/b:006356e2ed][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:006356e2ed]Voor alle duidelijkheid nogmaals[/b:006356e2ed]: ComboFix dient vanaf het bureaublad gestart te worden. [b:006356e2ed]Opmerkingen[/b:006356e2ed]: [list:006356e2ed][*:006356e2ed] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:006356e2ed]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:006356e2ed]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:006356e2ed] [b:006356e2ed]ComboFix is opgestart[/b:006356e2ed]: [list:006356e2ed][*:006356e2ed]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:006356e2ed]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:006356e2ed]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:006356e2ed]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:006356e2ed]Post de inhoud van dit logbestand in je volgende bericht. [*:006356e2ed]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:006356e2ed] [b:006356e2ed]Belangrijke opmerking[/b:006356e2ed]: [list:006356e2ed][*:006356e2ed][b:006356e2ed][color=Red:006356e2ed]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:006356e2ed][/b:006356e2ed] [*:006356e2ed][b:006356e2ed][color=blue:006356e2ed]Illegal operation attempted on a registery key that has been marked for deletion.[/color:006356e2ed][/b:006356e2ed] [*:006356e2ed][b:006356e2ed][color=Red:006356e2ed]Start dan de computer opnieuw op.[/color:006356e2ed][/b:006356e2ed][/list:u:006356e2ed] [color=#FF0000:006356e2ed][b:006356e2ed]Stap •3•[/b:006356e2ed][/color:006356e2ed] [b:006356e2ed]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:006356e2ed] [list:006356e2ed][*:006356e2ed] TDSSKiller-log [*:006356e2ed] ComboFix.txt-log [/list:u:006356e2ed]

[anoniem]

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:28:15, on 30/12/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tijd.be/home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab.com/?s=0&chnl=irn R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [Acronis Scheduler2Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet O4 - HKLM\..\RunOnce: [AvgRemover] C:\Documents and Settings\paul\Local Settings\Temporary Internet Files\Content.IE5\W3Z5HZCH\avg_remover_stf_x86_2012_1796[1].exe /run_number=2 /avgdir="C:\Program Files\AVG\AVG2012\" /avgdatadir="C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2012\" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)" -"http://www.hotelaquatel.be/html/nl/beschrijving.html" O4 - HKUS\S-1-5-21-842925246-1592454029-1417001333-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: NaturalColorLoad.lnk = ? O8 - Extra context menu item: PDF in Word openen (PDF Converter 3.0) - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /700 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/select/asusTek_sys_ctrl3.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.spector.be/DesktopModules/SpectorAlbum/ImageUploader5.cab O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224070674171 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://sligachanhotel.remotemanager.co.uk/common/activex/MJPEGRender.ocx O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Acronis Nonstop Backup-service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9c7b35e2a82cc) (gupdate1c9c7b35e2a82cc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- End of file - 11886 bytes

[anoniem]

ComboFix 11-12-30.01 - paul 30/12/2011 19:56:19.6.4 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3582.2821 [GMT 1:00] Gestart vanuit: c:\documents and settings\paul\Bureaublad\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users.WINDOWS\Application Data\TEMP c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe c:\documents and settings\Default User\DelB0C.tmp c:\documents and settings\marijke\Favorieten\Thumbs.db c:\documents and settings\paul\Application Data\.# c:\documents and settings\paul\Favorieten\Thumbs.db c:\documents and settings\paul\Mijn documenten\~WRL0879.tmp c:\documents and settings\paul\Mijn documenten\DPE.DUS c:\documents and settings\paul\WINDOWS c:\program files\178.13_geforce_winxp_32bit_international_whql.exe c:\program files\285.58-desktop-winxp-32bit-international-whql.exe c:\program files\5100_nld_win2k_xp.exe c:\program files\ATIH2011_trial_nl-NL.exe c:\program files\ATIH2011Addons_nl-NL.exe c:\program files\avg_free_stb_eu_2012_1890_free.exe c:\program files\CyberLink.2504_trial_VDE101208-06.exe c:\program files\daemon4301-lite.exe c:\program files\DigiLeenSetup_v1.1.00.0027.exe c:\program files\Eraser 6.0.8.2273.exe c:\program files\Garmin - MapInstall_3121.exe c:\program files\Garmin - MapSource_6141.exe c:\program files\MediaMonkey_3.0.3.1183.exe c:\program files\PMB56_Updater1105a.exe c:\program files\PoiEdit2007-2-NLD.exe c:\program files\REST2514.EXE c:\program files\SPU_Upgrade0805a.exe c:\program files\WindowsXP-KB932716-v2-x86-NLD.exe c:\windows\IsUn0413.exe c:\windows\system32\PowerToyReadme.htm c:\windows\system32\SET73.tmp c:\windows\system32\Thumbs.db . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))) . . 2011-12-30 18:26 . 2011-12-30 18:26 388096 ----a-r- c:\documents and settings\paul\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-12-30 14:13 . 2003-11-08 00:49 278528 ----a-w- c:\windows\system32\hpdj 2011-12-30 14:08 . 2011-12-30 14:08 1402880 ----a-w- c:\program files\HiJackThis.msi 2011-12-29 17:58 . 2011-12-29 18:18 2982 ----a-w- C:\user.js 2011-12-29 17:58 . 2011-12-29 17:58 -------- d-----w- c:\documents and settings\paul\Local Settings\Application Data\Babylon 2011-12-29 17:58 . 2011-12-29 17:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Babylon 2011-12-29 17:57 . 2011-12-29 17:57 -------- d-----w- c:\program files\FoxTabFLVPlayer 2011-12-28 20:12 . 2003-09-24 08:44 44544 ----a-r- c:\windows\system32\MSXML4a.dll 2011-12-28 20:12 . 2003-09-24 08:43 626960 ----a-r- c:\windows\system32\hpvaut32.dll 2011-12-28 20:12 . 2003-09-24 08:43 487424 ----a-r- c:\windows\system32\hpvcp70.dll 2011-12-28 20:12 . 2003-09-24 08:43 344064 ----a-r- c:\windows\system32\hpvcr70.dll 2011-12-28 19:51 . 2011-12-28 19:51 -------- d-----w- c:\program files\HP 2011-12-28 19:45 . 2011-12-28 19:45 -------- d-----w- c:\program files\5100 2011-12-27 20:11 . 2011-12-27 20:11 -------- d-----w- c:\documents and settings\paul\Application Data\NVIDIA 2011-12-27 20:00 . 2011-12-27 20:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NVIDIA Corporation 2011-12-26 16:15 . 2011-12-26 16:15 -------- d-----w- c:\documents and settings\Adobe CS5 2011-12-26 07:07 . 2011-12-26 07:08 -------- d-----w- c:\documents and settings\paul\Application Data\vlc 2011-12-26 07:01 . 2011-12-26 07:01 21073936 ----a-w- c:\program files\vlc-1.1.11-win32.exe 2011-12-25 23:59 . 2011-12-26 00:00 -------- d-----w- c:\program files\Adobe Photoshop CS3 2011-12-25 22:14 . 2011-12-25 22:14 -------- d-----w- c:\windows\system32\wbem\Repository 2011-12-25 22:13 . 2011-12-30 18:38 -------- d--h--r- c:\documents and settings\paul\Onlangs geopend 2011-12-25 21:19 . 2011-12-25 22:12 -------- d-----w- c:\documents and settings\paul\Local Settings\Application Data\Adobe(2) 2011-12-25 21:19 . 2011-12-25 22:12 -------- d-----w- c:\documents and settings\paul\Application Data\Adobe(2) 2011-12-25 21:14 . 2011-12-25 22:12 -------- d-----w- c:\program files\PhotoshopPortable 2011-12-25 09:09 . 2011-12-25 09:09 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Mijn documenten 2011-12-25 09:09 . 2011-12-25 22:13 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Adobe 2011-12-17 21:17 . 2011-12-17 21:45 -------- d-----w- c:\documents and settings\paul\Application Data\AVG 2011-12-17 19:22 . 2011-12-17 19:22 -------- d-----w- C:\$AVG 2011-12-17 18:29 . 2011-12-17 18:29 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\Common Files 2011-12-17 18:28 . 2011-12-30 18:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG2012 2011-12-17 18:28 . 2011-12-17 21:15 -------- d-----w- c:\program files\AVG 2011-12-17 18:26 . 2011-12-30 18:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData 2011-12-05 21:17 . 2011-12-05 21:17 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll 2011-12-05 21:17 . 2011-12-05 21:17 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll 2011-12-05 21:17 . 2011-12-05 21:17 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll 2011-12-05 21:17 . 2011-12-05 21:17 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll 2011-12-05 21:17 . 2011-12-05 21:17 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll 2011-12-05 21:17 . 2011-12-05 21:17 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll 2011-12-05 21:17 . 2011-12-05 21:17 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll 2011-12-05 21:13 . 2011-12-05 21:13 -------- d-----w- c:\program files\iPod 2011-12-05 21:09 . 2011-12-05 21:09 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Apple Computer . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-25 23:16 . 2010-12-11 07:23 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-12-11 22:41 . 2008-04-15 12:00 26112 ----a-w- c:\windows\system32\userinit.exe 2011-12-10 14:24 . 2008-10-21 13:29 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-03 13:19 . 2011-12-03 13:19 74592 ----a-w- c:\documents and settings\bosch - garantiebewijs GOP 250 CE.zip 2011-12-03 09:52 . 2011-06-10 07:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-23 14:40 . 2008-04-15 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-04 19:13 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2008-04-15 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2008-04-15 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-29 06:47 . 2011-10-29 11:01 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-10-28 15:52 . 2009-03-14 08:08 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-10-28 05:32 . 2008-04-15 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-26 10:50 . 2008-04-15 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-26 10:50 . 2008-04-14 22:11 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-18 16:51 . 2011-10-18 16:51 3687352 ----a-w- c:\program files\PMB.lnk 2011-10-18 11:13 . 2008-04-15 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22 . 2008-10-02 21:09 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-08 04:50 . 2008-09-17 07:55 5595136 ----a-w- c:\windows\system32\nvcuda.dll 2011-10-08 04:50 . 2008-09-17 07:55 335872 ----a-w- c:\windows\system32\nvrsar.dll 2011-10-08 04:50 . 2008-09-17 07:55 331776 ----a-w- c:\windows\system32\nvrshe.dll 2011-10-08 04:50 . 2008-09-17 07:55 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2011-10-08 04:50 . 2008-09-17 07:55 282624 ----a-w- c:\windows\system32\nvrsit.dll 2011-10-08 04:50 . 2008-09-17 07:55 282624 ----a-w- c:\windows\system32\nvrses.dll 2011-10-08 04:50 . 2008-09-17 07:55 282624 ----a-w- c:\windows\system32\nvrsel.dll 2011-10-08 04:50 . 2008-09-17 07:55 278528 ----a-w- c:\windows\system32\nvrsde.dll 2011-10-08 04:50 . 2008-09-17 07:55 274432 ----a-w- c:\windows\system32\nvrspt.dll 2011-10-08 04:50 . 2008-09-17 07:55 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2011-10-08 04:50 . 2008-09-17 07:55 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2011-10-08 04:50 . 2008-09-17 07:55 270336 ----a-w- c:\windows\system32\nvrsru.dll 2011-10-08 04:50 . 2008-09-17 07:55 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2011-10-08 04:50 . 2008-09-17 07:55 270336 ----a-w- c:\windows\system32\nvrsja.dll 2011-10-08 04:50 . 2008-09-17 07:55 266240 ----a-w- c:\windows\system32\nvrsko.dll 2011-10-08 04:50 . 2008-09-17 07:55 262144 ----a-w- c:\windows\system32\nvrshu.dll 2011-10-08 04:50 . 2008-09-17 07:55 258048 ----a-w- c:\windows\system32\nvrstr.dll 2011-10-08 04:50 . 2008-09-17 07:55 258048 ----a-w- c:\windows\system32\nvrssl.dll 2011-10-08 04:50 . 2008-09-17 07:55 258048 ----a-w- c:\windows\system32\nvrssk.dll 2011-10-08 04:50 . 2008-09-17 07:55 258048 ----a-w- c:\windows\system32\nvrspl.dll 2011-10-08 04:50 . 2008-09-17 07:55 253952 ----a-w- c:\windows\system32\nvrsth.dll 2011-10-08 04:50 . 2008-09-17 07:55 253952 ----a-w- c:\windows\system32\nvrssv.dll 2011-10-08 04:50 . 2008-09-17 07:55 253952 ----a-w- c:\windows\system32\nvrsno.dll 2011-10-08 04:50 . 2008-09-17 07:55 253952 ----a-w- c:\windows\system32\nvrsda.dll 2011-10-08 04:50 . 2008-09-17 07:55 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2011-10-08 04:50 . 2008-09-17 07:55 249856 ----a-w- c:\windows\system32\nvrseng.dll 2011-10-08 04:50 . 2008-09-17 07:55 249856 ----a-w- c:\windows\system32\nvrscs.dll 2011-10-08 04:50 . 2008-09-17 07:55 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2011-10-08 04:50 . 2008-09-17 07:55 126976 ----a-w- c:\windows\system32\nvrszht.dll 2011-10-08 04:50 . 2007-09-16 17:07 54272 ----a-w- c:\windows\system32\nvwddi.dll 2011-10-08 04:50 . 2007-09-16 17:07 4226688 ----a-w- c:\windows\system32\nv4_disp.dll 2011-10-08 04:50 . 2007-09-16 17:07 298304 ----a-w- c:\windows\system32\nvsvc32.exe 2011-10-08 04:50 . 2007-09-16 17:07 2449408 ----a-w- c:\windows\system32\nvapi.dll 2011-10-08 04:50 . 2007-09-16 17:07 220992 ----a-w- c:\windows\system32\nvcolor.exe 2011-10-08 04:50 . 2007-09-16 17:07 203072 ----a-w- c:\windows\system32\nvmctray.dll 2011-10-08 04:50 . 2007-09-16 17:07 17956864 ----a-w- c:\windows\system32\nvoglnt.dll 2011-10-08 04:50 . 2007-09-16 17:07 16744256 ----a-w- c:\windows\system32\nvcpl.dll 2011-10-08 04:50 . 2007-09-16 17:07 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2011-04-10 12:06 . 2011-04-10 12:06 20586196 ----a-w- c:\program files\vlc-1.1.8-win32.exe 2011-04-10 12:03 . 2011-02-19 15:31 20364702 ----a-w- c:\program files\vlc-1.1.7-win32.exe 2011-01-29 06:52 . 2011-01-29 06:52 200442456 ----a-w- c:\program files\vegaspro100c_32bit.exe 2011-01-27 18:35 . 2011-01-27 18:35 1364522 ----a-w- c:\program files\wrar393.exe 2011-01-16 09:27 . 2011-01-16 09:26 150446976 ----a-w- c:\program files\AVSVideoEditor.exe 2011-01-12 02:33 . 2011-01-12 02:33 11008549 ----a-w- c:\program files\avidemux_2.5.4_win32.exe 2011-01-11 17:21 . 2011-01-11 17:20 62701672 ----a-w- c:\program files\AVSVideoConverter.exe 2010-12-30 16:59 . 2010-12-30 16:58 19985265 ----a-w- c:\program files\vlc-1.1.5-win32.exe 2010-12-14 19:22 . 2010-12-14 19:22 338760 ----a-w- c:\program files\RegtaskTool_Installer.exe 2010-12-13 18:03 . 2008-10-22 11:09 86016 ----a-w- c:\program files\setupenne.dll 2010-12-11 07:22 . 2010-12-11 07:21 25188112 ----a-w- c:\program files\setpoint620.exe 2010-12-08 18:15 . 2008-10-20 17:25 9039288 ----a-w- c:\program files\Vuze_Installer.exe 2010-12-04 11:27 . 2010-07-04 06:54 13454568 ----a-w- c:\program files\RegistryReviverSetup.exe 2010-08-29 11:47 . 2009-04-29 16:04 44089904 ----a-w- c:\program files\avira_antivir_personal_en.exe 2010-08-29 11:37 . 2010-08-29 11:37 44153664 ----a-w- c:\program files\avira_antivir_personal_de.exe 2010-08-29 11:23 . 2010-08-29 11:23 3427712 ----a-w- c:\program files\ccsetup235.exe 2010-08-05 17:43 . 2010-08-05 17:43 3420304 ----a-w- c:\program files\ccsetup234.exe 2010-03-20 17:37 . 2010-03-20 17:37 1103048 ----a-w- c:\program files\wpsetup.exe 2010-03-12 12:28 . 2010-03-12 12:28 34506392 ----a-w- c:\program files\Nokia_PC_Suite_dut_web.exe 2010-03-12 10:46 . 2010-03-12 10:39 98366952 ----a-w- c:\program files\Nokia_Ovi_Suite_webinstaller_ALL.exe 2010-01-02 22:50 . 2009-10-16 05:08 13731712 ----a-w- c:\program files\AVSRegistryCleaner.exe 2009-12-25 11:22 . 2009-12-25 11:22 6113439 ----a-w- c:\program files\pci_filerecovery.exe 2009-10-25 11:52 . 2009-10-25 11:52 77086488 ----a-w- c:\program files\Ad-AwareInstallation.exe 2009-09-02 18:54 . 2009-09-02 18:54 74160 ----a-w- c:\program files\irfanview_lang_nederlands.exe 2009-09-02 18:52 . 2009-09-02 18:52 1359360 ----a-w- c:\program files\iview425_setup.exe 2009-08-30 09:17 . 2009-08-30 09:16 3293088 ----a-w- c:\program files\ccsetup223.exe 2009-05-28 18:34 . 2009-05-28 18:34 5076056 ----a-w- c:\program files\nuvi760_480.exe 2009-03-22 12:11 . 2009-03-22 12:11 4310568 ----a-w- c:\program files\WebUpdater_241.exe 2009-03-14 08:06 . 2009-03-14 08:06 37452296 ----a-w- c:\program files\Ad-AwareAE.exe 2008-12-21 11:12 . 2008-12-21 11:11 5797488 ----a-w- c:\program files\GOMPLAYERENSETUP.EXE 2008-12-21 08:57 . 2008-12-21 08:57 27288880 ----a-w- c:\program files\QuickTimeInstaller.exe 2008-12-21 08:49 . 2008-12-21 08:49 12349806 ----a-w- c:\program files\dvdflick_setup_1.3.0.4.exe 2008-11-30 11:51 . 2008-10-06 07:04 15083520 ----a-w- c:\program files\spybotsd160.exe 2008-11-23 14:14 . 2008-10-02 17:20 25129080 ----a-w- c:\program files\antivir_workstation_winu_en_h.exe 2008-11-23 12:02 . 2008-11-23 12:02 1958864 ----a-w- c:\program files\TrendMicro_Downloader.exe 2008-11-11 14:44 . 2008-11-11 14:44 860391 ----a-w- c:\program files\7z457.exe 2008-10-15 13:18 . 2008-10-15 13:18 2160115 ----a-w- c:\program files\NeatSetup.exe 2008-10-15 11:48 . 2008-10-15 11:16 3172459 ----a-w- c:\program files\cdbxp_setup_4.2.2.984.exe 2008-10-15 11:18 . 2008-10-15 11:18 2959376 ----a-w- c:\program files\dotnetfx35setup.exe 2008-10-15 11:12 . 2008-10-15 11:12 4057200 ----a-w- c:\program files\wmfdist.exe 2008-10-15 09:10 . 2008-10-15 09:10 359656 ----a-w- c:\program files\msicuu2.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-11-29 3908192] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe" [2011-06-09 12002664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="c:\progra~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-09-26 222784] "RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600] "Acronis Scheduler2Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-20 390512] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256] "NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\ NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2008-12-4 155715] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer] c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart] 2007-03-04 21:08 1891416 ----a-w- c:\garmin\gStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-10-05 09:08 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "iPod Service"=3 (0x3) "gusvc"=2 (0x2) "gupdate1c9c7b35e2a82cc"=2 (0x2) "GEST Service"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\GIGABYTE\\GEST\\run.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Avira\\AntiVir Desktop\\avscan.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server "3192:TCP"= 3192:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [4/10/2008 12:21 30820] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [14/03/2009 9:08 64512] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/10/2008 19:41 717296] R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2/12/2010 19:22 752128] R2 afcdpsrv;Acronis Nonstop Backup-service ;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [29/12/2010 14:42 3246040] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22/05/2009 18:54 136360] R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11/12/2010 8:22 10448] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [27/12/2011 21:00 2253120] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [15/03/2011 13:44 428384] R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [29/12/2010 14:42 167968] S2 gupdate1c9c7b35e2a82cc;Google Update Service (gupdate1c9c7b35e2a82cc);c:\program files\Google\Update\GoogleUpdate.exe [28/04/2009 4:42 133104] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [28/10/2011 16:52 2152152] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28/04/2009 4:42 133104] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096] S4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [15/04/2008 13:00 14336] S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe --> c:\program files\AskBarDis\bar\bin\AskService.exe [?] S4 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\gsvr.exe [2/10/2008 23:16 55816] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - 15619617 *Deregistered* - 15619617 *Deregistered* - Lavasoft Kernexplorer . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map . 2011-12-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-10-28 15:52] . 2011-12-26 c:\windows\Tasks\AdobeAAMUpdater-1.0-STILLEPC-paul.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-03-22 02:44] . 2011-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2011-12-30 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-05 07:23] . 2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 03:42] . 2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 03:42] . 2011-12-30 c:\windows\Tasks\User_Feed_Synchronization-{1CD3A718-4B83-444F-9C3D-CB870A64AC95}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.tijd.be/home mStart Page = hxxp://search.foxtab.com/?s=0&chnl=irn uInternet Settings,ProxyOverride = *.local IE: PDF in Word openen (PDF Converter 3.0) - c:\program files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /700 TCP: DhcpNameServer = 192.168.1.1 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://sligachanhotel.remotemanager.co.uk/common/activex/MJPEGRender.ocx . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) HKLM-RunOnce-AvgRemover - c:\documents and settings\paul\Local Settings\Temporary Internet Files\Content.IE5\W3Z5HZCH\avg_remover_stf_x86_2012_1796[1].exe AddRemove-Van Dale Grote woordenboeken Engels - c:\windows\ISUN0413.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-30 20:06 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_d76cf65.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_d76cf65.dll" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(996) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll . Voltooingstijd: 2011-12-30 20:08:15 ComboFix-quarantined-files.txt 2011-12-30 19:08 ComboFix2.txt 2008-12-26 12:14 . Pre-Run: 213.157.101.568 bytes beschikbaar Post-Run: 213.849.038.848 bytes beschikbaar . - - End Of File - - A926F19AC679978DA8C021ADB708623D

[anoniem]

20:15:07.0593 2628 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16 20:15:07.0703 2628 ============================================================ 20:15:07.0703 2628 Current date / time: 2011/12/30 20:15:07.0703 20:15:07.0703 2628 SystemInfo: 20:15:07.0703 2628 20:15:07.0703 2628 OS Version: 5.1.2600 ServicePack: 3.0 20:15:07.0703 2628 Product type: Workstation 20:15:07.0703 2628 ComputerName: STILLEPC 20:15:07.0703 2628 UserName: paul 20:15:07.0703 2628 Windows directory: C:\WINDOWS 20:15:07.0703 2628 System windows directory: C:\WINDOWS 20:15:07.0703 2628 Processor architecture: Intel x86 20:15:07.0703 2628 Number of processors: 4 20:15:07.0703 2628 Page size: 0x1000 20:15:07.0703 2628 Boot type: Normal boot 20:15:07.0703 2628 ============================================================ 20:15:08.0890 2628 Initialize success

[anoniem]

Hoi, geen logs posten waar ik niet om gevraagd heb graag. En het TDSSKiller-log is inkompleet. Graag het volledige log - C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

[anoniem]

19:39:10.0468 3100 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16 19:39:10.0593 3100 ============================================================ 19:39:10.0593 3100 Current date / time: 2011/12/30 19:39:10.0593 19:39:10.0593 3100 SystemInfo: 19:39:10.0593 3100 19:39:10.0593 3100 OS Version: 5.1.2600 ServicePack: 3.0 19:39:10.0593 3100 Product type: Workstation 19:39:10.0593 3100 ComputerName: STILLEPC 19:39:10.0593 3100 UserName: paul 19:39:10.0593 3100 Windows directory: C:\WINDOWS 19:39:10.0593 3100 System windows directory: C:\WINDOWS 19:39:10.0593 3100 Processor architecture: Intel x86 19:39:10.0593 3100 Number of processors: 4 19:39:10.0593 3100 Page size: 0x1000 19:39:10.0593 3100 Boot type: Normal boot 19:39:10.0593 3100 ============================================================ 19:39:11.0703 3100 Initialize success 19:39:34.0093 3276 ============================================================ 19:39:34.0093 3276 Scan started 19:39:34.0093 3276 Mode: Manual; 19:39:34.0093 3276 ============================================================ 19:39:34.0546 3276 Abiosdsk - ok 19:39:34.0546 3276 abp480n5 - ok 19:39:34.0593 3276 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 19:39:34.0593 3276 ACPI - ok 19:39:34.0640 3276 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys 19:39:34.0640 3276 ACPIEC - ok 19:39:34.0656 3276 adpu160m - ok 19:39:34.0703 3276 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 19:39:34.0703 3276 aec - ok 19:39:34.0718 3276 afcdp (53696ad8ffc5fac51949a525ff65a689) C:\WINDOWS\system32\DRIVERS\afcdp.sys 19:39:34.0718 3276 afcdp - ok 19:39:34.0781 3276 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 19:39:34.0781 3276 AFD - ok 19:39:34.0812 3276 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys 19:39:34.0828 3276 AFS2K - ok 19:39:34.0828 3276 Aha154x - ok 19:39:34.0843 3276 aic78u2 - ok 19:39:34.0843 3276 aic78xx - ok 19:39:34.0859 3276 AliIde - ok 19:39:34.0859 3276 amsint - ok 19:39:34.0890 3276 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 19:39:34.0890 3276 Arp1394 - ok 19:39:34.0906 3276 asc - ok 19:39:34.0906 3276 asc3350p - ok 19:39:34.0906 3276 asc3550 - ok 19:39:34.0953 3276 ASUSVRC (94442e3029ff6c9f08140fe6718af4fb) C:\WINDOWS\system32\DRIVERS\AsusVRC.sys 19:39:34.0953 3276 ASUSVRC - ok 19:39:34.0953 3276 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 19:39:34.0953 3276 AsyncMac - ok 19:39:34.0968 3276 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 19:39:34.0968 3276 atapi - ok 19:39:34.0968 3276 Atdisk - ok 19:39:34.0984 3276 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 19:39:34.0984 3276 Atmarpc - ok 19:39:35.0015 3276 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 19:39:35.0015 3276 audstub - ok 19:39:35.0140 3276 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 19:39:35.0140 3276 avgio - ok 19:39:35.0171 3276 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 19:39:35.0171 3276 avgntflt - ok 19:39:35.0203 3276 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 19:39:35.0203 3276 avipbb - ok 19:39:35.0218 3276 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 19:39:35.0218 3276 Beep - ok 19:39:35.0250 3276 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 19:39:35.0250 3276 cbidf2k - ok 19:39:35.0265 3276 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 19:39:35.0265 3276 CCDECODE - ok 19:39:35.0265 3276 cd20xrnt - ok 19:39:35.0281 3276 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 19:39:35.0281 3276 Cdaudio - ok 19:39:35.0281 3276 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 19:39:35.0296 3276 Cdfs - ok 19:39:35.0343 3276 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 19:39:35.0343 3276 Cdrom - ok 19:39:35.0343 3276 Changer - ok 19:39:35.0359 3276 CmdIde - ok 19:39:35.0375 3276 Cpqarray - ok 19:39:35.0375 3276 dac2w2k - ok 19:39:35.0390 3276 dac960nt - ok 19:39:35.0406 3276 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 19:39:35.0406 3276 Disk - ok 19:39:35.0453 3276 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys 19:39:35.0453 3276 dmboot - ok 19:39:35.0484 3276 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys 19:39:35.0484 3276 dmio - ok 19:39:35.0500 3276 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 19:39:35.0500 3276 dmload - ok 19:39:35.0562 3276 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 19:39:35.0562 3276 DMusic - ok 19:39:35.0562 3276 dpti2o - ok 19:39:35.0578 3276 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 19:39:35.0578 3276 drmkaud - ok 19:39:35.0609 3276 EIO (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO.sys 19:39:35.0609 3276 EIO - ok 19:39:35.0625 3276 ET5Drv (e5030e34de21a6818e8586bfb7dd4b60) C:\WINDOWS\system32\Drivers\ET5Drv.sys 19:39:35.0640 3276 ET5Drv - ok 19:39:35.0640 3276 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 19:39:35.0671 3276 Fastfat - ok 19:39:35.0671 3276 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 19:39:35.0671 3276 Fdc - ok 19:39:35.0687 3276 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys 19:39:35.0687 3276 Fips - ok 19:39:35.0703 3276 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 19:39:35.0703 3276 Flpydisk - ok 19:39:35.0718 3276 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 19:39:35.0718 3276 FltMgr - ok 19:39:35.0718 3276 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 19:39:35.0718 3276 Fs_Rec - ok 19:39:35.0734 3276 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 19:39:35.0734 3276 Ftdisk - ok 19:39:35.0765 3276 gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys 19:39:35.0812 3276 gdrv - ok 19:39:35.0828 3276 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 19:39:35.0828 3276 GEARAspiWDM - ok 19:39:35.0843 3276 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 19:39:35.0843 3276 Gpc - ok 19:39:35.0875 3276 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys 19:39:35.0875 3276 grmnusb - ok 19:39:35.0937 3276 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 19:39:35.0937 3276 HDAudBus - ok 19:39:35.0953 3276 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 19:39:35.0953 3276 hidusb - ok 19:39:35.0984 3276 hotcore (adb2edb8f33ace78582303682ab81f25) C:\WINDOWS\system32\drivers\hotcore.sys 19:39:35.0984 3276 hotcore - ok 19:39:36.0000 3276 hpn - ok 19:39:36.0046 3276 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 19:39:36.0046 3276 HTTP - ok 19:39:36.0062 3276 i2omgmt - ok 19:39:36.0062 3276 i2omp - ok 19:39:36.0093 3276 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 19:39:36.0093 3276 i8042prt - ok 19:39:36.0109 3276 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 19:39:36.0109 3276 Imapi - ok 19:39:36.0109 3276 ini910u - ok 19:39:36.0234 3276 IntcAzAudAddService (08baf30f6de95814f58af9ce7bbc5614) C:\WINDOWS\system32\drivers\RtkHDAud.sys 19:39:36.0265 3276 IntcAzAudAddService - ok 19:39:36.0265 3276 IntelIde - ok 19:39:36.0281 3276 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys 19:39:36.0281 3276 intelppm - ok 19:39:36.0312 3276 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 19:39:36.0312 3276 Ip6Fw - ok 19:39:36.0328 3276 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 19:39:36.0328 3276 IpFilterDriver - ok 19:39:36.0343 3276 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 19:39:36.0343 3276 IpInIp - ok 19:39:36.0343 3276 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 19:39:36.0343 3276 IpNat - ok 19:39:36.0359 3276 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 19:39:36.0375 3276 IPSec - ok 19:39:36.0406 3276 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 19:39:36.0406 3276 IRENUM - ok 19:39:36.0468 3276 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys 19:39:36.0468 3276 isapnp - ok 19:39:36.0515 3276 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 19:39:36.0515 3276 Kbdclass - ok 19:39:36.0531 3276 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 19:39:36.0531 3276 kbdhid - ok 19:39:36.0609 3276 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 19:39:36.0609 3276 kmixer - ok 19:39:36.0625 3276 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 19:39:36.0625 3276 KSecDD - ok 19:39:36.0750 3276 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 19:39:36.0750 3276 Lavasoft Kernexplorer - ok 19:39:36.0796 3276 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys 19:39:36.0796 3276 Lbd - ok 19:39:36.0859 3276 LBeepKE (c99ba72106a858cb8b521bb4c02c93ed) C:\WINDOWS\system32\Drivers\LBeepKE.sys 19:39:36.0859 3276 LBeepKE - ok 19:39:36.0859 3276 lbrtfdc - ok 19:39:36.0906 3276 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 19:39:36.0906 3276 LHidFilt - ok 19:39:36.0921 3276 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 19:39:36.0921 3276 LMouFilt - ok 19:39:36.0937 3276 LUsbFilt (81642f134929946ab4b9572c4c17298c) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys 19:39:36.0937 3276 LUsbFilt - ok 19:39:36.0968 3276 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys 19:39:36.0968 3276 MarvinBus - ok 19:39:37.0015 3276 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 19:39:37.0015 3276 mnmdd - ok 19:39:37.0031 3276 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys 19:39:37.0046 3276 Modem - ok 19:39:37.0062 3276 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys 19:39:37.0062 3276 Mouclass - ok 19:39:37.0078 3276 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys 19:39:37.0078 3276 mouhid - ok 19:39:37.0078 3276 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 19:39:37.0093 3276 MountMgr - ok 19:39:37.0109 3276 mraid35x - ok 19:39:37.0109 3276 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 19:39:37.0109 3276 MRxDAV - ok 19:39:37.0156 3276 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 19:39:37.0156 3276 MRxSmb - ok 19:39:37.0187 3276 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 19:39:37.0187 3276 Msfs - ok 19:39:37.0234 3276 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 19:39:37.0234 3276 MSKSSRV - ok 19:39:37.0234 3276 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 19:39:37.0234 3276 MSPCLOCK - ok 19:39:37.0265 3276 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 19:39:37.0265 3276 MSPQM - ok 19:39:37.0281 3276 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 19:39:37.0281 3276 mssmbios - ok 19:39:37.0296 3276 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 19:39:37.0296 3276 MSTEE - ok 19:39:37.0328 3276 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 19:39:37.0328 3276 Mup - ok 19:39:37.0359 3276 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 19:39:37.0359 3276 NABTSFEC - ok 19:39:37.0375 3276 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 19:39:37.0375 3276 NDIS - ok 19:39:37.0406 3276 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 19:39:37.0406 3276 NdisIP - ok 19:39:37.0453 3276 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 19:39:37.0453 3276 NdisTapi - ok 19:39:37.0468 3276 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 19:39:37.0468 3276 Ndisuio - ok 19:39:37.0468 3276 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 19:39:37.0468 3276 NdisWan - ok 19:39:37.0500 3276 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 19:39:37.0500 3276 NDProxy - ok 19:39:37.0515 3276 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 19:39:37.0515 3276 NetBIOS - ok 19:39:37.0531 3276 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 19:39:37.0531 3276 NetBT - ok 19:39:37.0562 3276 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 19:39:37.0562 3276 NIC1394 - ok 19:39:37.0578 3276 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 19:39:37.0578 3276 Npfs - ok 19:39:37.0593 3276 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 19:39:37.0609 3276 Ntfs - ok 19:39:37.0625 3276 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 19:39:37.0625 3276 Null - ok 19:39:37.0937 3276 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 19:39:38.0187 3276 nv - ok 19:39:38.0312 3276 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 19:39:38.0312 3276 NwlnkFlt - ok 19:39:38.0328 3276 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 19:39:38.0328 3276 NwlnkFwd - ok 19:39:38.0390 3276 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 19:39:38.0390 3276 ohci1394 - ok 19:39:38.0437 3276 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys 19:39:38.0437 3276 Parport - ok 19:39:38.0453 3276 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 19:39:38.0453 3276 PartMgr - ok 19:39:38.0531 3276 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys 19:39:38.0531 3276 ParVdm - ok 19:39:38.0562 3276 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 19:39:38.0562 3276 pccsmcfd - ok 19:39:38.0578 3276 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys 19:39:38.0578 3276 PCI - ok 19:39:38.0593 3276 PCIDump - ok 19:39:38.0609 3276 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys 19:39:38.0609 3276 PCIIde - ok 19:39:38.0640 3276 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys 19:39:38.0656 3276 Pcmcia - ok 19:39:38.0671 3276 PDCOMP - ok 19:39:38.0671 3276 PDFRAME - ok 19:39:38.0671 3276 PDRELI - ok 19:39:38.0687 3276 PDRFRAME - ok 19:39:38.0687 3276 perc2 - ok 19:39:38.0703 3276 perc2hib - ok 19:39:38.0718 3276 pfc (f2b3785d7282bac66d4b644fc88749f0) C:\WINDOWS\system32\drivers\pfc.sys 19:39:38.0718 3276 pfc - ok 19:39:38.0750 3276 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 19:39:38.0750 3276 PptpMiniport - ok 19:39:38.0765 3276 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 19:39:38.0765 3276 PSched - ok 19:39:38.0765 3276 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 19:39:38.0765 3276 Ptilink - ok 19:39:38.0796 3276 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 19:39:38.0796 3276 PxHelp20 - ok 19:39:38.0796 3276 ql1080 - ok 19:39:38.0796 3276 Ql10wnt - ok 19:39:38.0812 3276 ql12160 - ok 19:39:38.0812 3276 ql1240 - ok 19:39:38.0828 3276 ql1280 - ok 19:39:38.0843 3276 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 19:39:38.0843 3276 RasAcd - ok 19:39:38.0859 3276 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 19:39:38.0859 3276 Rasl2tp - ok 19:39:38.0859 3276 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 19:39:38.0859 3276 RasPppoe - ok 19:39:38.0875 3276 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 19:39:38.0875 3276 Raspti - ok 19:39:38.0890 3276 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 19:39:38.0890 3276 Rdbss - ok 19:39:38.0906 3276 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 19:39:38.0906 3276 RDPCDD - ok 19:39:38.0937 3276 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 19:39:38.0937 3276 RDPWD - ok 19:39:38.0968 3276 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys 19:39:38.0968 3276 redbook - ok 19:39:39.0015 3276 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 19:39:39.0015 3276 RTLE8023xp - ok 19:39:39.0046 3276 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 19:39:39.0046 3276 Secdrv - ok 19:39:39.0046 3276 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 19:39:39.0046 3276 serenum - ok 19:39:39.0062 3276 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys 19:39:39.0062 3276 Serial - ok 19:39:39.0078 3276 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 19:39:39.0078 3276 Sfloppy - ok 19:39:39.0093 3276 Simbad - ok 19:39:39.0109 3276 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 19:39:39.0109 3276 SLIP - ok 19:39:39.0140 3276 snapman (eb49860e776ce860dc3cfb9edb1ba517) C:\WINDOWS\system32\DRIVERS\snapman.sys 19:39:39.0140 3276 snapman - ok 19:39:39.0140 3276 Sparrow - ok 19:39:39.0171 3276 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 19:39:39.0171 3276 splitter - ok 19:39:39.0218 3276 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys 19:39:39.0218 3276 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b 19:39:39.0218 3276 sptd ( LockedFile.Multi.Generic ) - warning 19:39:39.0218 3276 sptd - detected LockedFile.Multi.Generic (1) 19:39:39.0234 3276 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys 19:39:39.0234 3276 sr - ok 19:39:39.0250 3276 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 19:39:39.0265 3276 Srv - ok 19:39:39.0312 3276 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 19:39:39.0312 3276 ssmdrv - ok 19:39:39.0359 3276 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 19:39:39.0359 3276 streamip - ok 19:39:39.0375 3276 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 19:39:39.0375 3276 swenum - ok 19:39:39.0390 3276 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 19:39:39.0390 3276 swmidi - ok 19:39:39.0390 3276 symc810 - ok 19:39:39.0406 3276 symc8xx - ok 19:39:39.0406 3276 sym_hi - ok 19:39:39.0406 3276 sym_u3 - ok 19:39:39.0421 3276 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 19:39:39.0421 3276 sysaudio - ok 19:39:39.0468 3276 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 19:39:39.0468 3276 Tcpip - ok 19:39:39.0500 3276 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 19:39:39.0500 3276 TDPIPE - ok 19:39:39.0546 3276 tdrpman273 (431801fcc97034e04a6eff81136578d7) C:\WINDOWS\system32\DRIVERS\tdrpm273.sys 19:39:39.0562 3276 tdrpman273 - ok 19:39:39.0578 3276 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 19:39:39.0578 3276 TDTCP - ok 19:39:39.0609 3276 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 19:39:39.0609 3276 TermDD - ok 19:39:39.0640 3276 timounter (a34d7024bb7140ec785c86bc065d4f60) C:\WINDOWS\system32\DRIVERS\timntr.sys 19:39:39.0656 3276 timounter - ok 19:39:39.0703 3276 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys 19:39:39.0703 3276 tmcomm - ok 19:39:39.0703 3276 TosIde - ok 19:39:39.0750 3276 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 19:39:39.0765 3276 Udfs - ok 19:39:39.0765 3276 ultra - ok 19:39:39.0812 3276 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 19:39:39.0828 3276 Update - ok 19:39:39.0843 3276 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 19:39:39.0843 3276 usbccgp - ok 19:39:39.0890 3276 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 19:39:39.0890 3276 usbehci - ok 19:39:39.0921 3276 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 19:39:39.0921 3276 usbhub - ok 19:39:39.0953 3276 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 19:39:39.0953 3276 usbprint - ok 19:39:39.0984 3276 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 19:39:39.0984 3276 usbscan - ok 19:39:40.0046 3276 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:39:40.0046 3276 USBSTOR - ok 19:39:40.0062 3276 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 19:39:40.0062 3276 usbuhci - ok 19:39:40.0109 3276 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 19:39:40.0109 3276 VgaSave - ok 19:39:40.0109 3276 ViaIde - ok 19:39:40.0109 3276 Video3D - ok 19:39:40.0125 3276 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys 19:39:40.0125 3276 VolSnap - ok 19:39:40.0156 3276 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 19:39:40.0156 3276 Wanarp - ok 19:39:40.0203 3276 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 19:39:40.0203 3276 Wdf01000 - ok 19:39:40.0203 3276 WDICA - ok 19:39:40.0218 3276 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 19:39:40.0218 3276 wdmaud - ok 19:39:40.0265 3276 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 19:39:40.0265 3276 WSTCODEC - ok 19:39:40.0312 3276 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 19:39:40.0312 3276 WudfPf - ok 19:39:40.0328 3276 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 19:39:40.0328 3276 WudfRd - ok 19:39:40.0359 3276 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk1\DR1 19:39:40.0500 3276 \Device\Harddisk1\DR1 - ok 19:39:40.0500 3276 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0 19:39:40.0593 3276 \Device\Harddisk0\DR0 - ok 19:39:40.0593 3276 Boot (0x1200) (00680790ed23e71617c72f56ee3ac366) \Device\Harddisk1\DR1\Partition0 19:39:40.0593 3276 \Device\Harddisk1\DR1\Partition0 - ok 19:39:40.0609 3276 Boot (0x1200) (2acbbbe1942906b6c4fdf3cb4f4a70ab) \Device\Harddisk0\DR0\Partition0 19:39:40.0609 3276 \Device\Harddisk0\DR0\Partition0 - ok 19:39:40.0609 3276 ============================================================ 19:39:40.0609 3276 Scan finished 19:39:40.0609 3276 ============================================================ 19:39:40.0609 3200 Detected object count: 1 19:39:40.0609 3200 Actual detected object count: 1 19:40:34.0859 3200 sptd ( LockedFile.Multi.Generic ) - skipped by user 19:40:34.0859 3200 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 19:41:09.0687 3000 ============================================================ 19:41:09.0687 3000 Scan started 19:41:09.0687 3000 Mode: Manual; SigCheck; TDLFS; 19:41:09.0687 3000 ============================================================ 19:41:10.0125 3000 Abiosdsk - ok 19:41:10.0125 3000 abp480n5 - ok 19:41:10.0140 3000 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 19:41:10.0406 3000 ACPI - ok 19:41:10.0453 3000 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys 19:41:10.0531 3000 ACPIEC - ok 19:41:10.0562 3000 adpu160m - ok 19:41:10.0593 3000 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 19:41:10.0687 3000 aec - ok 19:41:10.0734 3000 afcdp (53696ad8ffc5fac51949a525ff65a689) C:\WINDOWS\system32\DRIVERS\afcdp.sys 19:41:10.0843 3000 afcdp - ok 19:41:10.0906 3000 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 19:41:10.0968 3000 AFD - ok 19:41:11.0015 3000 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys 19:41:11.0031 3000 AFS2K ( UnsignedFile.Multi.Generic ) - warning 19:41:11.0031 3000 AFS2K - detected UnsignedFile.Multi.Generic (1) 19:41:11.0031 3000 Aha154x - ok 19:41:11.0046 3000 aic78u2 - ok 19:41:11.0046 3000 aic78xx - ok 19:41:11.0062 3000 AliIde - ok 19:41:11.0062 3000 amsint - ok 19:41:11.0109 3000 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 19:41:11.0187 3000 Arp1394 - ok 19:41:11.0187 3000 asc - ok 19:41:11.0203 3000 asc3350p - ok 19:41:11.0203 3000 asc3550 - ok 19:41:11.0234 3000 ASUSVRC (94442e3029ff6c9f08140fe6718af4fb) C:\WINDOWS\system32\DRIVERS\AsusVRC.sys 19:41:11.0250 3000 ASUSVRC ( UnsignedFile.Multi.Generic ) - warning 19:41:11.0250 3000 ASUSVRC - detected UnsignedFile.Multi.Generic (1) 19:41:11.0265 3000 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 19:41:11.0359 3000 AsyncMac - ok 19:41:11.0375 3000 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 19:41:11.0453 3000 atapi - ok 19:41:11.0468 3000 Atdisk - ok 19:41:11.0484 3000 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 19:41:11.0562 3000 Atmarpc - ok 19:41:11.0609 3000 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 19:41:11.0687 3000 audstub - ok 19:41:11.0812 3000 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 19:41:11.0828 3000 avgio - ok 19:41:11.0890 3000 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 19:41:11.0890 3000 avgntflt - ok 19:41:11.0953 3000 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 19:41:11.0953 3000 avipbb - ok 19:41:11.0984 3000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 19:41:12.0062 3000 Beep - ok 19:41:12.0109 3000 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 19:41:12.0203 3000 cbidf2k - ok 19:41:12.0234 3000 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 19:41:12.0312 3000 CCDECODE - ok 19:41:12.0312 3000 cd20xrnt - ok 19:41:12.0328 3000 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 19:41:12.0421 3000 Cdaudio - ok 19:41:12.0453 3000 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 19:41:12.0546 3000 Cdfs - ok 19:41:12.0640 3000 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 19:41:12.0671 3000 Cdrom - ok 19:41:12.0671 3000 Changer - ok 19:41:12.0687 3000 CmdIde - ok 19:41:12.0703 3000 Cpqarray - ok 19:41:12.0703 3000 dac2w2k - ok 19:41:12.0718 3000 dac960nt - ok 19:41:12.0734 3000 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 19:41:12.0828 3000 Disk - ok 19:41:12.0859 3000 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys 19:41:12.0968 3000 dmboot - ok 19:41:13.0000 3000 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys 19:41:13.0078 3000 dmio - ok 19:41:13.0250 3000 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 19:41:13.0328 3000 dmload - ok 19:41:13.0375 3000 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 19:41:13.0468 3000 DMusic - ok 19:41:13.0468 3000 dpti2o - ok 19:41:13.0484 3000 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 19:41:13.0562 3000 drmkaud - ok 19:41:13.0609 3000 EIO (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO.sys 19:41:13.0609 3000 EIO ( UnsignedFile.Multi.Generic ) - warning 19:41:13.0609 3000 EIO - detected UnsignedFile.Multi.Generic (1) 19:41:13.0640 3000 ET5Drv (e5030e34de21a6818e8586bfb7dd4b60) C:\WINDOWS\system32\Drivers\ET5Drv.sys 19:41:13.0656 3000 ET5Drv - ok 19:41:13.0671 3000 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 19:41:13.0765 3000 Fastfat - ok 19:41:13.0781 3000 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 19:41:13.0859 3000 Fdc - ok 19:41:13.0859 3000 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys 19:41:13.0953 3000 Fips - ok 19:41:13.0968 3000 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 19:41:14.0046 3000 Flpydisk - ok 19:41:14.0093 3000 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 19:41:14.0171 3000 FltMgr - ok 19:41:14.0187 3000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 19:41:14.0265 3000 Fs_Rec - ok 19:41:14.0265 3000 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 19:41:14.0343 3000 Ftdisk - ok 19:41:14.0375 3000 gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys 19:41:14.0375 3000 gdrv - ok 19:41:14.0406 3000 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 19:41:14.0406 3000 GEARAspiWDM - ok 19:41:14.0453 3000 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 19:41:14.0531 3000 Gpc - ok 19:41:14.0593 3000 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys 19:41:14.0625 3000 grmnusb ( UnsignedFile.Multi.Generic ) - warning 19:41:14.0625 3000 grmnusb - detected UnsignedFile.Multi.Generic (1) 19:41:14.0671 3000 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 19:41:14.0750 3000 HDAudBus - ok 19:41:14.0796 3000 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 19:41:14.0890 3000 hidusb - ok 19:41:14.0921 3000 hotcore (adb2edb8f33ace78582303682ab81f25) C:\WINDOWS\system32\drivers\hotcore.sys 19:41:14.0921 3000 hotcore ( UnsignedFile.Multi.Generic ) - warning 19:41:14.0921 3000 hotcore - detected UnsignedFile.Multi.Generic (1) 19:41:14.0937 3000 hpn - ok 19:41:14.0984 3000 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 19:41:15.0046 3000 HTTP - ok 19:41:15.0062 3000 i2omgmt - ok 19:41:15.0078 3000 i2omp - ok 19:41:15.0093 3000 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 19:41:15.0203 3000 i8042prt - ok 19:41:15.0203 3000 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 19:41:15.0296 3000 Imapi - ok 19:41:15.0296 3000 ini910u - ok 19:41:15.0453 3000 IntcAzAudAddService (08baf30f6de95814f58af9ce7bbc5614) C:\WINDOWS\system32\drivers\RtkHDAud.sys 19:41:15.0609 3000 IntcAzAudAddService - ok 19:41:15.0625 3000 IntelIde - ok 19:41:15.0687 3000 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys 19:41:15.0765 3000 intelppm - ok 19:41:15.0796 3000 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 19:41:15.0890 3000 Ip6Fw - ok 19:41:15.0921 3000 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 19:41:16.0015 3000 IpFilterDriver - ok 19:41:16.0031 3000 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 19:41:16.0109 3000 IpInIp - ok 19:41:16.0109 3000 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 19:41:16.0218 3000 IpNat - ok 19:41:16.0250 3000 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 19:41:16.0343 3000 IPSec - ok 19:41:16.0390 3000 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 19:41:16.0421 3000 IRENUM - ok 19:41:16.0453 3000 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys 19:41:16.0531 3000 isapnp - ok 19:41:16.0562 3000 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 19:41:16.0640 3000 Kbdclass - ok 19:41:16.0656 3000 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 19:41:16.0734 3000 kbdhid - ok 19:41:16.0781 3000 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 19:41:16.0859 3000 kmixer - ok 19:41:16.0890 3000 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 19:41:16.0953 3000 KSecDD - ok 19:41:17.0078 3000 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 19:41:17.0078 3000 Lavasoft Kernexplorer - ok 19:41:17.0125 3000 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys 19:41:17.0125 3000 Lbd - ok 19:41:17.0187 3000 LBeepKE (c99ba72106a858cb8b521bb4c02c93ed) C:\WINDOWS\system32\Drivers\LBeepKE.sys 19:41:17.0187 3000 LBeepKE - ok 19:41:17.0203 3000 lbrtfdc - ok 19:41:17.0265 3000 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 19:41:17.0265 3000 LHidFilt - ok 19:41:17.0296 3000 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 19:41:17.0296 3000 LMouFilt - ok 19:41:17.0312 3000 LUsbFilt (81642f134929946ab4b9572c4c17298c) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys 19:41:17.0312 3000 LUsbFilt - ok 19:41:17.0375 3000 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys 19:41:17.0390 3000 MarvinBus ( UnsignedFile.Multi.Generic ) - warning 19:41:17.0390 3000 MarvinBus - detected UnsignedFile.Multi.Generic (1) 19:41:17.0437 3000 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 19:41:17.0515 3000 mnmdd - ok 19:41:17.0531 3000 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys 19:41:17.0625 3000 Modem - ok 19:41:17.0671 3000 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys 19:41:17.0765 3000 Mouclass - ok 19:41:17.0796 3000 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys 19:41:17.0875 3000 mouhid - ok 19:41:17.0890 3000 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 19:41:17.0984 3000 MountMgr - ok 19:41:17.0984 3000 mraid35x - ok 19:41:18.0000 3000 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 19:41:18.0078 3000 MRxDAV - ok 19:41:18.0125 3000 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 19:41:18.0203 3000 MRxSmb - ok 19:41:18.0234 3000 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 19:41:18.0296 3000 Msfs - ok 19:41:18.0328 3000 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 19:41:18.0406 3000 MSKSSRV - ok 19:41:18.0437 3000 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 19:41:18.0515 3000 MSPCLOCK - ok 19:41:18.0515 3000 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 19:41:18.0609 3000 MSPQM - ok 19:41:18.0625 3000 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 19:41:18.0703 3000 mssmbios - ok 19:41:18.0750 3000 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 19:41:18.0843 3000 MSTEE - ok 19:41:18.0875 3000 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 19:41:18.0890 3000 Mup - ok 19:41:18.0906 3000 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 19:41:19.0000 3000 NABTSFEC - ok 19:41:19.0015 3000 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 19:41:19.0093 3000 NDIS - ok 19:41:19.0109 3000 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 19:41:19.0203 3000 NdisIP - ok 19:41:19.0234 3000 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 19:41:19.0250 3000 NdisTapi - ok 19:41:19.0281 3000 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 19:41:19.0359 3000 Ndisuio - ok 19:41:19.0375 3000 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 19:41:19.0453 3000 NdisWan - ok 19:41:19.0468 3000 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 19:41:19.0500 3000 NDProxy - ok 19:41:19.0531 3000 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 19:41:19.0593 3000 NetBIOS - ok 19:41:19.0625 3000 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 19:41:19.0703 3000 NetBT - ok 19:41:19.0734 3000 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 19:41:19.0828 3000 NIC1394 - ok 19:41:19.0875 3000 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 19:41:19.0953 3000 Npfs - ok 19:41:19.0984 3000 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 19:41:20.0109 3000 Ntfs - ok 19:41:20.0125 3000 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 19:41:20.0203 3000 Null - ok 19:41:20.0531 3000 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 19:41:20.0828 3000 nv - ok 19:41:20.0937 3000 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 19:41:21.0031 3000 NwlnkFlt - ok 19:41:21.0046 3000 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 19:41:21.0125 3000 NwlnkFwd - ok 19:41:21.0171 3000 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 19:41:21.0250 3000 ohci1394 - ok 19:41:21.0296 3000 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys 19:41:21.0375 3000 Parport - ok 19:41:21.0390 3000 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 19:41:21.0453 3000 PartMgr - ok 19:41:21.0500 3000 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys 19:41:21.0578 3000 ParVdm - ok 19:41:21.0609 3000 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 19:41:21.0640 3000 pccsmcfd - ok 19:41:21.0671 3000 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys 19:41:21.0765 3000 PCI - ok 19:41:21.0781 3000 PCIDump - ok 19:41:21.0781 3000 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys 19:41:21.0859 3000 PCIIde - ok 19:41:21.0906 3000 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys 19:41:21.0984 3000 Pcmcia - ok 19:41:21.0984 3000 PDCOMP - ok 19:41:22.0000 3000 PDFRAME - ok 19:41:22.0000 3000 PDRELI - ok 19:41:22.0000 3000 PDRFRAME - ok 19:41:22.0015 3000 perc2 - ok 19:41:22.0015 3000 perc2hib - ok 19:41:22.0046 3000 pfc (f2b3785d7282bac66d4b644fc88749f0) C:\WINDOWS\system32\drivers\pfc.sys 19:41:22.0062 3000 pfc ( UnsignedFile.Multi.Generic ) - warning 19:41:22.0062 3000 pfc - detected UnsignedFile.Multi.Generic (1) 19:41:22.0078 3000 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 19:41:22.0171 3000 PptpMiniport - ok 19:41:22.0187 3000 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 19:41:22.0250 3000 PSched - ok 19:41:22.0281 3000 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 19:41:22.0343 3000 Ptilink - ok 19:41:22.0359 3000 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 19:41:22.0375 3000 PxHelp20 - ok 19:41:22.0375 3000 ql1080 - ok 19:41:22.0390 3000 Ql10wnt - ok 19:41:22.0390 3000 ql12160 - ok 19:41:22.0390 3000 ql1240 - ok 19:41:22.0406 3000 ql1280 - ok 19:41:22.0421 3000 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 19:41:22.0500 3000 RasAcd - ok 19:41:22.0515 3000 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 19:41:22.0593 3000 Rasl2tp - ok 19:41:22.0593 3000 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 19:41:22.0671 3000 RasPppoe - ok 19:41:22.0671 3000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 19:41:22.0750 3000 Raspti - ok 19:41:22.0765 3000 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 19:41:22.0828 3000 Rdbss - ok 19:41:22.0843 3000 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 19:41:22.0906 3000 RDPCDD - ok 19:41:22.0937 3000 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 19:41:22.0968 3000 RDPWD - ok 19:41:22.0984 3000 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys 19:41:23.0062 3000 redbook - ok 19:41:23.0125 3000 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 19:41:23.0156 3000 RTLE8023xp - ok 19:41:23.0187 3000 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 19:41:23.0218 3000 Secdrv - ok 19:41:23.0265 3000 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 19:41:23.0359 3000 serenum - ok 19:41:23.0359 3000 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys 19:41:23.0437 3000 Serial - ok 19:41:23.0453 3000 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 19:41:23.0531 3000 Sfloppy - ok 19:41:23.0546 3000 Simbad - ok 19:41:23.0593 3000 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 19:41:23.0671 3000 SLIP - ok 19:41:23.0703 3000 snapman (eb49860e776ce860dc3cfb9edb1ba517) C:\WINDOWS\system32\DRIVERS\snapman.sys 19:41:23.0718 3000 snapman - ok 19:41:23.0718 3000 Sparrow - ok 19:41:23.0781 3000 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 19:41:23.0843 3000 splitter - ok 19:41:23.0890 3000 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys 19:41:23.0890 3000 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b 19:41:23.0890 3000 sptd ( LockedFile.Multi.Generic ) - warning 19:41:23.0890 3000 sptd - detected LockedFile.Multi.Generic (1) 19:41:23.0906 3000 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys 19:41:23.0953 3000 sr - ok 19:41:23.0968 3000 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 19:41:24.0015 3000 Srv - ok 19:41:24.0062 3000 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 19:41:24.0078 3000 ssmdrv - ok 19:41:24.0109 3000 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 19:41:24.0171 3000 streamip - ok 19:41:24.0187 3000 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 19:41:24.0265 3000 swenum - ok 19:41:24.0281 3000 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 19:41:24.0343 3000 swmidi - ok 19:41:24.0359 3000 symc810 - ok 19:41:24.0359 3000 symc8xx - ok 19:41:24.0375 3000 sym_hi - ok 19:41:24.0375 3000 sym_u3 - ok 19:41:24.0390 3000 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 19:41:24.0468 3000 sysaudio - ok 19:41:24.0515 3000 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 19:41:24.0609 3000 Tcpip - ok 19:41:24.0656 3000 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 19:41:24.0734 3000 TDPIPE - ok 19:41:24.0796 3000 tdrpman273 (431801fcc97034e04a6eff81136578d7) C:\WINDOWS\system32\DRIVERS\tdrpm273.sys 19:41:24.0828 3000 tdrpman273 - ok 19:41:24.0859 3000 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 19:41:24.0937 3000 TDTCP - ok 19:41:24.0984 3000 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 19:41:25.0062 3000 TermDD - ok 19:41:25.0078 3000 timounter (a34d7024bb7140ec785c86bc065d4f60) C:\WINDOWS\system32\DRIVERS\timntr.sys 19:41:25.0109 3000 timounter - ok 19:41:25.0156 3000 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys 19:41:25.0171 3000 tmcomm - ok 19:41:25.0171 3000 TosIde - ok 19:41:25.0218 3000 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 19:41:25.0281 3000 Udfs - ok 19:41:25.0296 3000 ultra - ok 19:41:25.0328 3000 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 19:41:25.0390 3000 Update - ok 19:41:25.0437 3000 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 19:41:25.0500 3000 usbccgp - ok 19:41:25.0546 3000 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 19:41:25.0609 3000 usbehci - ok 19:41:25.0625 3000 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 19:41:25.0687 3000 usbhub - ok 19:41:25.0734 3000 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 19:41:25.0812 3000 usbprint - ok 19:41:25.0843 3000 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 19:41:25.0921 3000 usbscan - ok 19:41:25.0953 3000 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:41:26.0015 3000 USBSTOR - ok 19:41:26.0031 3000 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 19:41:26.0109 3000 usbuhci - ok 19:41:26.0156 3000 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 19:41:26.0218 3000 VgaSave - ok 19:41:26.0234 3000 ViaIde - ok 19:41:26.0234 3000 Video3D - ok 19:41:26.0265 3000 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys 19:41:26.0328 3000 VolSnap - ok 19:41:26.0343 3000 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 19:41:26.0406 3000 Wanarp - ok 19:41:26.0468 3000 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 19:41:26.0500 3000 Wdf01000 - ok 19:41:26.0515 3000 WDICA - ok 19:41:26.0562 3000 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 19:41:26.0625 3000 wdmaud - ok 19:41:26.0687 3000 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 19:41:26.0750 3000 WSTCODEC - ok 19:41:26.0796 3000 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 19:41:26.0828 3000 WudfPf - ok 19:41:26.0843 3000 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 19:41:26.0859 3000 WudfRd - ok 19:41:26.0890 3000 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk1\DR1 19:41:27.0078 3000 \Device\Harddisk1\DR1 - ok 19:41:27.0078 3000 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0 19:41:27.0156 3000 \Device\Harddisk0\DR0 - ok 19:41:27.0156 3000 Boot (0x1200) (00680790ed23e71617c72f56ee3ac366) \Device\Harddisk1\DR1\Partition0 19:41:27.0171 3000 \Device\Harddisk1\DR1\Partition0 - ok 19:41:27.0171 3000 Boot (0x1200) (2acbbbe1942906b6c4fdf3cb4f4a70ab) \Device\Harddisk0\DR0\Partition0 19:41:27.0171 3000 \Device\Harddisk0\DR0\Partition0 - ok 19:41:27.0171 3000 ============================================================ 19:41:27.0171 3000 Scan finished 19:41:27.0171 3000 ============================================================ 19:41:27.0281 3008 Detected object count: 8 19:41:27.0281 3008 Actual detected object count: 8 19:42:59.0375 3008 AFS2K ( UnsignedFile.Multi.Generic ) - skipped by user 19:42:59.0375 3008 AFS2K ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:42:59.0375 3008 ASUSVRC ( UnsignedFile.Multi.Generic ) - skipped by user 19:42:59.0375 3008 ASUSVRC ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:42:59.0375 3008 EIO ( UnsignedFile.Multi.Generic ) - skipped by user 19:42:59.0375 3008 EIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:42:59.0390 3008 grmnusb ( UnsignedFile.Multi.Generic ) - skipped by user 19:42:59.0390 3008 grmnusb ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:42:59.0390 3008 hotcore ( UnsignedFile.Multi.Generic ) - skipped by user 19:42:59.0390 3008 hotcore ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:42:59.0390 3008 MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user 19:42:59.0390 3008 MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:42:59.0390 3008 pfc ( UnsignedFile.Multi.Generic ) - skipped by user 19:42:59.0390 3008 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:42:59.0390 3008 sptd ( LockedFile.Multi.Generic ) - skipped by user 19:42:59.0390 3008 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 19:46:56.0406 3912 Deinitialize success

[anoniem]

Heb je nog last van Babylon? Want ik heb nog steeds niks gevonden. Zorg ervoor dat alle openstaande webbrowservensters gesloten zijn. Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:d2363e3412]Kladblok (of Notepad)[/b:d2363e3412]". Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:d2363e3412][COLOR="Blue"]KILLALL:: File:: c:\program files\Vuze_Remote\tbVuze.dll Folder:: Registry:: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"=- [-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] [/COLOR][/b:d2363e3412] Sla dit kladblokbestand op je bureaublad op als [b:d2363e3412]CFScript.txt[/b:d2363e3412]. [b:d2363e3412][COLOR="Red"]Nu eerst de antivirus en eventuele spywarescanners deaktiveren![/COLOR][/b:d2363e3412] Sleep CFScript.txt in ComboFix.exe [img:d2363e3412]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/img:d2363e3412] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix-log dat na het opnieuw starten wordt getoond via de kleurcodeerder! [b:d2363e3412]Belangrijke opmerking[/b:d2363e3412]: [list:d2363e3412][*:d2363e3412][b:d2363e3412][color=#FF0000:d2363e3412]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:d2363e3412][/b:d2363e3412] [*:d2363e3412][b:d2363e3412][color=#0000FF:d2363e3412]Illegal operation attempted on a registery key that has been marked for deletion.[/color:d2363e3412][/b:d2363e3412] [*:d2363e3412][b:d2363e3412][color=#FF0000:d2363e3412]Start dan de computer opnieuw op.[/color:d2363e3412][/b:d2363e3412][/list:u:d2363e3412]

[anoniem]

Als 't goed is, staat hier het gevraagde logbestand: ComboFix 11-12-30.01 - paul 30/12/2011 21:26:03.7.4 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3582.2779 [GMT 1:00] Gestart vanuit: c:\documents and settings\paul\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\paul\Bureaublad\CFScript.txt AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . FILE :: "c:\program files\Vuze_Remote\tbVuze.dll" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Vuze_Remote\tbVuze.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))) . . 2011-12-30 18:26 . 2011-12-30 18:26 388096 ----a-r- c:\documents and settings\paul\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-12-30 14:13 . 2003-11-08 00:49 278528 ----a-w- c:\windows\system32\hpdj 2011-12-30 14:08 . 2011-12-30 14:08 1402880 ----a-w- c:\program files\HiJackThis.msi 2011-12-29 17:58 . 2011-12-29 18:18 2982 ----a-w- C:\user.js 2011-12-29 17:58 . 2011-12-29 17:58 -------- d-----w- c:\documents and settings\paul\Local Settings\Application Data\Babylon 2011-12-29 17:58 . 2011-12-29 17:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Babylon 2011-12-29 17:57 . 2011-12-29 17:57 -------- d-----w- c:\program files\FoxTabFLVPlayer 2011-12-28 20:12 . 2003-09-24 08:44 44544 ----a-r- c:\windows\system32\MSXML4a.dll 2011-12-28 20:12 . 2003-09-24 08:43 626960 ----a-r- c:\windows\system32\hpvaut32.dll 2011-12-28 20:12 . 2003-09-24 08:43 487424 ----a-r- c:\windows\system32\hpvcp70.dll 2011-12-28 20:12 . 2003-09-24 08:43 344064 ----a-r- c:\windows\system32\hpvcr70.dll 2011-12-28 19:51 . 2011-12-28 19:51 -------- d-----w- c:\program files\HP 2011-12-28 19:45 . 2011-12-28 19:45 -------- d-----w- c:\program files\5100 2011-12-27 20:11 . 2011-12-27 20:11 -------- d-----w- c:\documents and settings\paul\Application Data\NVIDIA 2011-12-27 20:00 . 2011-12-27 20:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NVIDIA Corporation 2011-12-26 16:15 . 2011-12-26 16:15 -------- d-----w- c:\documents and settings\Adobe CS5 2011-12-26 07:07 . 2011-12-26 07:08 -------- d-----w- c:\documents and settings\paul\Application Data\vlc 2011-12-26 07:01 . 2011-12-26 07:01 21073936 ----a-w- c:\program files\vlc-1.1.11-win32.exe 2011-12-25 23:59 . 2011-12-26 00:00 -------- d-----w- c:\program files\Adobe Photoshop CS3 2011-12-25 22:14 . 2011-12-25 22:14 -------- d-----w- c:\windows\system32\wbem\Repository 2011-12-25 22:13 . 2011-12-30 20:19 -------- d--h--r- c:\documents and settings\paul\Onlangs geopend 2011-12-25 21:19 . 2011-12-25 22:12 -------- d-----w- c:\documents and settings\paul\Local Settings\Application Data\Adobe(2) 2011-12-25 21:19 . 2011-12-25 22:12 -------- d-----w- c:\documents and settings\paul\Application Data\Adobe(2) 2011-12-25 21:14 . 2011-12-25 22:12 -------- d-----w- c:\program files\PhotoshopPortable 2011-12-25 09:09 . 2011-12-25 09:09 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Mijn documenten 2011-12-25 09:09 . 2011-12-25 22:13 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Adobe 2011-12-17 21:17 . 2011-12-17 21:45 -------- d-----w- c:\documents and settings\paul\Application Data\AVG 2011-12-17 19:22 . 2011-12-17 19:22 -------- d-----w- C:\$AVG 2011-12-17 18:29 . 2011-12-17 18:29 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\Common Files 2011-12-17 18:28 . 2011-12-30 18:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG2012 2011-12-17 18:28 . 2011-12-30 20:24 -------- d-----w- c:\program files\AVG 2011-12-17 18:26 . 2011-12-30 18:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData 2011-12-05 21:17 . 2011-12-05 21:17 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll 2011-12-05 21:17 . 2011-12-05 21:17 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll 2011-12-05 21:17 . 2011-12-05 21:17 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll 2011-12-05 21:17 . 2011-12-05 21:17 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll 2011-12-05 21:17 . 2011-12-05 21:17 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll 2011-12-05 21:17 . 2011-12-05 21:17 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll 2011-12-05 21:17 . 2011-12-05 21:17 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll 2011-12-05 21:13 . 2011-12-05 21:13 -------- d-----w- c:\program files\iPod 2011-12-05 21:09 . 2011-12-05 21:09 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Apple Computer . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-25 23:16 . 2010-12-11 07:23 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-12-11 22:41 . 2008-04-15 12:00 26112 ----a-w- c:\windows\system32\userinit.exe 2011-12-10 14:24 . 2008-10-21 13:29 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-03 13:19 . 2011-12-03 13:19 74592 ----a-w- c:\documents and settings\bosch - garantiebewijs GOP 250 CE.zip 2011-12-03 09:52 . 2011-06-10 07:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-23 14:40 . 2008-04-15 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-04 19:13 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2008-04-15 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2008-04-15 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-29 06:47 . 2011-10-29 11:01 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-10-28 15:52 . 2009-03-14 08:08 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-10-28 05:32 . 2008-04-15 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-26 10:50 . 2008-04-15 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-26 10:50 . 2008-04-14 22:11 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-18 16:51 . 2011-10-18 16:51 3687352 ----a-w- c:\program files\PMB.lnk 2011-10-18 11:13 . 2008-04-15 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22 . 2008-10-02 21:09 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-08 04:50 . 2008-09-17 07:55 5595136 ----a-w- c:\windows\system32\nvcuda.dll 2011-10-08 04:50 . 2008-09-17 07:55 335872 ----a-w- c:\windows\system32\nvrsar.dll 2011-10-08 04:50 . 2008-09-17 07:55 331776 ----a-w- c:\windows\system32\nvrshe.dll 2011-10-08 04:50 . 2008-09-17 07:55 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2011-10-08 04:50 . 2008-09-17 07:55 282624 ----a-w- c:\windows\system32\nvrsit.dll 2011-10-08 04:50 . 2008-09-17 07:55 282624 ----a-w- c:\windows\system32\nvrses.dll 2011-10-08 04:50 . 2008-09-17 07:55 282624 ----a-w- c:\windows\system32\nvrsel.dll 2011-10-08 04:50 . 2008-09-17 07:55 278528 ----a-w- c:\windows\system32\nvrsde.dll 2011-10-08 04:50 . 2008-09-17 07:55 274432 ----a-w- c:\windows\system32\nvrspt.dll 2011-10-08 04:50 . 2008-09-17 07:55 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2011-10-08 04:50 . 2008-09-17 07:55 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2011-10-08 04:50 . 2008-09-17 07:55 270336 ----a-w- c:\windows\system32\nvrsru.dll 2011-10-08 04:50 . 2008-09-17 07:55 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2011-10-08 04:50 . 2008-09-17 07:55 270336 ----a-w- c:\windows\system32\nvrsja.dll 2011-10-08 04:50 . 2008-09-17 07:55 266240 ----a-w- c:\windows\system32\nvrsko.dll 2011-10-08 04:50 . 2008-09-17 07:55 262144 ----a-w- c:\windows\system32\nvrshu.dll 2011-10-08 04:50 . 2008-09-17 07:55 258048 ----a-w- c:\windows\system32\nvrstr.dll 2011-10-08 04:50 . 2008-09-17 07:55 258048 ----a-w- c:\windows\system32\nvrssl.dll 2011-10-08 04:50 . 2008-09-17 07:55 258048 ----a-w- c:\windows\system32\nvrssk.dll 2011-10-08 04:50 . 2008-09-17 07:55 258048 ----a-w- c:\windows\system32\nvrspl.dll 2011-10-08 04:50 . 2008-09-17 07:55 253952 ----a-w- c:\windows\system32\nvrsth.dll 2011-10-08 04:50 . 2008-09-17 07:55 253952 ----a-w- c:\windows\system32\nvrssv.dll 2011-10-08 04:50 . 2008-09-17 07:55 253952 ----a-w- c:\windows\system32\nvrsno.dll 2011-10-08 04:50 . 2008-09-17 07:55 253952 ----a-w- c:\windows\system32\nvrsda.dll 2011-10-08 04:50 . 2008-09-17 07:55 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2011-10-08 04:50 . 2008-09-17 07:55 249856 ----a-w- c:\windows\system32\nvrseng.dll 2011-10-08 04:50 . 2008-09-17 07:55 249856 ----a-w- c:\windows\system32\nvrscs.dll 2011-10-08 04:50 . 2008-09-17 07:55 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2011-10-08 04:50 . 2008-09-17 07:55 126976 ----a-w- c:\windows\system32\nvrszht.dll 2011-10-08 04:50 . 2007-09-16 17:07 54272 ----a-w- c:\windows\system32\nvwddi.dll 2011-10-08 04:50 . 2007-09-16 17:07 4226688 ----a-w- c:\windows\system32\nv4_disp.dll 2011-10-08 04:50 . 2007-09-16 17:07 298304 ----a-w- c:\windows\system32\nvsvc32.exe 2011-10-08 04:50 . 2007-09-16 17:07 2449408 ----a-w- c:\windows\system32\nvapi.dll 2011-10-08 04:50 . 2007-09-16 17:07 220992 ----a-w- c:\windows\system32\nvcolor.exe 2011-10-08 04:50 . 2007-09-16 17:07 203072 ----a-w- c:\windows\system32\nvmctray.dll 2011-10-08 04:50 . 2007-09-16 17:07 17956864 ----a-w- c:\windows\system32\nvoglnt.dll 2011-10-08 04:50 . 2007-09-16 17:07 16744256 ----a-w- c:\windows\system32\nvcpl.dll 2011-10-08 04:50 . 2007-09-16 17:07 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2011-04-10 12:06 . 2011-04-10 12:06 20586196 ----a-w- c:\program files\vlc-1.1.8-win32.exe 2011-04-10 12:03 . 2011-02-19 15:31 20364702 ----a-w- c:\program files\vlc-1.1.7-win32.exe 2011-01-29 06:52 . 2011-01-29 06:52 200442456 ----a-w- c:\program files\vegaspro100c_32bit.exe 2011-01-27 18:35 . 2011-01-27 18:35 1364522 ----a-w- c:\program files\wrar393.exe 2011-01-16 09:27 . 2011-01-16 09:26 150446976 ----a-w- c:\program files\AVSVideoEditor.exe 2011-01-12 02:33 . 2011-01-12 02:33 11008549 ----a-w- c:\program files\avidemux_2.5.4_win32.exe 2011-01-11 17:21 . 2011-01-11 17:20 62701672 ----a-w- c:\program files\AVSVideoConverter.exe 2010-12-30 16:59 . 2010-12-30 16:58 19985265 ----a-w- c:\program files\vlc-1.1.5-win32.exe 2010-12-14 19:22 . 2010-12-14 19:22 338760 ----a-w- c:\program files\RegtaskTool_Installer.exe 2010-12-13 18:03 . 2008-10-22 11:09 86016 ----a-w- c:\program files\setupenne.dll 2010-12-11 07:22 . 2010-12-11 07:21 25188112 ----a-w- c:\program files\setpoint620.exe 2010-12-08 18:15 . 2008-10-20 17:25 9039288 ----a-w- c:\program files\Vuze_Installer.exe 2010-12-04 11:27 . 2010-07-04 06:54 13454568 ----a-w- c:\program files\RegistryReviverSetup.exe 2010-08-29 11:47 . 2009-04-29 16:04 44089904 ----a-w- c:\program files\avira_antivir_personal_en.exe 2010-08-29 11:37 . 2010-08-29 11:37 44153664 ----a-w- c:\program files\avira_antivir_personal_de.exe 2010-08-29 11:23 . 2010-08-29 11:23 3427712 ----a-w- c:\program files\ccsetup235.exe 2010-08-05 17:43 . 2010-08-05 17:43 3420304 ----a-w- c:\program files\ccsetup234.exe 2010-03-20 17:37 . 2010-03-20 17:37 1103048 ----a-w- c:\program files\wpsetup.exe 2010-03-12 12:28 . 2010-03-12 12:28 34506392 ----a-w- c:\program files\Nokia_PC_Suite_dut_web.exe 2010-03-12 10:46 . 2010-03-12 10:39 98366952 ----a-w- c:\program files\Nokia_Ovi_Suite_webinstaller_ALL.exe 2010-01-02 22:50 . 2009-10-16 05:08 13731712 ----a-w- c:\program files\AVSRegistryCleaner.exe 2009-12-25 11:22 . 2009-12-25 11:22 6113439 ----a-w- c:\program files\pci_filerecovery.exe 2009-10-25 11:52 . 2009-10-25 11:52 77086488 ----a-w- c:\program files\Ad-AwareInstallation.exe 2009-09-02 18:54 . 2009-09-02 18:54 74160 ----a-w- c:\program files\irfanview_lang_nederlands.exe 2009-09-02 18:52 . 2009-09-02 18:52 1359360 ----a-w- c:\program files\iview425_setup.exe 2009-08-30 09:17 . 2009-08-30 09:16 3293088 ----a-w- c:\program files\ccsetup223.exe 2009-05-28 18:34 . 2009-05-28 18:34 5076056 ----a-w- c:\program files\nuvi760_480.exe 2009-03-22 12:11 . 2009-03-22 12:11 4310568 ----a-w- c:\program files\WebUpdater_241.exe 2009-03-14 08:06 . 2009-03-14 08:06 37452296 ----a-w- c:\program files\Ad-AwareAE.exe 2008-12-21 11:12 . 2008-12-21 11:11 5797488 ----a-w- c:\program files\GOMPLAYERENSETUP.EXE 2008-12-21 08:57 . 2008-12-21 08:57 27288880 ----a-w- c:\program files\QuickTimeInstaller.exe 2008-12-21 08:49 . 2008-12-21 08:49 12349806 ----a-w- c:\program files\dvdflick_setup_1.3.0.4.exe 2008-11-30 11:51 . 2008-10-06 07:04 15083520 ----a-w- c:\program files\spybotsd160.exe 2008-11-23 14:14 . 2008-10-02 17:20 25129080 ----a-w- c:\program files\antivir_workstation_winu_en_h.exe 2008-11-23 12:02 . 2008-11-23 12:02 1958864 ----a-w- c:\program files\TrendMicro_Downloader.exe 2008-11-11 14:44 . 2008-11-11 14:44 860391 ----a-w- c:\program files\7z457.exe 2008-10-15 13:18 . 2008-10-15 13:18 2160115 ----a-w- c:\program files\NeatSetup.exe 2008-10-15 11:48 . 2008-10-15 11:16 3172459 ----a-w- c:\program files\cdbxp_setup_4.2.2.984.exe 2008-10-15 11:18 . 2008-10-15 11:18 2959376 ----a-w- c:\program files\dotnetfx35setup.exe 2008-10-15 11:12 . 2008-10-15 11:12 4057200 ----a-w- c:\program files\wmfdist.exe 2008-10-15 09:10 . 2008-10-15 09:10 359656 ----a-w- c:\program files\msicuu2.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe" [2011-06-09 12002664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="c:\progra~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-09-26 222784] "RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600] "Acronis Scheduler2Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-20 390512] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256] "NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\ NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2008-12-4 155715] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer] c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart] 2007-03-04 21:08 1891416 ----a-w- c:\garmin\gStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-10-05 09:08 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "iPod Service"=3 (0x3) "gusvc"=2 (0x2) "gupdate1c9c7b35e2a82cc"=2 (0x2) "GEST Service"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\GIGABYTE\\GEST\\run.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Avira\\AntiVir Desktop\\avscan.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server "3192:TCP"= 3192:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [4/10/2008 12:21 30820] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [14/03/2009 9:08 64512] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/10/2008 19:41 717296] R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2/12/2010 19:22 752128] R2 afcdpsrv;Acronis Nonstop Backup-service ;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [29/12/2010 14:42 3246040] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22/05/2009 18:54 136360] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [28/10/2011 16:52 2152152] R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11/12/2010 8:22 10448] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [27/12/2011 21:00 2253120] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [15/03/2011 13:44 428384] R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [29/12/2010 14:42 167968] S2 gupdate1c9c7b35e2a82cc;Google Update Service (gupdate1c9c7b35e2a82cc);c:\program files\Google\Update\GoogleUpdate.exe [28/04/2009 4:42 133104] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28/04/2009 4:42 133104] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096] S4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [15/04/2008 13:00 14336] S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe --> c:\program files\AskBarDis\bar\bin\AskService.exe [?] S4 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\gsvr.exe [2/10/2008 23:16 55816] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map . 2011-12-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-10-28 15:52] . 2011-12-26 c:\windows\Tasks\AdobeAAMUpdater-1.0-STILLEPC-paul.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-03-22 02:44] . 2011-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2011-12-30 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-05 07:23] . 2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 03:42] . 2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 03:42] . 2011-12-30 c:\windows\Tasks\User_Feed_Synchronization-{1CD3A718-4B83-444F-9C3D-CB870A64AC95}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.tijd.be/home mStart Page = hxxp://search.foxtab.com/?s=0&chnl=irn uInternet Settings,ProxyOverride = *.local IE: PDF in Word openen (PDF Converter 3.0) - c:\program files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /700 TCP: DhcpNameServer = 192.168.1.1 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://sligachanhotel.remotemanager.co.uk/common/activex/MJPEGRender.ocx . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-30 21:35 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_d76cf65.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_d76cf65.dll" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1000) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll . - - - - - - - > 'explorer.exe'(3108) c:\program files\NVIDIA Corporation\nview\nview.dll c:\program files\NVIDIA Corporation\nview\NVWRSNL.DLL c:\progra~1\BILLPS~1\WINPAT~1\PATROLPRO.DLL c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\nvsvc32.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RunDLL32.exe c:\windows\system32\rundll32.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Voltooingstijd: 2011-12-30 21:42:30 - machine werd herstart ComboFix-quarantined-files.txt 2011-12-30 20:42 ComboFix2.txt 2011-12-30 19:08 ComboFix3.txt 2008-12-26 12:14 . Pre-Run: 213.857.906.688 bytes beschikbaar Post-Run: 213.861.183.488 bytes beschikbaar . - - End Of File - - BB11BE3696BBD1D01DCC64EE9E687C04

[anoniem]

Ik wil graag dat je onderstaande in Veilige modus gaat uitvoeren. Want dan zit Lavasoft AdAware ook niet in de weg! Zorg ervoor dat alle openstaande webbrowservensters gesloten zijn. Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:7e54407e14]Kladblok (of Notepad)[/b:7e54407e14]". . Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:7e54407e14][color=Blue:7e54407e14]KILLALL:: Folder:: c:\documents and settings\paul\Local Settings\Application Data\Babylon c:\documents and settings\All Users.WINDOWS\Application Data\Babylon c:\documents and settings\paul\Application Data\AVG C:\$AVG c:\program files\AVG [/color:7e54407e14][/b:7e54407e14] Sla dit kladblokbestand op je bureaublad op als [b:7e54407e14]CFScript.txt[/b:7e54407e14]. [b:7e54407e14][color=Red:7e54407e14]Nu eerst de antivirus deaktiveren![/color:7e54407e14][/b:7e54407e14] Sleep CFScript.txt in ComboFix.exe [img:7e54407e14]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/img:7e54407e14] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix log dat na het opnieuw starten wordt getoond! [b:7e54407e14]Belangrijke opmerking[/b:7e54407e14]: [list:7e54407e14][*:7e54407e14][b:7e54407e14][color=Red:7e54407e14]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:7e54407e14][/b:7e54407e14] [*:7e54407e14][b:7e54407e14][color=blue:7e54407e14]Illegal operation attempted on a registery key that has been marked for deletion.[/color:7e54407e14][/b:7e54407e14] [*:7e54407e14][b:7e54407e14][color=Red:7e54407e14]Start dan de computer opnieuw op.[/color:7e54407e14][/b:7e54407e14][/list:u:7e54407e14]

[anoniem]

Hallo, ook in veilige modus kreeg ik van Combofix het verzoek om Avira, AVG en Ad-aware af te sluiten - wat niet lukte. Dus toch maar doorgegaan... Zie ik het goed ? Onder "andere verwijderingen" staan nogal wat Babylon files. ComboFix 11-12-30.01 - paul 30/12/2011 22:32:23.8.4 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3582.3133 [GMT 1:00] Gestart vanuit: c:\documents and settings\paul\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\paul\Bureaublad\CFScript.txt..txt AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\$AVG c:\$avg\$VAULT\V_00000001.fil c:\$avg\$VAULT\V_00000002.fil c:\$avg\$VAULT\V_00000005.fil c:\$avg\$VAULT\V_00000006.fil c:\$avg\$VAULT\vvfolder.idx c:\documents and settings\All Users.WINDOWS\Application Data\Babylon c:\documents and settings\paul\Application Data\AVG c:\documents and settings\paul\Application Data\AVG\PC Tuneup\Logs\PC Tuneup_SN.log c:\documents and settings\paul\Application Data\AVG\PC Tuneup\User Reports\Integrator_report.html c:\documents and settings\paul\Application Data\AVG\PC Tuneup\User Reports\Integrator_report.xml c:\documents and settings\paul\Application Data\AVG\Rescue\PC Tuneup 2011\111217221721765.rsc c:\documents and settings\paul\Application Data\AVG\Rescue\PC Tuneup 2011\111217221754453.rsc c:\documents and settings\paul\Local Settings\Application Data\Babylon c:\documents and settings\paul\Local Settings\Application Data\Babylon\Setup\bab033.tbinst.dat c:\documents and settings\paul\Local Settings\Application Data\Babylon\Setup\BExternal.dll c:\documents and settings\paul\Local Settings\Application Data\Babylon\Setup\HtmlScreens\common.js c:\documents and settings\paul\Local Settings\Application Data\Babylon\Setup\HtmlScreens\eula.html c:\documents and settings\paul\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page2.css c:\documents and settings\paul\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page2.html c:\documents and settings\paul\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page2.js c:\documents and settings\paul\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page2Lrg.css c:\documents and settings\paul\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page9.html c:\documents and settings\paul\Local Settings\Application Data\Babylon\Setup\HtmlScreens\pBar.gif c:\documents and settings\paul\Local Settings\Application Data\Babylon\Setup\HtmlScreens\title2.png c:\documents and settings\paul\Local Settings\Application Data\Babylon\Setup\HtmlScreens\toolBar.jpg c:\documents and settings\paul\Local Settings\Application Data\Babylon\Setup\IECookieLow.dll c:\documents and settings\paul\Local Settings\Application Data\Babylon\Setup\Setup-tbmntr903-9.0.3.32.zpb c:\documents and settings\paul\Local Settings\Application Data\Babylon\Setup\Setup.exe c:\documents and settings\paul\Local Settings\Application Data\Babylon\Setup\SetupStrings.dat c:\documents and settings\paul\Local Settings\Application Data\Babylon\Setup\sqlite3.dll c:\documents and settings\paul\Local Settings\Application Data\Babylon\Setup\user.js c:\documents and settings\paul\Local Settings\Application Data\Babylon\Setup\Welcome.html c:\program files\AVG c:\program files\AVG\AVG2012\awacs\dav\component\content.dat c:\program files\AVG\AVG2012\awacs\dav\component\image.bmp c:\program files\AVG\AVG2012\awacs\dav\sign.bin c:\program files\AVG\AVG2012\awacs\fas\component\content.dat c:\program files\AVG\AVG2012\awacs\fas\component\image.bmp c:\program files\AVG\AVG2012\awacs\fas\sign.bin c:\program files\AVG\AVG2012\awacs\obx\component\content.dat c:\program files\AVG\AVG2012\awacs\obx\component\image.bmp c:\program files\AVG\AVG2012\awacs\obx\sign.bin c:\program files\AVG\AVG2012\awacs\pct\component\content.dat c:\program files\AVG\AVG2012\awacs\pct\component\image.bmp c:\program files\AVG\AVG2012\awacs\pct\sign.bin c:\program files\AVG\AVG2012\awacs\rules.cat c:\program files\AVG\AVG2012\awacs\rules.js c:\program files\AVG\AVG2012\Firefox4\Chrome(2)\searchshield.jar . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))) . . 2011-12-30 18:26 . 2011-12-30 18:26 388096 ----a-r- c:\documents and settings\paul\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-12-30 14:13 . 2003-11-08 00:49 278528 ----a-w- c:\windows\system32\hpdj 2011-12-30 14:08 . 2011-12-30 14:08 1402880 ----a-w- c:\program files\HiJackThis.msi 2011-12-29 17:58 . 2011-12-29 18:18 2982 ----a-w- C:\user.js 2011-12-29 17:57 . 2011-12-29 17:57 -------- d-----w- c:\program files\FoxTabFLVPlayer 2011-12-28 20:12 . 2003-09-24 08:44 44544 ----a-r- c:\windows\system32\MSXML4a.dll 2011-12-28 20:12 . 2003-09-24 08:43 626960 ----a-r- c:\windows\system32\hpvaut32.dll 2011-12-28 20:12 . 2003-09-24 08:43 487424 ----a-r- c:\windows\system32\hpvcp70.dll 2011-12-28 20:12 . 2003-09-24 08:43 344064 ----a-r- c:\windows\system32\hpvcr70.dll 2011-12-28 19:51 . 2011-12-28 19:51 -------- d-----w- c:\program files\HP 2011-12-28 19:45 . 2011-12-28 19:45 -------- d-----w- c:\program files\5100 2011-12-27 20:11 . 2011-12-27 20:11 -------- d-----w- c:\documents and settings\paul\Application Data\NVIDIA 2011-12-27 20:00 . 2011-12-27 20:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NVIDIA Corporation 2011-12-26 16:15 . 2011-12-26 16:15 -------- d-----w- c:\documents and settings\Adobe CS5 2011-12-26 07:07 . 2011-12-26 07:08 -------- d-----w- c:\documents and settings\paul\Application Data\vlc 2011-12-26 07:01 . 2011-12-26 07:01 21073936 ----a-w- c:\program files\vlc-1.1.11-win32.exe 2011-12-25 23:59 . 2011-12-26 00:00 -------- d-----w- c:\program files\Adobe Photoshop CS3 2011-12-25 22:14 . 2011-12-25 22:14 -------- d-----w- c:\windows\system32\wbem\Repository 2011-12-25 22:13 . 2011-12-30 20:19 -------- d--h--r- c:\documents and settings\paul\Onlangs geopend 2011-12-25 22:13 . 2011-12-25 22:13 -------- d-----w- c:\documents and settings\paul\Application Data\AVG2012 2011-12-25 21:19 . 2011-12-25 22:12 -------- d-----w- c:\documents and settings\paul\Local Settings\Application Data\Adobe(2) 2011-12-25 21:19 . 2011-12-25 22:12 -------- d-----w- c:\documents and settings\paul\Application Data\Adobe(2) 2011-12-25 21:14 . 2011-12-25 22:12 -------- d-----w- c:\program files\PhotoshopPortable 2011-12-25 09:09 . 2011-12-25 09:09 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Mijn documenten 2011-12-25 09:09 . 2011-12-25 22:13 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Adobe 2011-12-17 18:29 . 2011-12-17 18:29 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\Common Files 2011-12-17 18:28 . 2011-12-30 18:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG2012 2011-12-17 18:26 . 2011-12-30 18:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData 2011-12-05 21:17 . 2011-12-05 21:17 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll 2011-12-05 21:17 . 2011-12-05 21:17 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll 2011-12-05 21:17 . 2011-12-05 21:17 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll 2011-12-05 21:17 . 2011-12-05 21:17 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll 2011-12-05 21:17 . 2011-12-05 21:17 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll 2011-12-05 21:17 . 2011-12-05 21:17 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll 2011-12-05 21:17 . 2011-12-05 21:17 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll 2011-12-05 21:13 . 2011-12-05 21:13 -------- d-----w- c:\program files\iPod 2011-12-05 21:09 . 2011-12-05 21:09 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Apple Computer . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-25 23:16 . 2010-12-11 07:23 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-12-11 22:41 . 2008-04-15 12:00 26112 ----a-w- c:\windows\system32\userinit.exe 2011-12-10 14:24 . 2008-10-21 13:29 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-03 13:19 . 2011-12-03 13:19 74592 ----a-w- c:\documents and settings\bosch - garantiebewijs GOP 250 CE.zip 2011-12-03 09:52 . 2011-06-10 07:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-23 14:40 . 2008-04-15 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-04 19:13 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2008-04-15 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2008-04-15 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-29 06:47 . 2011-10-29 11:01 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-10-28 15:52 . 2009-03-14 08:08 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-10-28 05:32 . 2008-04-15 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-26 10:50 . 2008-04-15 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-26 10:50 . 2008-04-14 22:11 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-18 16:51 . 2011-10-18 16:51 3687352 ----a-w- c:\program files\PMB.lnk 2011-10-18 11:13 . 2008-04-15 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22 . 2008-10-02 21:09 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-08 04:50 . 2008-09-17 07:55 5595136 ----a-w- c:\windows\system32\nvcuda.dll 2011-10-08 04:50 . 2008-09-17 07:55 335872 ----a-w- c:\windows\system32\nvrsar.dll 2011-10-08 04:50 . 2008-09-17 07:55 331776 ----a-w- c:\windows\system32\nvrshe.dll 2011-10-08 04:50 . 2008-09-17 07:55 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2011-10-08 04:50 . 2008-09-17 07:55 282624 ----a-w- c:\windows\system32\nvrsit.dll 2011-10-08 04:50 . 2008-09-17 07:55 282624 ----a-w- c:\windows\system32\nvrses.dll 2011-10-08 04:50 . 2008-09-17 07:55 282624 ----a-w- c:\windows\system32\nvrsel.dll 2011-10-08 04:50 . 2008-09-17 07:55 278528 ----a-w- c:\windows\system32\nvrsde.dll 2011-10-08 04:50 . 2008-09-17 07:55 274432 ----a-w- c:\windows\system32\nvrspt.dll 2011-10-08 04:50 . 2008-09-17 07:55 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2011-10-08 04:50 . 2008-09-17 07:55 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2011-10-08 04:50 . 2008-09-17 07:55 270336 ----a-w- c:\windows\system32\nvrsru.dll 2011-10-08 04:50 . 2008-09-17 07:55 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2011-10-08 04:50 . 2008-09-17 07:55 270336 ----a-w- c:\windows\system32\nvrsja.dll 2011-10-08 04:50 . 2008-09-17 07:55 266240 ----a-w- c:\windows\system32\nvrsko.dll 2011-10-08 04:50 . 2008-09-17 07:55 262144 ----a-w- c:\windows\system32\nvrshu.dll 2011-10-08 04:50 . 2008-09-17 07:55 258048 ----a-w- c:\windows\system32\nvrstr.dll 2011-10-08 04:50 . 2008-09-17 07:55 258048 ----a-w- c:\windows\system32\nvrssl.dll 2011-10-08 04:50 . 2008-09-17 07:55 258048 ----a-w- c:\windows\system32\nvrssk.dll 2011-10-08 04:50 . 2008-09-17 07:55 258048 ----a-w- c:\windows\system32\nvrspl.dll 2011-10-08 04:50 . 2008-09-17 07:55 253952 ----a-w- c:\windows\system32\nvrsth.dll 2011-10-08 04:50 . 2008-09-17 07:55 253952 ----a-w- c:\windows\system32\nvrssv.dll 2011-10-08 04:50 . 2008-09-17 07:55 253952 ----a-w- c:\windows\system32\nvrsno.dll 2011-10-08 04:50 . 2008-09-17 07:55 253952 ----a-w- c:\windows\system32\nvrsda.dll 2011-10-08 04:50 . 2008-09-17 07:55 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2011-10-08 04:50 . 2008-09-17 07:55 249856 ----a-w- c:\windows\system32\nvrseng.dll 2011-10-08 04:50 . 2008-09-17 07:55 249856 ----a-w- c:\windows\system32\nvrscs.dll 2011-10-08 04:50 . 2008-09-17 07:55 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2011-10-08 04:50 . 2008-09-17 07:55 126976 ----a-w- c:\windows\system32\nvrszht.dll 2011-10-08 04:50 . 2007-09-16 17:07 54272 ----a-w- c:\windows\system32\nvwddi.dll 2011-10-08 04:50 . 2007-09-16 17:07 4226688 ----a-w- c:\windows\system32\nv4_disp.dll 2011-10-08 04:50 . 2007-09-16 17:07 298304 ----a-w- c:\windows\system32\nvsvc32.exe 2011-10-08 04:50 . 2007-09-16 17:07 2449408 ----a-w- c:\windows\system32\nvapi.dll 2011-10-08 04:50 . 2007-09-16 17:07 220992 ----a-w- c:\windows\system32\nvcolor.exe 2011-10-08 04:50 . 2007-09-16 17:07 203072 ----a-w- c:\windows\system32\nvmctray.dll 2011-10-08 04:50 . 2007-09-16 17:07 17956864 ----a-w- c:\windows\system32\nvoglnt.dll 2011-10-08 04:50 . 2007-09-16 17:07 16744256 ----a-w- c:\windows\system32\nvcpl.dll 2011-10-08 04:50 . 2007-09-16 17:07 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2011-04-10 12:06 . 2011-04-10 12:06 20586196 ----a-w- c:\program files\vlc-1.1.8-win32.exe 2011-04-10 12:03 . 2011-02-19 15:31 20364702 ----a-w- c:\program files\vlc-1.1.7-win32.exe 2011-01-29 06:52 . 2011-01-29 06:52 200442456 ----a-w- c:\program files\vegaspro100c_32bit.exe 2011-01-27 18:35 . 2011-01-27 18:35 1364522 ----a-w- c:\program files\wrar393.exe 2011-01-16 09:27 . 2011-01-16 09:26 150446976 ----a-w- c:\program files\AVSVideoEditor.exe 2011-01-12 02:33 . 2011-01-12 02:33 11008549 ----a-w- c:\program files\avidemux_2.5.4_win32.exe 2011-01-11 17:21 . 2011-01-11 17:20 62701672 ----a-w- c:\program files\AVSVideoConverter.exe 2010-12-30 16:59 . 2010-12-30 16:58 19985265 ----a-w- c:\program files\vlc-1.1.5-win32.exe 2010-12-14 19:22 . 2010-12-14 19:22 338760 ----a-w- c:\program files\RegtaskTool_Installer.exe 2010-12-13 18:03 . 2008-10-22 11:09 86016 ----a-w- c:\program files\setupenne.dll 2010-12-11 07:22 . 2010-12-11 07:21 25188112 ----a-w- c:\program files\setpoint620.exe 2010-12-08 18:15 . 2008-10-20 17:25 9039288 ----a-w- c:\program files\Vuze_Installer.exe 2010-12-04 11:27 . 2010-07-04 06:54 13454568 ----a-w- c:\program files\RegistryReviverSetup.exe 2010-08-29 11:47 . 2009-04-29 16:04 44089904 ----a-w- c:\program files\avira_antivir_personal_en.exe 2010-08-29 11:37 . 2010-08-29 11:37 44153664 ----a-w- c:\program files\avira_antivir_personal_de.exe 2010-08-29 11:23 . 2010-08-29 11:23 3427712 ----a-w- c:\program files\ccsetup235.exe 2010-08-05 17:43 . 2010-08-05 17:43 3420304 ----a-w- c:\program files\ccsetup234.exe 2010-03-20 17:37 . 2010-03-20 17:37 1103048 ----a-w- c:\program files\wpsetup.exe 2010-03-12 12:28 . 2010-03-12 12:28 34506392 ----a-w- c:\program files\Nokia_PC_Suite_dut_web.exe 2010-03-12 10:46 . 2010-03-12 10:39 98366952 ----a-w- c:\program files\Nokia_Ovi_Suite_webinstaller_ALL.exe 2010-01-02 22:50 . 2009-10-16 05:08 13731712 ----a-w- c:\program files\AVSRegistryCleaner.exe 2009-12-25 11:22 . 2009-12-25 11:22 6113439 ----a-w- c:\program files\pci_filerecovery.exe 2009-10-25 11:52 . 2009-10-25 11:52 77086488 ----a-w- c:\program files\Ad-AwareInstallation.exe 2009-09-02 18:54 . 2009-09-02 18:54 74160 ----a-w- c:\program files\irfanview_lang_nederlands.exe 2009-09-02 18:52 . 2009-09-02 18:52 1359360 ----a-w- c:\program files\iview425_setup.exe 2009-08-30 09:17 . 2009-08-30 09:16 3293088 ----a-w- c:\program files\ccsetup223.exe 2009-05-28 18:34 . 2009-05-28 18:34 5076056 ----a-w- c:\program files\nuvi760_480.exe 2009-03-22 12:11 . 2009-03-22 12:11 4310568 ----a-w- c:\program files\WebUpdater_241.exe 2009-03-14 08:06 . 2009-03-14 08:06 37452296 ----a-w- c:\program files\Ad-AwareAE.exe 2008-12-21 11:12 . 2008-12-21 11:11 5797488 ----a-w- c:\program files\GOMPLAYERENSETUP.EXE 2008-12-21 08:57 . 2008-12-21 08:57 27288880 ----a-w- c:\program files\QuickTimeInstaller.exe 2008-12-21 08:49 . 2008-12-21 08:49 12349806 ----a-w- c:\program files\dvdflick_setup_1.3.0.4.exe 2008-11-30 11:51 . 2008-10-06 07:04 15083520 ----a-w- c:\program files\spybotsd160.exe 2008-11-23 14:14 . 2008-10-02 17:20 25129080 ----a-w- c:\program files\antivir_workstation_winu_en_h.exe 2008-11-23 12:02 . 2008-11-23 12:02 1958864 ----a-w- c:\program files\TrendMicro_Downloader.exe 2008-11-11 14:44 . 2008-11-11 14:44 860391 ----a-w- c:\program files\7z457.exe 2008-10-15 13:18 . 2008-10-15 13:18 2160115 ----a-w- c:\program files\NeatSetup.exe 2008-10-15 11:48 . 2008-10-15 11:16 3172459 ----a-w- c:\program files\cdbxp_setup_4.2.2.984.exe 2008-10-15 11:18 . 2008-10-15 11:18 2959376 ----a-w- c:\program files\dotnetfx35setup.exe 2008-10-15 11:12 . 2008-10-15 11:12 4057200 ----a-w- c:\program files\wmfdist.exe 2008-10-15 09:10 . 2008-10-15 09:10 359656 ----a-w- c:\program files\msicuu2.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-12-30_19.06.16 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-15 12:00 . 2011-12-30 21:51 87930 c:\windows\system32\perfc013.dat - 2008-04-15 12:00 . 2011-12-30 18:25 87930 c:\windows\system32\perfc013.dat - 2008-04-15 12:00 . 2011-12-30 18:25 68980 c:\windows\system32\perfc009.dat + 2008-04-15 12:00 . 2011-12-30 21:51 68980 c:\windows\system32\perfc009.dat - 2008-10-02 21:15 . 2011-12-30 17:54 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-10-02 21:15 . 2011-12-30 21:52 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2008-10-02 21:15 . 2011-12-30 17:54 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat + 2008-10-02 21:15 . 2011-12-30 21:52 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat - 2008-10-02 21:15 . 2011-12-30 17:54 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2011-12-30 21:52 . 2011-12-30 21:52 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-04-15 12:00 . 2011-12-30 21:51 503308 c:\windows\system32\perfh013.dat - 2008-04-15 12:00 . 2011-12-30 18:25 503308 c:\windows\system32\perfh013.dat - 2008-04-15 12:00 . 2011-12-30 18:25 436276 c:\windows\system32\perfh009.dat + 2008-04-15 12:00 . 2011-12-30 21:51 436276 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe" [2011-06-09 12002664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="c:\progra~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-09-26 222784] "RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600] "Acronis Scheduler2Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-20 390512] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256] "NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\ NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2008-12-4 155715] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer] c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart] 2007-03-04 21:08 1891416 ----a-w- c:\garmin\gStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-10-05 09:08 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "iPod Service"=3 (0x3) "gusvc"=2 (0x2) "gupdate1c9c7b35e2a82cc"=2 (0x2) "GEST Service"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\GIGABYTE\\GEST\\run.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Avira\\AntiVir Desktop\\avscan.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server "3192:TCP"= 3192:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [4/10/2008 12:21 30820] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [14/03/2009 9:08 64512] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/10/2008 19:41 717296] R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2/12/2010 19:22 752128] R2 afcdpsrv;Acronis Nonstop Backup-service ;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [29/12/2010 14:42 3246040] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22/05/2009 18:54 136360] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [28/10/2011 16:52 2152152] R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11/12/2010 8:22 10448] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [27/12/2011 21:00 2253120] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [15/03/2011 13:44 428384] R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [29/12/2010 14:42 167968] S2 gupdate1c9c7b35e2a82cc;Google Update Service (gupdate1c9c7b35e2a82cc);c:\program files\Google\Update\GoogleUpdate.exe [28/04/2009 4:42 133104] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28/04/2009 4:42 133104] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [28/10/2011 16:52 15232] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096] S4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [15/04/2008 13:00 14336] S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe --> c:\program files\AskBarDis\bar\bin\AskService.exe [?] S4 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\gsvr.exe [2/10/2008 23:16 55816] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map . 2011-12-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-10-28 15:52] . 2011-12-26 c:\windows\Tasks\AdobeAAMUpdater-1.0-STILLEPC-paul.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-03-22 02:44] . 2011-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2011-12-30 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-05 07:23] . 2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 03:42] . 2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 03:42] . 2011-12-30 c:\windows\Tasks\User_Feed_Synchronization-{1CD3A718-4B83-444F-9C3D-CB870A64AC95}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.tijd.be/ mStart Page = hxxp://search.foxtab.com/?s=0&chnl=irn uInternet Settings,ProxyOverride = *.local IE: PDF in Word openen (PDF Converter 3.0) - c:\program files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /700 TCP: DhcpNameServer = 192.168.1.1 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://sligachanhotel.remotemanager.co.uk/common/activex/MJPEGRender.ocx . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-30 22:50 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_d76cf65.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_d76cf65.dll" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1000) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll . - - - - - - - > 'explorer.exe'(2380) c:\program files\NVIDIA Corporation\nview\nview.dll c:\program files\NVIDIA Corporation\nview\NVWRSNL.DLL c:\progra~1\BILLPS~1\WINPAT~1\PATROLPRO.DLL c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\nvsvc32.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RunDLL32.exe c:\windows\system32\rundll32.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Voltooingstijd: 2011-12-30 22:56:04 - machine werd herstart ComboFix-quarantined-files.txt 2011-12-30 21:56 ComboFix2.txt 2011-12-30 20:42 ComboFix3.txt 2011-12-30 19:08 ComboFix4.txt 2008-12-26 12:14 . Pre-Run: 213.991.571.456 bytes beschikbaar Post-Run: 213.849.935.872 bytes beschikbaar . - - End Of File - - A64626B1023C200E1CEA18E274455EAF

[anoniem]

En hoe gaat het ondertussen met jouw Windows?

[anoniem]

Loopt prima, duidelijk sneller ook. Alleen mijn printer blijkt niet meer te werken. Wordt wel herkend maar een bepaalde file is verdwenen. Ik hoop dit te kunnen herstellen door het installeren van de vereiste ge-update driver. Hopelijk zonder toegevoegde rommel deze keer... Hartelijk dank voor de hulp ! :D

[anoniem]

euh Abraham, het heeft nu wellicht niet meer met "beveiliging en privacy" te maken, maar ik kan mijn printer (hp deskjet 5150) niet installeren. Er blijkt een bepaald bestand verdwenen te zijn. Kun je me zeggen hoe ik dit oplos ?