Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

mbr defect virus ????

None
59 antwoorden
  • Gisteravond wou mijn computer niet meer starten.
    Kreeg foutmelding en bleek dat de mbr defect was.
    Dit gerepareerd.

    Nu met opstarten de meest waanzinnige processen die starten.
    Processen die ik niet vertrouwde heb ik uitgezet.
    Computer loopt ook niet echt lekker meer.

    Mbam gedraaid die heeft al een berg rotzooi weggehaald.
    Ik heb op aanraden van een vriend hijackthis gedraaid.
    Hijackthis kwam eerst met 2 foutmeldingen en daarna liep hij door

    ik heb het log van hijackthis hieronder neer gezet.
    Kan iemand dit log voor mij analyzeren

    TIA Sprokkie

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:35:44, on 3-8-2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Lantronix\Redirector\redirsvc.exe
    C:\WINDOWS\System32\hpb2ksrv.exe
    C:\WINDOWS\System32\hpbhksrv.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\NDAS\System
    dassvc.exe
    D:\National Instruments\Shared\Security
    idmsrv.exe
    C:\WINDOWS\system32
    isvcloc.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\WinAgents\TftpService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\ATI Technologies\ATI Control Panel\atiptaxx .exe
    C:\Program Files\Java\jre6\bin\jusched .exe
    C:\Program Files\Windows Defender\MSASCui .exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Logitech\Video\LogiTray .exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI .exe
    C:\Program Files\iTunes\iTunesHelper .exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam .exe
    C:\Program Files\NDAS\System
    dasmgmt.exe
    C:\Documents and Settings\Ferry\Local Settings\Application Data\Google\Update\GoogleUpdate .exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\wincmd\wincmd32.exe
    C:\Program Files\Outlook Express\MSIMN.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Ferry\Local Settings\Application Data\Google\Update\GoogleUpdate .exe
    C:\axis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:51111
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O1 - Hosts: 172.16.100.101 82.217.168.132
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - d:\Xi\NetXfer\NXIEHelper.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: WakoopaBHOClass Class - {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} - C:\Documents and Settings\Ferry\Local Settings\Application Data\Wakoopa Shared\WakoopaBHO.dll
    O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - d:\Xi\NetXfer\NXToolBar.dll
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: upef.exe (User 'Default user')
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
    O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    O8 - Extra context menu item: Create PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ontvang alle bestanden door NetXfer - D:\Xi\NetXfer\NXAddList.html
    O8 - Extra context menu item: Ontvangst door NetXfer - D:\Xi\NetXfer\NXAddLink.html
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O15 - Trusted Zone: http://www.de1103.nl
    O15 - Trusted Zone: http://www.godaddy.com
    O15 - Trusted Zone: http://*.moodle.org
    O15 - Trusted Zone: http://player.omroep.nl
    O15 - Trusted IP range: http://172.16.100.18
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://62.251.20.244:90/VatDec.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://212.248.100.101:91/kxhcm10.ocx
    O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
    O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.skylinesoft.com/interactive/terraexplorer/install/TE.cab
    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/pm/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab
    O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://81.204.25.231/home/SonySncRz30View.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264673400140
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264673381171
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://procam1.be.proserve.nl/activex/AMC.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI
    etail/DASAct.cab
    O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://77.161.40.48/bl_camera.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://172.16.100.18/activex/AxisCamControl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} (QuickUpload) - http://a01-b01.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
    O16 - DPF: {C6A03519-BA6F-438E-AF3A-878F11521CA5} (JpgView Control) - http://patrick168.blogdns.com:8888/jpgview.cab
    O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} (Pixum EasyUploadX Control) - http://www.pixum.nl/apps/EasyUploadX.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://165.91.110.101:2010/activex/AMC.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v10_nl.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O16 - DPF: {E6644870-F140-11D4-B761-00D0B73F3C8E} (CamImage Class) - http://172.16.100.18/activex/AxisCamMotionControl.ocx
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4539/mcfscan.cab
    O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A6611BB4-7160-44C5-BA10-39F0CE43DFFA}: NameServer = 194.109.6.66,194.109.9.99
    O20 - Winlogon Notify: winzoo32 - winzoo32.dll (file missing)
    O21 - SSODL: RenderDib - {c8c9d3ae-b292-4acf-9861-65f512a930cd} - C:\Program Files\Common Files\Render\RenderDib.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: HP Status - Hewlett-Packard Company - C:\WINDOWS\System32\hpb2ksrv.exe
    O23 - Service: HP Status Print - Hewlett-Packard Company - C:\WINDOWS\System32\hpbhksrv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System
    dassvc.exe
    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - D:\National Instruments\Shared\Security
    idmsrv.exe
    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32
    isvcloc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Invise Panel Manager Service (PanelMgr Service) - Unknown owner - C:\Invise\PANELMGR.EXE (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: SwitchBoard - Unknown owner - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: WinAgents TFTP Service 4 (WinAgentsTftpService4) - WinAgents Software Group - C:\Program Files\Common Files\WinAgents\TftpService.exe


    End of file - 19838 bytes
  • Hoi Sprokkie, laat weten hoe jij de MBR gerepareerd hebt.
    Hoe lang zit jij nog vast aan McAfee?
    Want ik kan niet niet anders stellen dat McAfee "sucks"!

    Het wordt denk ik een hele kluif jouw Windows weer recht te trekken.


    [b:537294d91a]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:537294d91a]
    [list:537294d91a][*:537294d91a]Lees alle instrukties goed door.
    [*:537294d91a]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat serieuze problemen in Windows veroorzaken.
    [*:537294d91a]Onthou je van het gebruik van tools cq. updates anders dan die ik jou adviseer te gebruiken.
    [*:537294d91a]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken.
    [*:537294d91a]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht.
    [*:537294d91a]De fix, eenmaal gestart, moet afgewerkt worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:537294d91a][/color:537294d91a]

    [b:537294d91a]Stap •1•[/b:537294d91a][/color:537294d91a]
    Sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:537294d91a]Fix checked[/b:537294d91a] klikt!

    Start nu HijackThis en klik op de knop [b:537294d91a]Do a Scan only,

    O4 - .DEFAULT User Startup: upef.exe (User 'Default user')[/b:537294d91a]

    [list:537294d91a][*:537294d91a] zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen
    [*:537294d91a] Sluit nu de webbrowser en vervolgens klik je daarna op de knop [b:537294d91a]Fix checked[/b:537294d91a]
    [*:537294d91a] Klik hierna HijackThis op uit.[/list:u:537294d91a]
    [b:537294d91a] Start de computer na de fix opnieuw op[/b:537294d91a]

    [b:537294d91a]Stap •2•[/b:537294d91a][/color:537294d91a]
    [b:537294d91a]Welk programma[/b:537294d91a]: Malwarebytes MBAM
    [b:537294d91a]Waarvoor/waarom[/b:537294d91a]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:537294d91a]Moeilijkheidsgraad[/b:537294d91a]: geen.

    [b:537294d91a]Download Malwarebytes MBAM via één van deze locaties[/b:537294d91a]:
    [list:537294d91a][*:537294d91a][b:537294d91a]Download.com[/b:537294d91a]
    [*:537294d91a][b:537294d91a]Softpedia.com[/b:537294d91a][*:537294d91a][b:537294d91a]Majorgeeks.com[/b:537294d91a][/list:u:537294d91a]
    [b:537294d91a]Allereerst[/b:537294d91a]:[list:537294d91a][*:537294d91a] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
    [*:537294d91a] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'!
    [/list:u:537294d91a]
    [b:537294d91a]Malwarebytes MBAM opstarten[/b:537294d91a]:
    Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
    Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
    [list:537294d91a][*:537294d91a][b:537294d91a]Let op:[/b:537294d91a]
    [list:537294d91a][*:537294d91a]Malwarebytes verstrekt nu de volledige versie van MBAM.
    [*:537294d91a]Bij de eerstse start kijg je de mogelijkheid de volledige versie te gebruiken of de gratis versie.
    [*:537294d91a]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken.
    [*:537294d91a]Zodoende zal MBAM als gratis versie verder te gebruiken zijn[/list:u:537294d91a][/list:u:537294d91a]
    [img:537294d91a]http://img30.imageshack.us/img30/3928/mbam2.png[/img:537294d91a]

    [list:537294d91a][*:537294d91a][b:537294d91a]Doe ook nog het volgende:[/b:537294d91a]
    [list:537294d91a][*:537294d91a]Zodra het programma gestart is, ga dan naar het tabblad "[b:537294d91a]Instellingen[/b:537294d91a]".
    [*:537294d91a]Vink hier aan: "[b:537294d91a]Sluit Internet Explorer tijdens verwijdering van malware[/b:537294d91a]".[/list:u:537294d91a][/list:u:537294d91a]

    [b:537294d91a]Scannen[/b:537294d91a]:
    [list:537294d91a][*:537294d91a] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
    [*:537294d91a]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
    [*:537294d91a]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:537294d91a]
    [b:537294d91a]Infecties gevonden[/b:537294d91a]:
    [list:537294d91a][*:537294d91a]Klik nu eerst op OK om de melding weg te klikken
    [*:537294d91a]Klik vervolgens rechtsonder op de knop Bekijk resultaten.
    [*:537294d91a]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
    [*:537294d91a]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [*:537294d91a]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
    [*:537294d91a]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:537294d91a]
    [b:537294d91a]MBAM-Log[/b:537294d91a]:
    [list:537294d91a][*:537294d91a] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:537294d91a]
    [b:537294d91a]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:537294d91a]

    [b:537294d91a]Stap •3•[/b:537294d91a][/color:537294d91a]
    [b:537294d91a]Wat te doen[/b:537294d91a]: Host-file reparatie
    [b:537294d91a]Welk programma[/b:537294d91a]: Malwarebytes MBAM en HostsXpert
    [b:537294d91a]Waarvoor/waarom[/b:537294d91a]: Host-file is door malware aangepast.
    [b:537294d91a]Moeilijkheidsgraad[/b:537294d91a]: geen.

    [b:537294d91a]Benodigde programma's:[/b:537294d91a]
    [list:537294d91a][*:537294d91a] Malwarebytes MBAM is reeds geïnstalleerd.
    [*:537294d91a][b:537294d91a]Download HostsXpert[/b:537294d91a] [b:537294d91a]hier[/b:537294d91a].
    [*:537294d91a]pak de gecomprimeerde map "HostExpert" alvast uit naar jouw bureaublad.[/list:u:537294d91a]


    [b:537294d91a]1.[/b:537294d91a] Start Malwarebytes MBAM en klik in de bovenste rij tabs op de tab [b:537294d91a]Meer functies[/b:537294d91a]
    [list:537294d91a][*:537294d91a]Klik hier op de knop [b:537294d91a]FileASSASIN starten[/b:537294d91a].
    [*:537294d91a]Vervolgens zal een nieuw venster openen.
    [*:537294d91a]Kopieer en plak nu onderstaande regel in de opdrachtregel achter [b:537294d91a]Bestandsnaam[/b:537294d91a]:
    [*:537294d91a][b:537294d91a]C:\WINDOWS\system32\drivers\etc\hosts[/color:537294d91a][/b:537294d91a][/list:u:537294d91a]

    Klik daarna op de knop [b:537294d91a]Openen[/b:537294d91a] en kies voor [b:537294d91a]JA[/b:537294d91a] om het Hosts bestand te verwijderen.
    [img:537294d91a]http://i1103.photobucket.com/albums/g476/pcwebplus/fileassasin.gif[/img:537294d91a]

    De verwijdering zal gevolgd worden door een reboot van jouw computer.


    Na het herstarten van jouw PC doe je het volgende:


    [b:537294d91a]HostEpert gebruiken[/b:537294d91a]:

    [list:537294d91a][*:537294d91a]Windows 2000 en Windows XP: open de map "HostExpert" en dubbelklik op [b:537294d91a]Hoster.exe[/b:537294d91a].
    [*:537294d91a]Windows Vista en Windows 7: open de map "HostExpert" en start [b:537294d91a]Hoster.exe[/b:537294d91a] middels rechtsklik daarop waarbij jij kiest voor [b:537294d91a]Als Administrator uitvoeren[/b:537294d91a].[/list:u:537294d91a]
    [list:537294d91a][*:537294d91a]Klik nu eerst op de knop [b:537294d91a]Restore Microsofts Original Hosts File[/b:537294d91a].
    [*:537294d91a]Klik vervolgens op de knop [b:537294d91a]OK[/b:537294d91a] en sluit dan het het programma.[/list:u:537294d91a]


    [b:537294d91a]Stap •4•[/b:537294d91a][/color:537294d91a]
    [[b:537294d91a]Welk programma[/b:537294d91a]: Kaspersky [b:537294d91a]TDSSKiller[/b:537294d91a]
    [b:537294d91a]Waarvoor/waarom[/b:537294d91a]: Rootkitscanner
    [b:537294d91a]Moeilijkheidsgraad[/b:537294d91a]: geen
    [b:537294d91a]Downloadlokatie[/b:537294d91a]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
    [b:537294d91a]Download[/b:537294d91a] [b:537294d91a]TDSSKiller[/b:537294d91a] [b:537294d91a]hier[/b:537294d91a].

    [b:537294d91a]Installatie[/b:537294d91a]:
    [list:537294d91a][*:537294d91a] pak het bestand uit op je bureaublad.[/list:u:537294d91a]

    [b:537294d91a]TDSSKiller gebruiken[/b:537294d91a]:
    [list:537294d91a][*:537294d91a]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe.
    [*:537294d91a]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:537294d91a]Als Administrator uitvoeren[/b:537294d91a].
    [*:537294d91a]Idien TDSSKiller met een bericht komt over een beschikbare update, dan voer je deze eerst uit.[/list:u:537294d91a]
    [img:537294d91a]http://www.imgdumper.nl/uploads4/4dc1d6438f791/4dc1d6438d897-TDSSKiller_2011-05-05_00-26-21.jpg[/img:537294d91a]

    [list:537294d91a][*:537294d91a]Klik vervolgens op de knop [b:537294d91a]"Start Scan"[/b:537294d91a] en volg de instructies.
    [*:537294d91a] Nadat de scan klaar is klik je op de knop [b:537294d91a]"Report"[/b:537294d91a].
    [*:537294d91a]Er opent een kladblokbestand. Post de inhoud van dit bestand.
    [list:537294d91a][*:537294d91a][b:537294d91a]Herstart de pc indien TDSSKiller die optie aangeeft (Reboot now).[/b:537294d91a]
    [*:537294d91a]Wanneer het opnieuw opstarten noodzakelijk is, vind je de logfile in [b:537294d91a]C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt[/b:537294d91a][/list:u:537294d91a][/list:u:537294d91a]
    [b:537294d91a]Stap •5•[/b:537294d91a][/color:537294d91a]
    [b:537294d91a]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:537294d91a]
    [list:537294d91a][*:537294d91a] een nieuw Hijackthis-log
    [*:537294d91a]MBAM-log
    [*:537294d91a]TDSSKiller-log[/list:u:537294d91a]
  • Ik ben nu bij stap 3
    Als ik Mbam wil starten start mbam niet.
    Staat nu al 8x in taakbeheer en wordt niet groter dan 7508KB-7532Kb
    dan start er een nieuw proces dat mbam heet.

    ook viel mij op dat ik blank window2 en hello 4 kreeg tijdens opstarten.

    wat me nu op valt in taakbeheer.

    het proces mbam start alsvolgt

    mbam .exe daarna als het 7.532Kb heeft bereikt wordt het mbam.exe
    en start er een nieuw process mbam .exe

    hoe doe ik nu stap 3 ?

    ik heb zelf ooit eens mij hosts file aangepast, om van irritante reclame in ie aftekomen.



    Update 14:14

    mbam werkt weer.
    gestart vanuit de map en niet met snelkoppeling, ga nu snel verder met stap 3

    update 14:20
    hosts file verwijderd, mbam vroeg niet om opnieuw op te starten
    nu handmatig aan het opstarten.
    Krijg nu weer de melding programma beëindigen hello 4 dit programma reargeert niet.
    ik klik maar op nu beëindigen


    grt
    Sprokkie
  • Ik heb de MBr gerepareerd eerst geprobeert met de winxp herstelconsole
    twee commando's invoeren iets met fix mbr.
    dat werkte niet

    Uiteindelijk met een win98 opstartfloppy fdisk /mbr gedaan.
    dat werkte wel

    nu heb ik 8x ISUSPM.exe in de taakmagager staan.
    Ook heb ik een custom msconfig/startup.
    Daar staat ook een heleboel gedisabled.

    2x Shat.exe in de taakmanager
    1x SHSTAT .exe
    1x SHSAT.EXE

    nog een lange weg te gaan denk ik ……..

    logfile's

    Nieuw hijackthis:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 14:43:55, on 3-8-2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\System32\hpb2ksrv.exe
    C:\WINDOWS\System32\hpbhksrv.exe
    C:\WINDOWS\system32\lkcitdl.exe
    C:\WINDOWS\system32\lkads.exe
    C:\WINDOWS\system32\lktsrv.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\NDAS\System
    dassvc.exe
    D:\National Instruments\Shared\Security
    idmsrv.exe
    C:\WINDOWS\system32
    isvcloc.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\WinAgents\TftpService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Logitech\Video\LogiTray .exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\ATI Technologies\ATI Control Panel\atiptaxx .exe
    C:\WINDOWS\System32\LVComsX.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\Ferry\Bureaublad\TDSSKiller.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\axis\HijackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:51111
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - d:\Xi\NetXfer\NXIEHelper.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: WakoopaBHOClass Class - {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} - C:\Documents and Settings\Ferry\Local Settings\Application Data\Wakoopa Shared\WakoopaBHO.dll
    O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - d:\Xi\NetXfer\NXToolBar.dll
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
    O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    O8 - Extra context menu item: Create PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ontvang alle bestanden door NetXfer - D:\Xi\NetXfer\NXAddList.html
    O8 - Extra context menu item: Ontvangst door NetXfer - D:\Xi\NetXfer\NXAddLink.html
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O15 - Trusted Zone: http://www.de1103.nl
    O15 - Trusted Zone: http://www.godaddy.com
    O15 - Trusted Zone: http://*.moodle.org
    O15 - Trusted Zone: http://player.omroep.nl
    O15 - Trusted IP range: http://172.16.100.18
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://62.251.20.244:90/VatDec.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://212.248.100.101:91/kxhcm10.ocx
    O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
    O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.skylinesoft.com/interactive/terraexplorer/install/TE.cab
    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/pm/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab
    O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://81.204.25.231/home/SonySncRz30View.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264673400140
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264673381171
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://procam1.be.proserve.nl/activex/AMC.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI
    etail/DASAct.cab
    O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://77.161.40.48/bl_camera.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://172.16.100.18/activex/AxisCamControl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} (QuickUpload) - http://a01-b01.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
    O16 - DPF: {C6A03519-BA6F-438E-AF3A-878F11521CA5} (JpgView Control) - http://patrick168.blogdns.com:8888/jpgview.cab
    O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} (Pixum EasyUploadX Control) - http://www.pixum.nl/apps/EasyUploadX.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://165.91.110.101:2010/activex/AMC.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v10_nl.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O16 - DPF: {E6644870-F140-11D4-B761-00D0B73F3C8E} (CamImage Class) - http://172.16.100.18/activex/AxisCamMotionControl.ocx
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4539/mcfscan.cab
    O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A6611BB4-7160-44C5-BA10-39F0CE43DFFA}: NameServer = 194.109.6.66,194.109.9.99
    O20 - Winlogon Notify: winzoo32 - winzoo32.dll (file missing)
    O21 - SSODL: RenderDib - {c8c9d3ae-b292-4acf-9861-65f512a930cd} - C:\Program Files\Common Files\Render\RenderDib.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: HP Status - Hewlett-Packard Company - C:\WINDOWS\System32\hpb2ksrv.exe
    O23 - Service: HP Status Print - Hewlett-Packard Company - C:\WINDOWS\System32\hpbhksrv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System
    dassvc.exe
    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - D:\National Instruments\Shared\Security
    idmsrv.exe
    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32
    isvcloc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Invise Panel Manager Service (PanelMgr Service) - Unknown owner - C:\Invise\PANELMGR.EXE (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: SwitchBoard - Unknown owner - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: WinAgents TFTP Service 4 (WinAgentsTftpService4) - WinAgents Software Group - C:\Program Files\Common Files\WinAgents\TftpService.exe


    End of file - 19638 bytes

    ********************************************************
    ***** MBAM logfile ****
    ********************************************************

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Databaseversie: 7360

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    3-8-2011 13:31:53
    mbam-log-2011-08-03 (13-31-53).txt

    Scantype: Snelle scan
    Objecten gescand: 213562
    Verstreken tijd: 31 minuut/minuten, 26 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 3
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 5

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)


    ********************************************************
    ***** TDSSKiller logfile ****
    ********************************************************



    2011/08/03 14:33:19.0453 3596 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
    2011/08/03 14:33:19.0718 3596 ================================================================================
    2011/08/03 14:33:19.0718 3596 SystemInfo:
    2011/08/03 14:33:19.0718 3596
    2011/08/03 14:33:19.0718 3596 OS Version: 5.1.2600 ServicePack: 3.0
    2011/08/03 14:33:19.0718 3596 Product type: Workstation
    2011/08/03 14:33:19.0718 3596 ComputerName: KAYLEIGH
    2011/08/03 14:33:19.0718 3596 UserName: Ferry
    2011/08/03 14:33:19.0718 3596 Windows directory: C:\WINDOWS
    2011/08/03 14:33:19.0718 3596 System windows directory: C:\WINDOWS
    2011/08/03 14:33:19.0718 3596 Processor architecture: Intel x86
    2011/08/03 14:33:19.0718 3596 Number of processors: 1
    2011/08/03 14:33:19.0718 3596 Page size: 0x1000
    2011/08/03 14:33:19.0718 3596 Boot type: Normal boot
    2011/08/03 14:33:19.0718 3596 ================================================================================
    2011/08/03 14:33:23.0390 3596 Initialize success
    2011/08/03 14:33:35.0531 4000 ================================================================================
    2011/08/03 14:33:35.0531 4000 Scan started
    2011/08/03 14:33:35.0531 4000 Mode: Manual;
    2011/08/03 14:33:35.0531 4000 ================================================================================
    2011/08/03 14:33:36.0984 4000 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
    2011/08/03 14:33:37.0484 4000 a347bus (61c7faa37417ca5bafa0490a49cc84d6) C:\WINDOWS\system32\DRIVERS\a347bus.sys
    2011/08/03 14:33:38.0046 4000 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\system32\Drivers\a347scsi.sys
    2011/08/03 14:33:38.0906 4000 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2011/08/03 14:33:39.0515 4000 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/08/03 14:33:39.0968 4000 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/08/03 14:33:40.0593 4000 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2011/08/03 14:33:41.0187 4000 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/08/03 14:33:41.0656 4000 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
    2011/08/03 14:33:42.0125 4000 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/08/03 14:33:42.0640 4000 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2011/08/03 14:33:43.0015 4000 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2011/08/03 14:33:43.0500 4000 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2011/08/03 14:33:44.0687 4000 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2011/08/03 14:33:45.0718 4000 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2011/08/03 14:33:46.0250 4000 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2011/08/03 14:33:50.0578 4000 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2011/08/03 14:33:51.0343 4000 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2011/08/03 14:33:51.0921 4000 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/08/03 14:33:52.0562 4000 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2011/08/03 14:33:53.0125 4000 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2011/08/03 14:33:53.0859 4000 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2011/08/03 14:33:54.0390 4000 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
    2011/08/03 14:33:54.0906 4000 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/08/03 14:33:55.0515 4000 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/08/03 14:33:56.0421 4000 ati2mtag (b9aa7785f472a658436676cdaafc94da) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2011/08/03 14:33:57.0328 4000 Atkcfg (a1f80a3f96db9a3338b4299af8d271e4) C:\WINDOWS\system32\Drivers\atkcfg.sys
    2011/08/03 14:33:57.0890 4000 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/08/03 14:33:58.0500 4000 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/08/03 14:33:58.0921 4000 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
    2011/08/03 14:33:59.0578 4000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/08/03 14:34:00.0062 4000 BlueletAudio (8b504a44be24b94ee6ceb95db3dca62d) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
    2011/08/03 14:34:00.0625 4000 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
    2011/08/03 14:34:00.0734 4000 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
    2011/08/03 14:34:01.0234 4000 BT (9da8abc4885aff4793d4aa420e40bb12) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
    2011/08/03 14:34:02.0046 4000 BT848 (4bd14d93fc4afdc08cd2fa510dea0576) C:\WINDOWS\system32\drivers\BT848.sys
    2011/08/03 14:34:02.0921 4000 BtAudio (ca141a70ad8604c6d97ab9b3084ab954) C:\WINDOWS\system32\DRIVERS\btaudio.sys
    2011/08/03 14:34:03.0531 4000 Btcsrusb (98e9ccb681eac4fbe00133e46d0da790) C:\WINDOWS\system32\Drivers\btcusb.sys
    2011/08/03 14:34:04.0078 4000 BTDriver (d307cb113bad063d4d56058f69b02d7a) C:\WINDOWS\system32\DRIVERS\btport.sys
    2011/08/03 14:34:04.0718 4000 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    2011/08/03 14:34:05.0515 4000 BTHidEnum (1a06a0b81b413886a8ca347f7c15dfc9) C:\WINDOWS\system32\DRIVERS\vbtenum.sys
    2011/08/03 14:34:06.0437 4000 BTHidMgr (c80ef371e87733bb44cf4a074b40a507) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
    2011/08/03 14:34:07.0281 4000 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
    2011/08/03 14:34:08.0000 4000 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
    2011/08/03 14:34:08.0500 4000 BTHPORT (29ff6a865782d0f5b8e7fa1ffab4182b) C:\WINDOWS\system32\Drivers\BTHport.sys
    2011/08/03 14:34:09.0328 4000 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
    2011/08/03 14:34:10.0109 4000 BTKRNL (0627ed35e6c287a924c3b685815db8d8) C:\WINDOWS\system32\drivers\btkrnl.sys
    2011/08/03 14:34:10.0906 4000 BTSERIAL (e490c0b632e9e2cc551ca82a42a68d60) C:\WINDOWS\system32\drivers\btserial.sys
    2011/08/03 14:34:11.0937 4000 BTSLBCSP (5abc4b88ea25d81b34bd00b7abe9553d) C:\WINDOWS\system32\drivers\btslbcsp.sys
    2011/08/03 14:34:12.0687 4000 BTTUNER (f731d8a647a636f65ccebb6fb222bb3d) C:\WINDOWS\system32\drivers\BTTUNER.sys
    2011/08/03 14:34:13.0484 4000 BTWDNDIS (5f69dd42413a09e0b501bbf4237454a6) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
    2011/08/03 14:34:14.0359 4000 BTWUSB (540e6832d01e0b35a0e341fc0c3f5a4c) C:\WINDOWS\system32\Drivers\btwusb.sys
    2011/08/03 14:34:15.0265 4000 BTXBAR (e87c94f20284936745b8de48698a29ae) C:\WINDOWS\system32\drivers\BTXBAR.sys
    2011/08/03 14:34:15.0765 4000 CamDrL (cba8bce5bf67a3c619d5ce540bed9cf7) C:\WINDOWS\system32\DRIVERS\Camdrl.sys
    2011/08/03 14:34:16.0562 4000 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2011/08/03 14:34:17.0046 4000 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/08/03 14:34:17.0593 4000 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/08/03 14:34:18.0578 4000 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2011/08/03 14:34:19.0218 4000 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/08/03 14:34:19.0578 4000 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/08/03 14:34:19.0953 4000 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
    2011/08/03 14:34:20.0593 4000 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/08/03 14:34:25.0078 4000 CH341SER (e9009c82c5a9e554797da649d44967b2) C:\WINDOWS\system32\Drivers\CH341SER.SYS
    2011/08/03 14:34:26.0390 4000 CmdIde (026ba1f2d9c9f742ec3823d0214cd67c) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2011/08/03 14:34:27.0062 4000 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2011/08/03 14:34:27.0484 4000 CprDrvr (a6c40b5061745b814efe00e980eca6d7) C:\WINDOWS\system32\DRIVERS\CprDrvr.sys
    2011/08/03 14:34:28.0140 4000 cvintdrv (dbd89bc0dbe00dcd245be8f61dbee291) C:\WINDOWS\system32\drivers\cvintdrv.sys
    2011/08/03 14:34:28.0671 4000 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2011/08/03 14:34:29.0125 4000 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2011/08/03 14:34:29.0687 4000 DCamUSBSQTECH (100ff3d9e16afb3163bd6f9aaaab7c55) C:\WINDOWS\system32\Drivers\SQcaptur.sys
    2011/08/03 14:34:30.0625 4000 DFUBTUSB (d21dab2d7f1a1dc0f1fb957b8b0a4207) C:\WINDOWS\system32\Drivers\frmupgr.sys
    2011/08/03 14:34:31.0328 4000 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/08/03 14:34:31.0906 4000 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/08/03 14:34:32.0812 4000 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
    2011/08/03 14:34:33.0328 4000 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/08/03 14:34:33.0781 4000 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/08/03 14:34:34.0500 4000 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2011/08/03 14:34:35.0109 4000 dptrackerd (b625d3cc8b586ecc83215e9e5e031ad8) C:\WINDOWS\system32\drivers\dptrackerd.sys
    2011/08/03 14:34:35.0750 4000 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/08/03 14:34:36.0312 4000 DroidCam (5b33a86197fd1180bdd52347f91dc6e7) C:\WINDOWS\system32\drivers\droidcam.sys
    2011/08/03 14:34:36.0703 4000 DS1410D (01dd1db0156d0ca545eb779fbfaec6fa) C:\WINDOWS\system32\drivers\DS1410D.sys
    2011/08/03 14:34:37.0531 4000 ElbyCDFL (59c9e1336a4508f059827d638e924c62) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
    2011/08/03 14:34:37.0984 4000 ElbyCDIO (f9fb8a241685c6e4e737ed0501bef7be) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
    2011/08/03 14:34:38.0359 4000 ENUM1394 (80d1b490b60e74e002dc116ec5d41748) C:\WINDOWS\system32\DRIVERS\enum1394.sys
    2011/08/03 14:34:38.0828 4000 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/08/03 14:34:39.0390 4000 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/08/03 14:34:39.0812 4000 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
    2011/08/03 14:34:40.0421 4000 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/08/03 14:34:40.0843 4000 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/08/03 14:34:41.0203 4000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/08/03 14:34:41.0781 4000 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/08/03 14:34:42.0453 4000 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/08/03 14:34:43.0000 4000 Gig5gu (8e82de2eeabde010ba323b1571562a49) C:\WINDOWS\system32\Drivers\gig5gu.sys
    2011/08/03 14:34:43.0718 4000 Gigsrf (e74a419a4cd22509de063b8327467d02) C:\WINDOWS\system32\Drivers\gigsrf.sys
    2011/08/03 14:34:44.0609 4000 Gigtnc (f6c7812dafb3b00f1f222832bf1fb380) C:\WINDOWS\system32\Drivers\gigtnc.sys
    2011/08/03 14:34:45.0453 4000 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/08/03 14:34:46.0031 4000 hardlock (6bfd528f2f25473d3e52ca8c3c25e4df) C:\WINDOWS\system32\drivers\hardlock.sys
    2011/08/03 14:34:50.0468 4000 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
    2011/08/03 14:34:50.0984 4000 HidBth (d8cc702bb02ad520c3379e7ecb009ae1) C:\WINDOWS\system32\DRIVERS\hidbth.sys
    2011/08/03 14:34:51.0562 4000 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/08/03 14:34:52.0125 4000 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2011/08/03 14:34:52.0734 4000 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/08/03 14:34:53.0281 4000 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/08/03 14:34:54.0031 4000 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/08/03 14:34:54.0609 4000 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/08/03 14:34:55.0250 4000 hwdatacard (07853191b1bdee5b39be4cfcfe3b9ad4) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
    2011/08/03 14:34:56.0218 4000 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2011/08/03 14:34:57.0031 4000 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2011/08/03 14:34:57.0750 4000 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/08/03 14:34:59.0140 4000 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/08/03 14:34:59.0687 4000 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2011/08/03 14:35:00.0609 4000 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/08/03 14:35:01.0718 4000 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/08/03 14:35:02.0312 4000 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/08/03 14:35:02.0750 4000 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/08/03 14:35:03.0343 4000 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/08/03 14:35:03.0750 4000 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/08/03 14:35:04.0140 4000 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/08/03 14:35:04.0515 4000 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/08/03 14:35:04.0875 4000 IRIS5 (885f20426ba59e6ab0a5ce0cc81e220b) C:\WINDOWS\system32\IRIS5.SYS
    2011/08/03 14:35:06.0234 4000 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/08/03 14:35:07.0046 4000 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/08/03 14:35:07.0828 4000 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/08/03 14:35:08.0593 4000 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/08/03 14:35:09.0125 4000 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/08/03 14:35:10.0046 4000 lfsfilt (6d32777644476ff37dfe8ac0abda6e26) C:\WINDOWS\System32\DRIVERS\lfsfilt.sys
    2011/08/03 14:35:10.0703 4000 lpx (1b69ecb4637137c244327dc7d6fedce2) C:\WINDOWS\system32\DRIVERS\lpx.sys
    2011/08/03 14:35:11.0187 4000 Ltxred (5a8e14fc728b4b65151855076ce5a3c9) C:\WINDOWS\System32\drivers\ltxred.sys
    2011/08/03 14:35:11.0656 4000 LVUSBSta (90259f3a20fbaec1a08d74ef5415b9d8) C:\WINDOWS\system32\drivers\lvusbsta.sys
    2011/08/03 14:35:12.0218 4000 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2011/08/03 14:35:13.0031 4000 mfeapfk (4f557e7140124f7dd347e6e6ba11a696) C:\WINDOWS\system32\drivers\mfeapfk.sys
    2011/08/03 14:35:13.0640 4000 mfeavfk (5a88fc236667c8c245f19c62a5e18e70) C:\WINDOWS\system32\drivers\mfeavfk.sys
    2011/08/03 14:35:14.0406 4000 mfebopk (e0bf92925c2a68662d32439bef5e9c1f) C:\WINDOWS\system32\drivers\mfebopk.sys
    2011/08/03 14:35:15.0125 4000 mfehidk (9ac9ea61e33af81b60a65cdb71474ea6) C:\WINDOWS\system32\drivers\mfehidk.sys
    2011/08/03 14:35:15.0375 4000 mferkdk (fda7f14ad5dda9fca8ee2bae222cd5fb) C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
    2011/08/03 14:35:15.0906 4000 mfetdik (0371251b81b9898a79a80970be7fadab) C:\WINDOWS\system32\drivers\mfetdik.sys
    2011/08/03 14:35:16.0687 4000 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/08/03 14:35:17.0281 4000 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
    2011/08/03 14:35:17.0875 4000 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/08/03 14:35:18.0640 4000 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/08/03 14:35:19.0375 4000 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/08/03 14:35:20.0015 4000 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2011/08/03 14:35:20.0671 4000 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/08/03 14:35:21.0218 4000 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/08/03 14:35:22.0078 4000 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
    2011/08/03 14:35:22.0421 4000 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/08/03 14:35:22.0953 4000 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/08/03 14:35:23.0656 4000 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/08/03 14:35:24.0328 4000 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/08/03 14:35:25.0031 4000 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/08/03 14:35:25.0531 4000 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/08/03 14:35:26.0015 4000 Mtlmnt5 (d7ecb8feb68e6d93a2d3c6e298f77e3d) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
    2011/08/03 14:35:27.0031 4000 Mtlstrm (4b422cbca2c528dc0a7e48a14bf0e487) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
    2011/08/03 14:35:29.0125 4000 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    2011/08/03 14:35:29.0703 4000 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/08/03 14:35:30.0078 4000 Nbf (c087dd7fa47c4a43683df764fbfa30a7) C:\WINDOWS\system32\DRIVERS
    bf.sys
    2011/08/03 14:35:30.0984 4000 ndasbus (003a87e7660f51db68fd511c09857dc0) C:\WINDOWS\system32\DRIVERS
    dasbus.sys
    2011/08/03 14:35:31.0609 4000 ndasscsi (d2f2a2261e40e6280a571971fa7ed024) C:\WINDOWS\system32\DRIVERS
    dasscsi.sys
    2011/08/03 14:35:32.0218 4000 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/08/03 14:35:32.0593 4000 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/08/03 14:35:33.0093 4000 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS
    distapi.sys
    2011/08/03 14:35:33.0625 4000 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS
    disuio.sys
    2011/08/03 14:35:34.0062 4000 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS
    diswan.sys
    2011/08/03 14:35:34.0484 4000 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/08/03 14:35:35.0078 4000 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS
    etbios.sys
    2011/08/03 14:35:35.0546 4000 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS
    etbt.sys
    2011/08/03 14:35:36.0125 4000 NHostNT1 (527b01c1e9925e730132e77c742013ec) C:\WINDOWS\System32\Drivers\NHOSTNT1.SYS
    2011/08/03 14:35:36.0671 4000 NHOSTNT3 (b937f16f82a503ec4db65cf171f694fb) C:\WINDOWS\System32\Drivers\NHOSTNT3.SYS
    2011/08/03 14:35:37.0218 4000 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS
    ic1394.sys
    2011/08/03 14:35:37.0859 4000 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
    2011/08/03 14:35:38.0406 4000 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\WINDOWS\system32\drivers\ccdcmb.sys
    2011/08/03 14:35:39.0078 4000 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\WINDOWS\system32\drivers\ccdcmbo.sys
    2011/08/03 14:35:39.0609 4000 NPF (b15e0180c43d8b5219196d76878cc2dd) C:\WINDOWS\system32\drivers
    pf.sys
    2011/08/03 14:35:40.0328 4000 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/08/03 14:35:41.0015 4000 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/08/03 14:35:41.0890 4000 NtMtlFax (c647b107685d6f8a7a6d4f41365fc2ef) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
    2011/08/03 14:35:42.0718 4000 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/08/03 14:35:44.0234 4000 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS
    wlnkflt.sys
    2011/08/03 14:35:44.0765 4000 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS
    wlnkfwd.sys
    2011/08/03 14:35:45.0375 4000 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS
    wlnkipx.sys
    2011/08/03 14:35:45.0765 4000 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS
    wlnknb.sys
    2011/08/03 14:35:46.0250 4000 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS
    wlnkspx.sys
    2011/08/03 14:35:46.0843 4000 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/08/03 14:35:47.0234 4000 Parclass (d46373f7d9aaeb4a5dd734c1eca67a66) C:\WINDOWS\System32\Drivers\Parclass.sys
    2011/08/03 14:35:47.0718 4000 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/08/03 14:35:48.0312 4000 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/08/03 14:35:48.0687 4000 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/08/03 14:35:49.0890 4000 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
    2011/08/03 14:35:50.0671 4000 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/08/03 14:35:51.0203 4000 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/08/03 14:35:51.0843 4000 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/08/03 14:35:52.0234 4000 Pcouffin (1f7f4eaf77d51aa3891d5ee2fdc6976b) C:\WINDOWS\system32\Drivers\Pcouffin.sys
    2011/08/03 14:35:54.0468 4000 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2011/08/03 14:35:55.0031 4000 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2011/08/03 14:35:55.0812 4000 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
    2011/08/03 14:35:56.0500 4000 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/08/03 14:35:56.0875 4000 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys
    2011/08/03 14:35:57.0234 4000 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/08/03 14:35:57.0703 4000 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/08/03 14:35:58.0171 4000 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
    2011/08/03 14:35:58.0609 4000 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2011/08/03 14:35:59.0046 4000 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2011/08/03 14:35:59.0484 4000 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2011/08/03 14:35:59.0937 4000 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2011/08/03 14:36:00.0312 4000 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2011/08/03 14:36:00.0687 4000 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/08/03 14:36:01.0125 4000 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/08/03 14:36:01.0515 4000 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/08/03 14:36:01.0921 4000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/08/03 14:36:02.0296 4000 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/08/03 14:36:02.0843 4000 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/08/03 14:36:03.0500 4000 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/08/03 14:36:03.0937 4000 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/08/03 14:36:04.0343 4000 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/08/03 14:36:04.0890 4000 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    2011/08/03 14:36:05.0296 4000 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
    2011/08/03 14:36:05.0765 4000 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    2011/08/03 14:36:06.0390 4000 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    2011/08/03 14:36:06.0859 4000 rtl8139 (d0ac0b0355a3ffb85eb77b083cd0627c) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
    2011/08/03 14:36:07.0484 4000 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/08/03 14:36:07.0906 4000 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
    2011/08/03 14:36:08.0359 4000 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/08/03 14:36:08.0796 4000 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/08/03 14:36:09.0296 4000 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
    2011/08/03 14:36:09.0703 4000 siellif (a684ce1204c1375479b2eeb0ff85b774) C:\WINDOWS\system32\Drivers\siellif.sys
    2011/08/03 14:36:10.0187 4000 Sieupapp (79b39981c23d58fe9c003d7cfa797ecc) C:\WINDOWS\system32\Drivers\Sieupapp.sys
    2011/08/03 14:36:11.0046 4000 Sieupdfu (1583a0a8d3d10322b396cb791448f76c) C:\WINDOWS\system32\Drivers\Sieupdfu.sys
    2011/08/03 14:36:12.0562 4000 sisagp (1630fbdbcb0cf3a60c02b6f140bab98b) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
    2011/08/03 14:36:13.0218 4000 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/08/03 14:36:14.0359 4000 Slntamr (360818a7d42cf54fe2a5eda3b57b7304) C:\WINDOWS\system32\DRIVERS\slntamr.sys
    2011/08/03 14:36:15.0000 4000 SlNtHal (facf8683e67f9f048c537ab82c31c193) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
    2011/08/03 14:36:15.0453 4000 SlWdmSup (a7bca2b23ad739d487a3c7e4dfb39696) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
    2011/08/03 14:36:16.0078 4000 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
    2011/08/03 14:36:16.0515 4000 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2011/08/03 14:36:17.0375 4000 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/08/03 14:36:18.0062 4000 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/08/03 14:36:18.0546 4000 SR9USB (1f9c2056c10f45d5628fbc146d191328) C:\WINDOWS\system32\DRIVERS\sr9usb.sys
    2011/08/03 14:36:19.0343 4000 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/08/03 14:36:19.0921 4000 STAC97NA (fea4a08b4358798c92f13e14b3ece4c4) C:\WINDOWS\system32\drivers\stac97na.sys
    2011/08/03 14:36:20.0531 4000 STAC97NH (a936f5a5ce056b0bb6bdea18104780aa) C:\WINDOWS\system32\drivers\stac97nh.sys
    2011/08/03 14:36:21.0234 4000 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/08/03 14:36:21.0906 4000 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/08/03 14:36:22.0359 4000 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/08/03 14:36:22.0750 4000 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2011/08/03 14:36:23.0421 4000 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2011/08/03 14:36:23.0859 4000 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2011/08/03 14:36:24.0328 4000 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2011/08/03 14:36:25.0171 4000 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/08/03 14:36:25.0781 4000 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/08/03 14:36:26.0359 4000 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/08/03 14:36:26.0921 4000 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/08/03 14:36:27.0875 4000 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/08/03 14:36:28.0515 4000 TosIde (5bc2144ab4f6090f12e49e9648b5a702) C:\WINDOWS\system32\DRIVERS\toside.sys
    2011/08/03 14:36:29.0140 4000 TVicPort (97dd70feca64fb4f63de7bb7e66a80b1) C:\WINDOWS\system32\drivers\TVicPort.sys
    2011/08/03 14:36:31.0453 4000 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/08/03 14:36:31.0796 4000 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2011/08/03 14:36:32.0296 4000 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/08/03 14:36:32.0718 4000 upperdev (e526a166e6acafd0a9b3841d3941669e) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
    2011/08/03 14:36:33.0281 4000 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2011/08/03 14:36:33.0984 4000 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/08/03 14:36:34.0562 4000 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/08/03 14:36:34.0812 4000 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/08/03 14:36:35.0109 4000 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/08/03 14:36:35.0375 4000 Usblink (5512152fb6ece76648787b617e60bce9) C:\WINDOWS\system32\Drivers\ulink.sys
    2011/08/03 14:36:35.0718 4000 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2011/08/03 14:36:35.0921 4000 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/08/03 14:36:36.0171 4000 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/08/03 14:36:36.0390 4000 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
    2011/08/03 14:36:36.0593 4000 UsbserFilt (6f3e3c6811b930d2414552a2e4a40f36) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
    2011/08/03 14:36:36.0921 4000 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/08/03 14:36:37.0109 4000 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/08/03 14:36:37.0296 4000 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    2011/08/03 14:36:37.0593 4000 V90drv (4a55bdd4a1ffe650c3c2f8687c2ea4c2) C:\WINDOWS\system32\DRIVERS\v90drv.sys
    2011/08/03 14:36:38.0015 4000 VBoxDrv (3e4b3de332634151d10bca5c0f3dd226) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
    2011/08/03 14:36:38.0375 4000 VBoxNetAdp (02cf071ee8cad9667ec0736c57360b70) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
    2011/08/03 14:36:38.0937 4000 VBoxUSB (3016f030106fb4b482d0cd12d2b59648) C:\WINDOWS\system32\Drivers\VBoxUSB.sys
    2011/08/03 14:36:39.0343 4000 VBoxUSBMon (be71306e451c5f9de9a64b32038314ee) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
    2011/08/03 14:36:39.0656 4000 VComm (9ebee4a060c5364a31aeaa04eac2af1e) C:\WINDOWS\system32\DRIVERS\VComm.sys
    2011/08/03 14:36:39.0984 4000 VcommMgr (630bbdbf5490f8f57abe650da63661a0) C:\WINDOWS\system32\Drivers\VcommMgr.sys
    2011/08/03 14:36:40.0359 4000 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/08/03 14:36:40.0562 4000 VHidMinidrv (286322009f2b3ac055981c28dfb72ebf) C:\WINDOWS\system32\drivers\VHIDMini.sys
    2011/08/03 14:36:40.0937 4000 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2011/08/03 14:36:41.0218 4000 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/08/03 14:36:41.0468 4000 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/08/03 14:36:41.0859 4000 VPCAppSv (7bf783faf307bc04130b36b4f76e5f3d) C:\WINDOWS\system32\DRIVERS\VPCAppSv.sys
    2011/08/03 14:36:42.0203 4000 vsbus (7b9085a650186a66832c9610096dba56) C:\WINDOWS\system32\DRIVERS\vsb.sys
    2011/08/03 14:36:42.0546 4000 vserial (3c2b0d54a0ae00f0b7a88cc4a3c46634) C:\WINDOWS\system32\DRIVERS\vserial.sys
    2011/08/03 14:36:43.0109 4000 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/08/03 14:36:43.0343 4000 wceusbsh (dc7f91b2ed24a738c807ea07f298928c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
    2011/08/03 14:36:43.0718 4000 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    2011/08/03 14:36:44.0296 4000 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/08/03 14:36:44.0671 4000 WinDriver6 (22db0dcb37e73195d9fe43b2480b884f) C:\WINDOWS\system32\drivers\windrvr6.sys
    2011/08/03 14:36:45.0515 4000 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2011/08/03 14:36:45.0781 4000 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/08/03 14:36:46.0078 4000 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/08/03 14:36:46.0515 4000 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/08/03 14:36:46.0781 4000 wylz (c51123a9f5fde288b0d6dcd0865f673b) C:\WINDOWS\system32\drivers\wylz.sys
    2011/08/03 14:36:52.0296 4000 ZD1211U(ZyDAS) (748ebbf816261873307695d02989e78a) C:\WINDOWS\system32\DRIVERS\zd1211u.sys
    2011/08/03 14:36:52.0593 4000 ZDBRGSYS (f506a40dc8890f61cc6660efbecc0810) C:\WINDOWS\system32\ZDBRGSYS.SYS
    2011/08/03 14:36:53.0343 4000 ZDPNDIS5 (29c917279d79848b3dd94909fc00e2a8) C:\WINDOWS\system32\ZDPNDIS5.SYS
    2011/08/03 14:36:53.0921 4000 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    2011/08/03 14:36:54.0171 4000 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    2011/08/03 14:36:54.0218 4000 Boot (0x1200) (b43e4a73f8ef8ea4f854a2b15af269b3) \Device\Harddisk0\DR0\Partition0
    2011/08/03 14:36:54.0250 4000 Boot (0x1200) (34f6216cf37d8a5012a1d03ff716c7df) \Device\Harddisk1\DR1\Partition0
    2011/08/03 14:36:54.0296 4000 Boot (0x1200) (6a0396aeeea8a354e8e25b30d9122080) \Device\Harddisk1\DR1\Partition1
    2011/08/03 14:36:54.0328 4000 ================================================================================
    2011/08/03 14:36:54.0328 4000 Scan finished
    2011/08/03 14:36:54.0328 4000 ================================================================================
    2011/08/03 14:36:54.0375 2436 Detected object count: 0
    2011/08/03 14:36:54.0375 2436 Actual detected object count: 0
  • Hoi sprokkie, we gaan verder:

    [b:a9b00438dd]Stap •1•[/b:a9b00438dd][/color:a9b00438dd]
    Sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:a9b00438dd]Fix checked[/b:a9b00438dd] klikt!


    Start nu HijackThis en klik op de knop [b:a9b00438dd]Do a Scan only,

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:51111[/b:a9b00438dd]

    [list:a9b00438dd][*:a9b00438dd] zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen
    [*:a9b00438dd] Sluit nu de webbrowser en vervolgens klik je daarna op de knop [b:a9b00438dd]Fix checked[/b:a9b00438dd]
    [*:a9b00438dd] Klik hierna HijackThis op uit.[/list:u:a9b00438dd]
    [b:a9b00438dd]Stap •2•[/b:a9b00438dd][/color:a9b00438dd]
    [b:a9b00438dd]Welk programma[/b:a9b00438dd]: ComboFix
    [b:a9b00438dd]Waarvoor/waarom[/b:a9b00438dd]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:a9b00438dd]Moeilijkheidsgraad[/b:a9b00438dd]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:a9b00438dd]Downloadlokatie[/b:a9b00438dd]: Dit programma absoluut naar het bureaublad downloaden!
    [b:a9b00438dd]Download ComboFix via één van deze locaties[/b:a9b00438dd]:
    [list:a9b00438dd][*:a9b00438dd][b:a9b00438dd]Bleepingcomputer[/b:a9b00438dd]
    [*:a9b00438dd][b:a9b00438dd]ForoSpyware[/b:a9b00438dd]
    [*:a9b00438dd][b:a9b00438dd]Geekstogo[/b:a9b00438dd][/list:u:a9b00438dd]
    [b:a9b00438dd]Hier[/b:a9b00438dd] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:a9b00438dd]Hier[/b:a9b00438dd] en [b:a9b00438dd]hier[/b:a9b00438dd] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:a9b00438dd]Voor alle duidelijkheid nogmaals[/b:a9b00438dd]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:a9b00438dd]Opmerkingen[/b:a9b00438dd]:
    [list:a9b00438dd][*:a9b00438dd] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:a9b00438dd]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:a9b00438dd]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:a9b00438dd]
    [b:a9b00438dd]ComboFix is opgestart[/b:a9b00438dd]:
    [list:a9b00438dd][*:a9b00438dd]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:a9b00438dd]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:a9b00438dd]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:a9b00438dd]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:a9b00438dd]Post de inhoud van dit logbestand in je volgende bericht.
    [*:a9b00438dd]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:a9b00438dd]
    [b:a9b00438dd]Belangrijke opmerking[/b:a9b00438dd]:
    [list:a9b00438dd][*:a9b00438dd][b:a9b00438dd]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:a9b00438dd][/b:a9b00438dd]
    [*:a9b00438dd][b:a9b00438dd]Illegal operation attempted on a registery key that has been marked for deletion.[/color:a9b00438dd][/b:a9b00438dd]
    [*:a9b00438dd][b:a9b00438dd]Start dan de computer opnieuw op.[/color:a9b00438dd][/b:a9b00438dd][/list:u:a9b00438dd]
  • Zo, de combofix uitgevoerd.
    hieronder het logfile.

    ik had alles 4us scanners uitgezet zoals de linkjes omschreven.
    kreeg toch een melding dat norton actief was.

    De norton removal tool erover heen gehaalt en toen ging het goed.

    combofix log:

    ComboFix 11-08-03.02 - Ferry 03-08-2011 16:14:44.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.569 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Ferry\Bureaublad\ComboFix.exe
    AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\5959xdat.exe
    c:\ati technologies\ATI Control Panel\atiptaxx.exe
    C:\Autorun.exe
    C:\Autorun.inf
    C:\Autorun.ini
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\Ferry\Application Data\Adobe\plugs
    c:\documents and settings\Ferry\Application Data\Adobe\shed
    c:\documents and settings\Ferry\Application Data\Autorun.vbs
    c:\documents and settings\Ferry\Application Data\chrtmp
    c:\documents and settings\Ferry\Application Data\delme.bat
    c:\documents and settings\Ferry\Application Data\Ferrylog.dat
    c:\documents and settings\Ferry\Application Data\Sysutils_Update
    c:\documents and settings\Ferry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    c:\documents and settings\Ferry\Local Settings\Application Data\PanelClix Software\PanelClix Software.exe
    c:\documents and settings\Ferry\lu0001.bin
    c:\documents and settings\Ferry\Mijn documenten\DPE.DUS
    c:\documents and settings\Ferry\Mijn documenten\Readiris.DUS
    c:\documents and settings\Ferry\Onlangs geopend\SIP000BFD90922A.cnf
    c:\documents and settings\Ferry\Onlangs geopend\Thumbs.db
    c:\documents and settings\Ferry\UserData\W3BJQCPD
    c:\documents and settings\Ferry\WINDOWS
    c:\documents and settings\Gast\WINDOWS
    c:\documents and settings\LocalService\Application Data\Install.dat
    C:\kill.exe
    c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
    c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    c:\program files\Common Files\InstallShield\UpdateService\ISUSPM .exe
    c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    c:\program files\install_piet.exe
    c:\program files\install_piet.exe\piet_107.exe
    c:\program files\install_piet.exe\sint_200.exe
    c:\program files\iTunes\iTunesHelper.exe
    c:\program files\Java\jre6\bin\jusched.exe
    c:\program files\Logitech\Video\ISStart.exe
    c:\program files\Logitech\Video\LogiTray.exe
    c:\program files\Malwarebytes' Anti-Malware\mbam .exe
    c:\program files\Malwarebytes' Anti-Malware\mbam .exe
    c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    c:\program files\McAfee\Common Framework\UdaterUI.exe
    c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    c:\program files\messenger\msmsgsin.exe
    c:\program files\Microsoft ActiveSync\Wcescomm .exe
    C:\Thumbs.db
    c:\windows\5359-8621-2429-7641-5702
    c:\windows\5359-8621-2429-7641-5702\ActiveUser.SLS
    c:\windows\5359-8621-2429-7641-5702\CheckOut.SLS
    c:\windows\5359-8621-2429-7641-5702\Licence.SLS
    c:\windows\Downloaded Program Files\popcaploader.dll
    c:\windows\Downloaded Program Files\popcaploader.inf
    c:\windows\IsUn0413.exe
    c:\windows\iun6002.exe
    c:\windows\system\VI30AUT.DLL
    c:\windows\system32\_002687_.tmp.dll
    c:\windows\system32\ccrpTmr6.dll
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\Ijl11.dll
    c:\windows\system32\regobj.dll
    c:\windows\system32\win.ini
    c:\windows\system32\winsusrm.dll
    c:\windows\system32\winsusrx.dll
    c:\windows\unin0407.exe
    c:\windows\unin0413.exe
    .
    [code:1:69801cf11c] <pre>
    c:\ati technologies\ATI Control Panel\atiptaxx .exe —^> c:\ati technologies\ATI Control Panel\atiptaxx.exe
    </pre> [/code:1:69801cf11c]
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ——-\Legacy_SSHNAS
    ——-\Service_SwitchBoard
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-07-03 to 2011-08-03 ))))))))))))))))))))))))))))))
    .
    .
    2011-08-02 18:54 . 2011-08-02 19:05 ——– d—–w- c:\documents and settings\NetworkService\Favorieten
    2011-08-02 18:45 . 2011-08-03 08:34 ——– d—–w- c:\documents and settings\Ferry\Application Data\Ifla
    2011-08-02 18:45 . 2011-08-02 18:45 ——– d—–w- c:\documents and settings\Ferry\Application Data\Qiavaw
    2011-08-01 08:46 . 2011-04-25 16:05 743424 ——w- c:\windows\system32\dllcache\iedvtool.dll
    2011-08-01 08:44 . 2011-04-21 13:37 105472 ——w- c:\windows\system32\dllcache\mup.sys
    2011-08-01 08:40 . 2010-11-02 15:17 40960 ——w- c:\windows\system32\dllcache
    dproxy.sys
    2011-08-01 08:40 . 2010-10-11 14:59 45568 ——w- c:\windows\system32\dllcache\wab.exe
    2011-08-01 08:39 . 2010-09-18 06:53 954368 ——w- c:\windows\system32\dllcache\mfc40.dll
    2011-08-01 08:39 . 2010-09-18 06:53 953856 ——w- c:\windows\system32\dllcache\mfc40u.dll
    2011-08-01 08:39 . 2011-02-08 13:33 978944 ——w- c:\windows\system32\dllcache\mfc42.dll
    2011-08-01 08:38 . 2010-08-23 16:13 617472 ——w- c:\windows\system32\dllcache\comctl32.dll
    2011-08-01 08:37 . 2010-06-18 13:36 3558912 ——w- c:\windows\system32\dllcache\moviemk.exe
    2011-08-01 08:35 . 2010-06-14 14:31 744448 ——w- c:\windows\system32\dllcache\helpsvc.exe
    2011-08-01 08:34 . 2010-02-12 10:03 293376 ——w- c:\windows\system32\browserchoice.exe
    2011-07-29 23:46 . 2011-07-13 03:39 6881616 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{1F29533C-446C-42FD-997D-320428C36726}\mpengine.dll
    2011-07-22 07:27 . 2011-07-22 07:27 64000 —-a-w- c:\windows\system32\ieframe.oca
    2011-07-22 07:27 . 2011-07-22 07:27 29184 —-a-w- c:\windows\system32\MSINET.oca
    2011-07-18 14:52 . 2011-07-18 14:58 ——– d—–w- c:\program files\GPSBabel
    2011-07-15 10:42 . 2011-07-15 10:42 ——– d—–w- c:\documents and settings\Ferry\Application Data\Rovio
    2011-07-13 15:07 . 2011-07-13 15:07 ——– d—–w- c:\documents and settings\Ferry\Local Settings\Application Data\TopoGrafix
    2011-07-13 15:07 . 2011-07-16 17:45 ——– d—–w- c:\program files\EasyGPS
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-31 20:34 . 2004-02-18 16:01 21504 —ha-w- c:\documents and settings\Ferry\Application Data\Microsoft\Emulator for Windows CE\VPCKeyboard.dll
    2011-07-22 07:27 . 2004-02-13 06:46 90624 —-a-w- c:\windows\system32\MSHFLXGD.oca
    2011-07-22 07:27 . 2004-02-13 06:46 35840 —-a-w- c:\windows\system32\MSADODC.oca
    2011-07-22 07:27 . 2004-02-13 06:46 69632 —-a-w- c:\windows\system32\MSDATLST.oca
    2011-07-22 07:27 . 2004-02-12 18:50 35328 —-a-w- c:\windows\system32\COMCT332.oca
    2011-07-22 07:27 . 2004-02-13 06:46 65536 —-a-w- c:\windows\system32\MSDATGRD.oca
    2011-07-22 07:27 . 2004-02-13 06:46 17408 —-a-w- c:\windows\system32\SYSINFO.oca
    2011-07-22 07:27 . 2004-02-13 06:46 63488 —-a-w- c:\windows\system32\MCI32.oca
    2011-07-22 07:27 . 2004-02-13 06:46 18944 —-a-w- c:\windows\system32\picclp32.oca
    2011-07-22 07:27 . 2004-02-13 06:46 43008 —-a-w- c:\windows\system32\MSMAPI32.oca
    2011-07-22 07:27 . 2004-02-13 06:46 166400 —-a-w- c:\windows\system32\MSCHRT20.oca
    2011-07-22 07:27 . 2004-02-13 00:54 64000 —-a-w- c:\windows\system32\richtx32.oca
    2011-07-22 07:27 . 2004-02-12 18:50 135168 —-a-w- c:\windows\system32\MSCOMCT2.oca
    2011-07-22 07:27 . 2004-02-12 18:50 265728 —-a-w- c:\windows\system32\MSCOMCTL.oca
    2011-07-22 07:27 . 2004-02-13 06:46 35840 —-a-w- c:\windows\system32\COMDLG32.oca
    2011-07-22 07:27 . 2004-02-13 06:46 76288 —-a-w- c:\windows\system32\MSFLXGRD.oca
    2011-07-22 07:27 . 2004-02-13 00:54 43008 —-a-w- c:\windows\system32\TABCTL32.oca
    2011-07-22 07:24 . 2004-02-12 15:53 22016 —-a-w- c:\windows\system32\mswinsck.oca
    2011-07-13 03:39 . 2007-12-19 11:48 6881616 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2011-07-09 20:10 . 2006-11-24 23:24 286720 ——w- c:\windows\Setup1.exe
    2011-07-06 17:52 . 2010-12-23 23:03 41272 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 17:52 . 2010-12-23 23:02 22712 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-06 11:35 . 2003-01-29 13:46 1859072 —-a-w- c:\windows\system32\win32k.sys
    2011-05-24 17:14 . 2009-10-03 00:14 222080 ——w- c:\windows\system32\MpSigStub.exe
    2011-05-22 19:42 . 2011-05-22 19:42 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2007-07-24 17:03 . 2007-07-24 17:03 118784 —-a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
    2011-06-26 19:52 . 2011-03-22 18:49 142296 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    [code:1:69801cf11c]<pre>
    c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
    </pre>[/code:1:69801cf11c]
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM .exe -startup" [X]
    "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [N/A]
    "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [N/A]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [N/A]
    "ATIPTA"="c:\ati technologies\ATI Control Panel\atiptaxx.exe" [2002-12-19 294912]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [N/A]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "RenderDib"= {c8c9d3ae-b292-4acf-9861-65f512a930cd} - c:\program files\Common Files\Render\RenderDib.dll [2010-09-20 98304]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Acrobat Assistant.lnk]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Acrobat Speed Launcher.lnk]
    backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]
    backup=c:\windows\pss\BTTray.lnkCommon Startup
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\BTTray.lnk
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^hp psc 2000 Series.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\hp psc 2000 Series.lnk
    backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^hpoddt01.exe.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\hpoddt01.exe.lnk
    backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^NDAS Device Management.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\NDAS Device Management.lnk
    backup=c:\windows\pss\NDAS Device Management.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Nikon Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Nikon Monitor.lnk
    backup=c:\windows\pss\Nikon Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^officejet 6100.lnk]
    backup=c:\windows\pss\officejet 6100.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ZDWLan Utility.lnk]
    backup=c:\windows\pss\ZDWLan Utility.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Ferry^Menu Start^Programma's^Opstarten^Marktplaats Zoekassistent.lnk]
    path=c:\documents and settings\Ferry\Menu Start\Programma's\Opstarten\Marktplaats Zoekassistent.lnk
    backup=c:\windows\pss\Marktplaats Zoekassistent.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Ferry^Menu Start^Programma's^Opstarten^OpenOffice.org 1.1.4.lnk]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Ferry^Menu Start^Programma's^Opstarten^Registration-InstantCopy.lnk]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Classes
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneDVDElbyDelay
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eyeball Chat
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logsys32
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    c:\program files\QuickTime\QTTask .exe -atboottime [X]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runwindiagx
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVRCtrl
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4Y3Y0C3A9F7XWW5EACFH]
    c:\recycle.bin\B6232F3A731.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2010-03-06 02:44 500208 ——w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
    c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
    2010-10-27 14:07 648536 —-a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
    2008-04-14 17:03 110592 —-a-w- c:\windows\system32\bthprops.cpl
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
    2002-11-02 06:33 45056 —-a-w- c:\clonecd\ElbyCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlrblckr.exe]
    2006-04-26 08:04 57460 —-a-w- c:\program files\Gigaset DECT\gigaset-m34-usb\dlrblckr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FBNxmDRPqdqEo.exe]
    c:\docume~1\Ferry\LOCALS~1\Temp\FBNxmDRPqdqEo.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    c:\documents and settings\Ferry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    c:\program files\Microsoft ActiveSync\Wcescomm .exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    c:\program files\iTunes\iTunesHelper.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JP595IR86O]
    c:\docume~1\Ferry\LOCALS~1\Temp\Es1.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keymap.exe]
    2006-04-26 08:07 167936 —-a-w- c:\program files\Gigaset DECT\gigaset-m34-software\keymap.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    2004-10-08 10:06 196608 —-a-w- c:\program files\Logitech\Video\ManifestEngine.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    c:\program files\Logitech\Video\ISStart.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    2004-10-08 09:52 221184 —-a-w- c:\windows\system32\LVCOMSX.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
    c:\program files\Malwarebytes' Anti-Malware\mbam.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
    c:\program files\McAfee\Common Framework\UdaterUI.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\messengerservice.exe]
    2006-04-26 08:13 356352 —-a-w- c:\program files\Gigaset DECT\gigaset-m34-software\messengerservice.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    c:\program files\MSN Messenger\msnmsgr.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 13:57 153136 —-a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PanelClix Software]
    c:\documents and settings\Ferry\Local Settings\Application Data\PanelClix Software\PanelClix Software.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    d:
    okia\Nokia PC Suite 6\LaunchApplication.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    2003-05-28 14:37 394240 —-a-w- c:\windows\system32\PSDrvCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    c:\program files\Real\RealPlayer\RealPlay.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Redirector]
    2006-09-25 08:38 115712 —-a-w- c:\program files\Lantronix\Redirector\red32.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
    2002-04-17 08:42 69632 —-a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2006-07-06 16:53 20034600 —-a-w- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\skypeclient.exe]
    2006-04-26 08:15 622592 —-a-w- c:\program files\Gigaset DECT\gigaset-m34-software\skypeclient.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    c:\program files\Java\jre6\bin\jusched.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2007-10-10 05:28 36352 —-a-w- c:\program files\Winamp\winampa.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2011-08-02 18:44 39940 —-a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "UPS"=3 (0x3)
    "SNMPTRAP"=3 (0x3)
    "SNMP"=2 (0x2)
    "S2000 Manager Service"=3 (0x3)
    "PestPatrol Remote"=2 (0x2)
    "Neon Responder"=2 (0x2)
    "IPCOMM Service"=3 (0x3)
    "Database Manager Service"=3 (0x3)
    "Ati HotKey Poller"=2 (0x2)
    "ISEXEng"=2 (0x2)
    "Gateway Manager Service"=3 (0x3)
    "NetOp Host for NT Service"=2 (0x2)
    "gupdatem"=3 (0x3)
    "gupdate1c985d469fb84d5"=2 (0x2)
    "ComRedirSvc"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\mirc\\mirc_bloem\\Bloem!\\mirc.exe"=
    "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\poc\\pocxxl\\bin\\pocxxl.exe"=
    "c:\\wincmd\\wincmd32.exe"=
    "c:\\Program Files\\logivert\\cataloge.exe"=
    "c:\\Program Files\\VoipBuster.com\\VoipBuster\\voipbuster.exe"=
    "c:\\uTorrent\\utorrent.exe"=
    "c:\\Program Files\\Danware Data\\NetOp Remote Control\\HOST\\Nhstw32.exe"=
    "c:\\Program Files\\Danware Data\\NetOp Remote Control\\GUEST\\Ngstw32.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\FRITZ!DSL\\IGDCTRL.EXE"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\WinAgents\\TFTP Server 4\\TftpServerManager.exe"=
    "c:\\Program Files\\Common Files\\WinAgents\\TftpService.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
    "c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
    "d:\\Office Password Recovery PRO\\OfficePasswordRecoveryPRO.exe"=
    "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
    "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
    "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
    "c:\\DroidCam\\DroidCamApp.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:@xpsp2res.dll,-22017
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "123:UDP"= 123:UDP:NTPSERVER
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "69:UDP"= 69:UDP:TFTP Transmissions Port
    "12000:TCP"= 12000:TCP:WinAgents TFTP Server Administration Port
    "21:TCP"= 21:TCP:21
    "22:TCP"= 22:TCP:22
    "23:TCP"= 23:TCP:23
    "1104:TCP"= 1104:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [16-4-2005 0:09 158720]
    R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [16-4-2005 0:09 5248]
    R1 NHostNT1;NetOp Driver 1 ver. 9.00 (2006161);c:\windows\system32\drivers\NHOSTNT1.SYS [14-10-2006 13:04 91408]
    R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [7-1-2008 19:13 143184]
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [7-1-2008 19:13 41936]
    R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16-9-2008 12:03 169312]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [29-1-2003 15:46 14336]
    R2 Iprip;RIP-listener;c:\windows\System32\svchost.exe -k netsvcs [29-1-2003 15:46 14336]
    R2 VPCAppSv;Virtual PC Application Services;c:\windows\system32\drivers\VPCAppSv.sys [21-5-2002 3:31 10374]
    R2 WinAgentsTftpService4;WinAgents TFTP Service 4;c:\program files\Common Files\WinAgents\TftpService.exe [20-6-2008 19:30 94208]
    R3 BT848;TV Capture Card WDM Video Capture;c:\windows\system32\drivers\BT848.sys [10-5-2003 22:25 212186]
    R3 BTTUNER;TV Capture Card WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [10-5-2003 22:25 10062]
    R3 BTXBAR;TV Capture Card WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [10-5-2003 22:25 7788]
    R3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\drivers\droidcam.sys [26-1-2011 0:45 21248]
    R3 NHOSTNT3;NetOp Driver 3 ver. 9.00 (2006161) (NHOSTNT3);c:\windows\system32\drivers\NHOSTNT3.SYS [14-10-2006 13:04 3216]
    R3 STAC97NA;SigmaTel 3D Environmental Audio;c:\windows\system32\drivers\stac97na.sys [20-9-2002 19:42 296179]
    R3 STAC97NH;STAC97NH;c:\windows\system32\drivers\stac97nh.sys [20-9-2002 19:43 231855]
    S1 wylz;Microsoft wylz support;c:\windows\system32\drivers\wylz.sys [29-1-2003 15:45 54656]
    S2 Parclass;Parclass;c:\windows\system32\drivers\PARCLASS.SYS [28-12-2003 10:14 20912]
    S2 SVKP;SVKP;\??\c:\windows\System32\SVKP.sys –> c:\windows\System32\SVKP.sys [?]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 20:19 13592]
    S3 Atkcfg;Cordless Device Configuration;c:\windows\system32\drivers\atkcfg.sys [17-7-2006 8:44 46592]
    S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [3-12-2007 11:00 35824]
    S3 CprDrvr;Driver for Lantronix CPR Device;c:\windows\system32\drivers\CprDrvr.sys [15-7-2009 18:10 137080]
    S3 Gig5gu;Cordless Internet Access;c:\windows\system32\drivers\gig5gu.sys [17-7-2006 8:45 55680]
    S3 Gigsrf;Cordless Device Line Access;c:\windows\system32\drivers\gigsrf.sys [17-7-2006 8:46 94592]
    S3 Gigtnc;Cordless PC Control;c:\windows\system32\drivers\gigtnc.sys [17-7-2006 8:47 45440]
    S3 IRIS5;IRIS5 Protocol Driver;c:\windows\system32\iris5.sys [12-6-2005 12:53 16191]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [24-12-2010 1:03 41272]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers
    pf.sys [25-1-2007 19:31 42000]
    S3 PanelMgr Service;Invise Panel Manager Service;c:\invise\PANELMGR.EXE –> c:\invise\PANELMGR.EXE [?]
    S3 siellif;siellif;c:\windows\system32\drivers\siellif.sys [17-7-2006 8:45 113408]
    S3 Sieupapp;Cordless Device Update;c:\windows\system32\drivers\sieupapp.sys [17-7-2006 8:44 32128]
    S3 Sieupdfu;Cordless Device in update mode;c:\windows\system32\drivers\sieupdfu.sys [17-7-2006 8:44 32000]
    S3 SR9USB;SR9600 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\sr9usb.sys [4-1-2011 11:32 14720]
    S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [3-12-2007 10:49 40788]
    S3 V90drv;v90drv;c:\windows\system32\drivers\v90drv.sys [1-1-1980 1:00 1432836]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [16-11-2009 0:00 100496]
    S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys –> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
    S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [15-11-2009 23:58 31824]
    S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;c:\windows\system32\ZDBRGSYS.sys [14-11-2007 21:14 19200]
    S4 ComRedirSvc;Com Port Redirector;c:\program files\Lantronix\Redirector\redirsvc.exe [15-7-2009 18:30 62976]
    S4 Database Manager Service;Invise Database Manager Service;c:\invise\DBMNGR.EXE –> c:\invise\DBMNGR.EXE [?]
    S4 Gateway Manager Service;Invise Gateway Manager Service;c:\invise\GWMNGR.EXE –> c:\invise\GWMNGR.EXE [?]
    S4 gupdate1c985d469fb84d5;Google Update Service (gupdate1c985d469fb84d5);c:\program files\Google\Update\GoogleUpdate.exe [9-12-2009 18:45 135664]
    S4 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9-12-2009 18:45 135664]
    S4 IPCOMM Service;Invise IPCOMM Service;c:\invise\IPCOMM.EXE –> c:\invise\IPCOMM.EXE [?]
    S4 Neon Responder;Neon Responder;c:\program files\Neon Software\Neon Responder\Neon Responder Service.exe [5-10-2004 20:47 71680]
    S4 NetOp Host for NT Service;NetOp Helper ver. 9.00 (2006161);c:\program files\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE [14-10-2006 13:04 1212688]
    S4 S2000 Manager Service;Invise S2000 Manager Service;c:\invise\S2KMNGR.EXE –> c:\invise\S2KMNGR.EXE [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-08-02 c:\windows\Tasks\AdobeAAMUpdater-1.0-KAYLEIGH-Ferry.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-11-10 02:44]
    .
    2011-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
    .
    2008-01-20 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2200 series272A572217594EBCF1CEE215E352B92AD073FDE4192894605.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 15:56]
    .
    2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 16:45]
    .
    2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 16:45]
    .
    2011-08-03 c:\windows\Tasks\Internet Explorer.job
    - c:\progra~1\INTERN~1\iexplore.exe [2003-01-29 13:09]
    .
    2011-08-02 c:\windows\Tasks\User_Feed_Synchronization-{02573661-3D2A-40BA-A08B-6223E90B83E9}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
    .
    2011-08-02 c:\windows\Tasks\{945AD0CC-3CC7-4FBA-B9D0-4797D3BF586A}_KAYLEIGH_Ferry.job
    - c:\windows\system32\mobsync.exe [2003-01-29 17:03]
    .
    2011-07-29 c:\windows\Tasks\{A7C3E735-1FA3-4F60-B895-4456D87947EB}_KAYLEIGH_Ferry.job
    - c:\windows\system32\mobsync.exe [2003-01-29 17:03]
    .
    2011-08-02 c:\windows\Tasks\{FA01C480-8AF9-47BB-929A-01BA2AA71C38}_KAYLEIGH_Ferry.job
    - c:\windows\system32\mobsync.exe [2003-01-29 17:03]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
    IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    IE: Create PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Ontvang alle bestanden door NetXfer - d:\xi\NetXfer\NXAddList.html
    IE: Ontvangst door NetXfer - d:\xi\NetXfer\NXAddLink.html
    IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    Trusted Zone: de1103.nl\www
    Trusted Zone: godaddy.com\www
    Trusted Zone: moodle.org
    Trusted Zone: omroep.nl\player
    TCP: Interfaces\{A6611BB4-7160-44C5-BA10-39F0CE43DFFA}: NameServer = 194.109.6.66,194.109.9.99
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://212.248.100.101:91/kxhcm10.ocx
    DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} - hxxp://www.skylinesoft.com/interactive/terraexplorer/install/TE.cab
    DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a01-b01.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB
    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game18.zylomgames.com/activex/zylomgamesplayer.cab
    DPF: {C6A03519-BA6F-438E-AF3A-878F11521CA5} - hxxp://patrick168.blogdns.com:8888/jpgview.cab
    DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} - hxxp://www.pixum.nl/apps/EasyUploadX.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://165.91.110.101:2010/activex/AMC.cab
    DPF: {E6644870-F140-11D4-B761-00D0B73F3C8E} - hxxp://172.16.100.18/activex/AxisCamMotionControl.ocx
    FF - ProfilePath - c:\documents and settings\Ferry\Application Data\Mozilla\Firefox\Profiles\h61h3f4e.default\
    FF - prefs.js: browser.search.selectedEngine - GoogIe
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
    FF - prefs.js: keyword.URL - hxxp://www.offos.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=I3Ci6mSt&q=
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    .
    ——- Bestandsassociaties ——-
    .
    .scr=AutoCADScriptFile
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Notify-winzoo32 - winzoo32.dll
    AddRemove-Alltrans 2.321 - c:\windows\unin0407.exe
    AddRemove-BlueVoda_Website_Builder_1.0 - c:\windows\iun6002.exe
    AddRemove-CADdy++ Elektrotechniek - c:\windows\IsUn0413.exe
    AddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exe
    AddRemove-P-touch Editor ver 3.2 - c:\windows\IsUn0413.exe
    AddRemove-{EF53DD60-C4E2-11DB-3D6C-167690F54AE1} - d:
    otation\Uninst_Notation Composer 2.6.1
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-08-03 16:51
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_USERS\S-1-5-21-670032213-539618579-1381881231-1005\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•¤|ÿÿÿÿ•¤|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OOCC06.00.00.01WSSV"="21F9DCE486D7DF2F2F3D153CE6496D98AA5498B46C8BDA36A574F77DDF38F7BF71281A5A9CC455BE484FB3A803A54DF289EDDDB4F94F95927E4D2F5B81F46858BE6EEA80D4AABCDB11C5C4D320C60AC06C542863BE9D2131FBFA18040E088DAF43BAA3015341942A3DA6DB232C85B3F221BFEA061015BCEEA58D2A3964F6F8AE5D11D73A1E905EC3A58950327591DD6F99FE5F92A7ABAE9E23249E6EC619BE361189E23DA17722B2441B3CD0B2ED1F8F69F201B4A2A73F05C2F7724DDB9C7A1A834EE3CE2CA66A783A9BFE7EF970939F4A11FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6678EDD5E5BE2F6E667A6A0AC4980AC79339DB7CE019D40AA5C4DA2724A801802E2879264AEF5BDA6A6CE9AE9A7E69FA1978AA6D4EB068D44009FB7852093C464B02F2D9DBF1D21D39066D33B50DB136B02DACDD1ED18F12A0AF8448A241B9459D98570B7153DC0491B286B547177E4A0128C549CC10C27AD889045A7803B3FD7980298237E8AA31AB36C7A109E1E8989097A5016DF182DF0B2E06CE731996EFD376092B49CBC41795B4FCA2940B7E593BEC0090615F7F63BD3271F3B89E1C40A969E81A4E7100841A532DCC390B053521DBF7B1582676A77CAE576F5AE4155E0AB7F3B90ABC3D6ED3EB66463A17C217AA21E58D39BA7E2B48BE2BF4D1BEBA888FD0DCB76851B06216146C872558B10E6E14304332A00B0259D297D5E9C183AAFA90FF03CE75E5B1EE08EA5BCE3DAD794FE5F960ACA3895A09B86E427D300F9A5E0171CA91B5816CEA0FCC975D9E3A0A5B6DFDC92EE9FC8A2B48CDE8D38E1CB5CE4F6F5ECB8D965C01C483AB116A78A6057FBD76ADA0876482D110AD5910288EC90C5D79330B46FA3DEE6AB6A4C2C252E402DBB9526453C56DAB0372E7F267B93CE5F4F15C3C2CD4D8A948DFC85F9781EEA3071FABEB22D312A46EB237197E5AF9F6321C60BDE8CB55553FBAA1C9CFDDF60849462E5ACD1E61976622BB02779469833C2676F68ACFA8666CC9AC0A5A2CABEF1767B3095A3233DA5071CD32660FCE0F7DD96304224DBFD5506D3F5294AD938809AD806D2913B3B7F7BB1C9EB3622B51B52D8E156DA40AA6CE3449540C9A893FC3BF123CE80A5CF711789D45389A366CCB196680D2E2F133D56BEC986EAFA2BF8431F1BF6C5FCCA2D602A8A3A60975800C29A80D9EE56D01B7F76921E6DB56DC8D31FCFBBAC7F8EA918F8D404B233026B009739AD6385901D3886C4AB8162DA8742967B94731092212DC170166A55728B98A2730043B292A00C6C07564D308B8F1688AA794F37619046346FDC69FB471EEE31E64EBC76AEC4B909D54B6CF0A9050CE2BDE8E59F1BBB3D64B845034BB52719A01F18EF0DCB70B4A0003D6A19734B1571EAE3D2"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'winlogon.exe'(924)
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'explorer.exe'(2380)
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Common Files\Render\RenderDib.dll
    c:\windows\system32\btncopy.dll
    c:\program files\WinSCP\DragExt.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\FRITZ!DSL\IGDCTRL.EXE
    c:\windows\system32\bgsvcgen.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\windows\System32\hpb2ksrv.exe
    c:\windows\System32\hpbhksrv.exe
    c:\windows\system32\lkcitdl.exe
    c:\windows\system32\lkads.exe
    c:\windows\system32\lktsrv.exe
    c:\program files\McAfee\Common Framework\FrameworkService.exe
    c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
    c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\program files\McAfee\Common Framework
    aPrdMgr.exe
    c:\program files\NDAS\System
    dassvc.exe
    d:
    ational instruments\Shared\Security
    idmsrv.exe
    c:\windows\system32
    isvcloc.exe
    c:\windows\System32\tcpsvcs.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\McAfee\VirusScan Enterprise\MCUPDATE.EXE
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-08-03 17:10:47 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-08-03 15:10
    .
    Pre-Run: 11.447.033.856 bytes beschikbaar
    Post-Run: 11.425.546.240 bytes beschikbaar
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - 105D4E6A1E372E3FE4C785C757E41EE1
  • Hoe gaat het inmiddels?
  • Ik wacht op nieuwe instructies van jou :)

    zoals je zelf al schreef:

    De fix, eenmaal gestart, moet afgewerkt worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.

    De pc lijkt een stukje sneller.
    Firefox zeker.

    Nog even over de 4us scanner
    ik heb mcafee corporate edition.
    Maar dat is volgens jou niet goed, welke moet ik dan hebben ?


    hieronder een verse hijachthis log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:40:17, on 3-8-2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\hpb2ksrv.exe
    C:\WINDOWS\System32\hpbhksrv.exe
    C:\WINDOWS\system32\lkcitdl.exe
    C:\WINDOWS\system32\lkads.exe
    C:\WINDOWS\system32\lktsrv.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\NDAS\System
    dassvc.exe
    D:\National Instruments\Shared\Security
    idmsrv.exe
    C:\WINDOWS\system32
    isvcloc.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\WinAgents\TftpService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Outlook Express\MSIMN.EXE
    C:\wincmd\wincmd32.exe
    C:\axis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - d:\Xi\NetXfer\NXIEHelper.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: WakoopaBHOClass Class - {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} - C:\Documents and Settings\Ferry\Local Settings\Application Data\Wakoopa Shared\WakoopaBHO.dll
    O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - d:\Xi\NetXfer\NXToolBar.dll
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
    O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    O8 - Extra context menu item: Create PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ontvang alle bestanden door NetXfer - D:\Xi\NetXfer\NXAddList.html
    O8 - Extra context menu item: Ontvangst door NetXfer - D:\Xi\NetXfer\NXAddLink.html
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O15 - Trusted Zone: http://www.de1103.nl
    O15 - Trusted Zone: http://www.godaddy.com
    O15 - Trusted Zone: http://*.moodle.org
    O15 - Trusted Zone: http://player.omroep.nl
    O15 - Trusted IP range: http://172.16.100.18
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://62.251.20.244:90/VatDec.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://212.248.100.101:91/kxhcm10.ocx
    O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
    O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.skylinesoft.com/interactive/terraexplorer/install/TE.cab
    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/pm/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab
    O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://81.204.25.231/home/SonySncRz30View.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264673400140
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264673381171
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://procam1.be.proserve.nl/activex/AMC.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI
    etail/DASAct.cab
    O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://77.161.40.48/bl_camera.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://172.16.100.18/activex/AxisCamControl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} (QuickUpload) - http://a01-b01.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
    O16 - DPF: {C6A03519-BA6F-438E-AF3A-878F11521CA5} (JpgView Control) - http://patrick168.blogdns.com:8888/jpgview.cab
    O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} (Pixum EasyUploadX Control) - http://www.pixum.nl/apps/EasyUploadX.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://165.91.110.101:2010/activex/AMC.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v10_nl.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O16 - DPF: {E6644870-F140-11D4-B761-00D0B73F3C8E} (CamImage Class) - http://172.16.100.18/activex/AxisCamMotionControl.ocx
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4539/mcfscan.cab
    O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A6611BB4-7160-44C5-BA10-39F0CE43DFFA}: NameServer = 194.109.6.66,194.109.9.99
    O21 - SSODL: RenderDib - {c8c9d3ae-b292-4acf-9861-65f512a930cd} - C:\Program Files\Common Files\Render\RenderDib.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c985d469fb84d5) (gupdate1c985d469fb84d5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Status - Hewlett-Packard Company - C:\WINDOWS\System32\hpb2ksrv.exe
    O23 - Service: HP Status Print - Hewlett-Packard Company - C:\WINDOWS\System32\hpbhksrv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System
    dassvc.exe
    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - D:\National Instruments\Shared\Security
    idmsrv.exe
    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32
    isvcloc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Invise Panel Manager Service (PanelMgr Service) - Unknown owner - C:\Invise\PANELMGR.EXE (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: WinAgents TFTP Service 4 (WinAgentsTftpService4) - WinAgents Software Group - C:\Program Files\Common Files\WinAgents\TftpService.exe


    End of file - 18004 bytes


    grt,
    Sprokkie
  • Wees niet bang dat ik jou in de steek laat!
    Doe het volgende eerst:

    sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:86c270c230]Fix checked[/b:86c270c230] klikt!

    Start nu HijackThis en klik op de knop [b:86c270c230]Do a Scan only,

    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab[/b:86c270c230]

    [list:86c270c230][*:86c270c230] zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen
    [*:86c270c230] Sluit nu de webbrowser en vervolgens klik je daarna op de knop [b:86c270c230]Fix checked[/b:86c270c230]
    [*:86c270c230] Klik hierna HijackThis op uit.[/list:u:86c270c230]


    Daarna gaje verder met onderstaande:

    [b:86c270c230]Doe de ESET online scan (Klik).[/b:86c270c230]
    [list:86c270c230]
    [*:86c270c230]Klik op de knop [b:86c270c230]ESET Online Scanner[/b:86c270c230]
    [*:86c270c230]Zet een vinkje bij [b:86c270c230]YES, I accept the Terms of Use[/b:86c270c230]
    [*:86c270c230]Klik op [b:86c270c230]Start[/b:86c270c230]
    [*:86c270c230]Sta het ActiveX control toe om te installeren.
    [*:86c270c230]Klik op [b:86c270c230]"Advanced settings"[/b:86c270c230]
    [*:86c270c230]Zet een vinkje bij de volgende opties:
    [list:86c270c230][*:86c270c230][b:86c270c230]Remove found threats[/b:86c270c230]
    [*:86c270c230][b:86c270c230]Scan archives[/b:86c270c230]
    [*:86c270c230][b:86c270c230]Scan for potentially unwanted applications[/b:86c270c230]
    [*:86c270c230][b:86c270c230]Scan for potentially unsafe applications[/b:86c270c230]
    [*:86c270c230][b:86c270c230]Enable Anti-Stealth technology [/b:86c270c230][/list:u:86c270c230]
    [*:86c270c230]Klik op [b:86c270c230]Start[/b:86c270c230]
    [*:86c270c230]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
    [*:86c270c230]Je mag het venster sluiten wanneer de scan klaar is.
    [*:86c270c230]Gebruik [b:86c270c230]Kladblok[/b:86c270c230] om het logje te openen. Dit logje vind je in de lokatie C:\Program Files\EsetOnlineScanner\[b:86c270c230]log.txt[/b:86c270c230]
    [*:86c270c230]Kopieer en plak de inhoud van dit logje in je volgende bericht.[/list:u:86c270c230]
    N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller!
  • Ik gebruik firefox.
    Eset online scanner moest eerst een programma installeren, maar nu loopt hij.

    Waarom moet ik steeds alle browserwindow's sluiten voordat ik op fix druk bij hijackthis ?

    grt,
    Sprokkie
  • Heel simpel: als browservensters open blijven staan kunnen bepaalde fixes via HijackThis niet gerealiseerd worden, omdat de openstaande browser in gebruik is!
  • ah op die manier.

    de eset scan in nu een halfuurtje bezig heeft al 2 threats gevonden.

    Welke 4us scanner raad jij aan ?
    Ik heb slecht ervaringen met norton en avg op deze computer.
    Het ding werd er traag van
    Met mcafee ging het het beste op deze computer.

    grt,
    Sprokkie
  • eindelijk klaar…..

    Er stond wel scan stopped by user.
    Ik heb gewoon gewacht, de machine stond in screensaver en ik heb op de spatiebalk gedrukt om de computer weer uit de screensaver te halen.
    Ik hoop niet dat het negatieve consequenties heeft.

    logfile eset

    C:\axis\winscp429setup.exe Win32/OpenCandy application deleted - quarantined
    C:\axis\prtable flash boot\Portable FlashBoot 1.4.0.157.exe probably a variant of Win32/Agent.FMXSNWH trojan deleted - quarantined
    C:\Documents and Settings\Ferry\Application Data\Sun\Java\Deployment\cache\6.0\47\733c74af-7952e51a a variant of Win32/Kryptik.RBH trojan cleaned by deleting - quarantined
    C:\Program Files\Cain\Abel.dll Win32/CainAbel application cleaned by deleting - quarantined
    C:\Program Files\Cain\Abel.exe a variant of Win32/CainAbel.AA application cleaned by deleting - quarantined
    C:\Program Files\Common Files\Render\RenderDib.dll a variant of Win32/Sefnit.AD trojan cleaned by deleting (after the next restart) - quarantined


    ***********************************************************
    **** vers hijackthis log ****
    ***********************************************************


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:24:02, on 4-8-2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\hpb2ksrv.exe
    C:\WINDOWS\System32\hpbhksrv.exe
    C:\WINDOWS\system32\lkcitdl.exe
    C:\WINDOWS\system32\lkads.exe
    C:\WINDOWS\system32\lktsrv.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\NDAS\System
    dassvc.exe
    D:\National Instruments\Shared\Security
    idmsrv.exe
    C:\WINDOWS\system32
    isvcloc.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\WinAgents\TftpService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\axis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - d:\Xi\NetXfer\NXIEHelper.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: WakoopaBHOClass Class - {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} - C:\Documents and Settings\Ferry\Local Settings\Application Data\Wakoopa Shared\WakoopaBHO.dll
    O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - d:\Xi\NetXfer\NXToolBar.dll
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
    O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    O8 - Extra context menu item: Create PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ontvang alle bestanden door NetXfer - D:\Xi\NetXfer\NXAddList.html
    O8 - Extra context menu item: Ontvangst door NetXfer - D:\Xi\NetXfer\NXAddLink.html
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O15 - Trusted Zone: http://www.de1103.nl
    O15 - Trusted Zone: http://www.godaddy.com
    O15 - Trusted Zone: http://*.moodle.org
    O15 - Trusted Zone: http://player.omroep.nl
    O15 - Trusted IP range: http://172.16.100.18
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://62.251.20.244:90/VatDec.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://212.248.100.101:91/kxhcm10.ocx
    O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
    O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.skylinesoft.com/interactive/terraexplorer/install/TE.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/pm/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab
    O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://81.204.25.231/home/SonySncRz30View.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264673400140
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264673381171
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://procam1.be.proserve.nl/activex/AMC.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI
    etail/DASAct.cab
    O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://77.161.40.48/bl_camera.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://172.16.100.18/activex/AxisCamControl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} (QuickUpload) - http://a01-b01.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
    O16 - DPF: {C6A03519-BA6F-438E-AF3A-878F11521CA5} (JpgView Control) - http://patrick168.blogdns.com:8888/jpgview.cab
    O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} (Pixum EasyUploadX Control) - http://www.pixum.nl/apps/EasyUploadX.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://165.91.110.101:2010/activex/AMC.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v10_nl.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O16 - DPF: {E6644870-F140-11D4-B761-00D0B73F3C8E} (CamImage Class) - http://172.16.100.18/activex/AxisCamMotionControl.ocx
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4539/mcfscan.cab
    O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A6611BB4-7160-44C5-BA10-39F0CE43DFFA}: NameServer = 194.109.6.66,194.109.9.99
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c985d469fb84d5) (gupdate1c985d469fb84d5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Status - Hewlett-Packard Company - C:\WINDOWS\System32\hpb2ksrv.exe
    O23 - Service: HP Status Print - Hewlett-Packard Company - C:\WINDOWS\System32\hpbhksrv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System
    dassvc.exe
    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - D:\National Instruments\Shared\Security
    idmsrv.exe
    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32
    isvcloc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Invise Panel Manager Service (PanelMgr Service) - Unknown owner - C:\Invise\PANELMGR.EXE (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: WinAgents TFTP Service 4 (WinAgentsTftpService4) - WinAgents Software Group - C:\Program Files\Common Files\WinAgents\TftpService.exe


    End of file - 17733 bytes


    grtn,

    Sprokkie
  • Hoi Sprokkie, als je Norton van voor 2008 in jouw windows had, verbaast het mij niet dat je WIndows langzamer er door werd.
    En ook AVG rust nog steeds behoorlijk zwaar op Windows.

    Norton zelf heeft in 2008 het roer volledig omgegooid en is sindsdien een van de lichtst in Windows draaien antivirusprogramma's!

    McAfee sucks, het tool heeft een aller miserabelste virusherkenning, net zoals Norman!

    Dan doet het gratis Microsoft Security Essentials het beter!

    De top koop antivirusprogramma's zijn Bitdefender, Norton, G-DATA, F-Secure.


    Doe nu dit:

    [b:c9079c82db]Welk programma[/b:c9079c82db]: "aswMBR.exe'
    [b:c9079c82db]Waarvoor/waarom[/b:c9079c82db]: MBR-Rootkitscanner
    [b:c9079c82db]Moeilijkheidsgraad[/b:c9079c82db]: geen
    [b:c9079c82db]Downloadlokatie[/b:c9079c82db]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
    [b:c9079c82db]Download[/b:c9079c82db] [b:c9079c82db]aswMBR.exe[/b:c9079c82db] [b:c9079c82db]hier[/b:c9079c82db].


    [b:c9079c82db]aswMBR.exe gebruiken[/b:c9079c82db]:
    [list:c9079c82db][*:c9079c82db]Windows 2000 en Windows XP: start "aswMBR.exe" middels dubbelklik op "aswMBR.exe".
    [*:c9079c82db]Windows Vista en Windows 7: start "aswMBR.exe" middels rechtsklik op "aswMBR.exe" en kies jij voor [b:c9079c82db]Als Administrator uitvoeren[/b:c9079c82db].[/list:u:c9079c82db]

    [img:c9079c82db]http://www.imgdumper.nl/uploads4/4db3f87694fe9/4db3f87693886-aswmbrscan.gif[/img:c9079c82db]
    [list:c9079c82db][*:c9079c82db] Klik nu in het zwarte scherm op de knop [b:c9079c82db]Scan[/b:c9079c82db]
    [*:c9079c82db] Als de melding "Scan finished successfully" komt, klik dan vervolgens op de knop [b:c9079c82db]Save log[/b:c9079c82db][/list:u:c9079c82db]
    [img:c9079c82db]http://www.imgdumper.nl/uploads4/4db3f8e71343a/4db3f8e71288d-aswmbrsavelog.gif[/img:c9079c82db]
    [list:c9079c82db][*:c9079c82db] Het makkelijkst is het, als opslaglokatie voor het log gewoon het bureaublad te kiezen.
    [*:c9079c82db] Tevens vindt je nu op het bureaublad ook het bestand [b:c9079c82db]MBR.dat[/b:c9079c82db]!
    [*:c9079c82db] [b:c9079c82db]MBR.dat[/b:c9079c82db] is een backupbestand, bewaar dat dus voorlopig.
    [*:c9079c82db] Ook op het bureaublad staat een kladbloktekst-document genaamd [b:c9079c82db]aswMBR.txt[/b:c9079c82db]
    [*:c9079c82db] Post de inhoud van [b:c9079c82db]aswMBR.txt[/b:c9079c82db] in jouw volgende bericht.[/list:u:c9079c82db]
  • Duidelijk verhaal over norton.

    Welke van de gratis 4us scanners kan ik het beste gebruiken ?



    log van aswmbr



    aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
    Run date: 2011-08-04 18:28:02
    —————————–
    18:28:02.186 OS Version: Windows 5.1.2600 Service Pack 3
    18:28:02.186 Number of processors: 1 586 0x207
    18:28:02.186 ComputerName: KAYLEIGH UserName: Ferry
    18:28:03.780 Initialize success
    18:30:30.016 AVAST engine defs: 11080400
    18:31:06.704 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    18:31:06.704 Disk 0 Vendor: WDC_WD800AB-22CBA1 04.07B04 Size: 76319MB BusType: 3
    18:31:06.720 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
    18:31:06.720 Disk 1 Vendor: Maxtor_6B200P0 BAH41BY0 Size: 194481MB BusType: 3
    18:31:06.720 Device \Driver\atapi -> DriverStartIo f74bb864
    18:31:06.720 Device \Driver\atapi -> MajorFunction 872e1680
    18:31:08.735 Disk 0 MBR read successfully
    18:31:08.751 Disk 0 MBR scan
    18:31:08.829 Disk 0 Windows XP default MBR code
    18:31:08.845 Disk 0 scanning sectors +156280320
    18:31:08.938 Disk 0 scanning C:\WINDOWS\system32\drivers
    18:32:37.549 Service scanning
    18:32:41.315 Modules scanning
    18:32:55.190 Disk 0 trace - called modules:
    18:32:55.221 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x872e1680]<<
    18:32:55.221 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87735030]
    18:32:55.221 3 CLASSPNP.SYS[f764bfd7] -> nt!IofCallDriver -> \Device\000000d3[0x877363b8]
    18:32:55.237 5 ACPI.sys[f751a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x87726940]
    18:32:55.237 \Driver\atapi[0x87772c00] -> IRP_MJ_CREATE -> 0x872e1680
    18:32:56.205 AVAST engine scan C:\WINDOWS
    18:33:45.784 AVAST engine scan C:\WINDOWS\system32
    18:45:39.871 AVAST engine scan C:\WINDOWS\system32\drivers
    18:46:51.466 AVAST engine scan C:\Documents and Settings\Ferry
    19:50:14.538 File: C:\Documents and Settings\Ferry\Local Settings\temp\NOD3D85.tmp **INFECTED** Win32:Sefnit-A [Trj]
    20:14:21.160 AVAST engine scan C:\Documents and Settings\All Users
    21:17:11.550 Scan finished successfully
    21:49:14.090 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ferry\Bureaublad\MBR.dat"
    21:49:14.105 The log file has been saved successfully to "C:\Documents and Settings\Ferry\Bureaublad\aswMBR.txt"




    ***********************************************************
    **** vers hijackthis log ****
    ***********************************************************

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:53:19, on 4-8-2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\hpb2ksrv.exe
    C:\WINDOWS\System32\hpbhksrv.exe
    C:\WINDOWS\system32\lkcitdl.exe
    C:\WINDOWS\system32\lkads.exe
    C:\WINDOWS\system32\lktsrv.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\NDAS\System
    dassvc.exe
    D:\National Instruments\Shared\Security
    idmsrv.exe
    C:\WINDOWS\system32
    isvcloc.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\WinAgents\TftpService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Outlook Express\MSIMN.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\axis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - d:\Xi\NetXfer\NXIEHelper.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: WakoopaBHOClass Class - {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} - C:\Documents and Settings\Ferry\Local Settings\Application Data\Wakoopa Shared\WakoopaBHO.dll
    O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - d:\Xi\NetXfer\NXToolBar.dll
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
    O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    O8 - Extra context menu item: Create PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ontvang alle bestanden door NetXfer - D:\Xi\NetXfer\NXAddList.html
    O8 - Extra context menu item: Ontvangst door NetXfer - D:\Xi\NetXfer\NXAddLink.html
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O15 - Trusted Zone: http://www.de1103.nl
    O15 - Trusted Zone: http://www.godaddy.com
    O15 - Trusted Zone: http://*.moodle.org
    O15 - Trusted Zone: http://player.omroep.nl
    O15 - Trusted IP range: http://172.16.100.18
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://62.251.20.244:90/VatDec.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://212.248.100.101:91/kxhcm10.ocx
    O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
    O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.skylinesoft.com/interactive/terraexplorer/install/TE.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/pm/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab
    O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://81.204.25.231/home/SonySncRz30View.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264673400140
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264673381171
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://procam1.be.proserve.nl/activex/AMC.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI
    etail/DASAct.cab
    O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://77.161.40.48/bl_camera.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://172.16.100.18/activex/AxisCamControl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} (QuickUpload) - http://a01-b01.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
    O16 - DPF: {C6A03519-BA6F-438E-AF3A-878F11521CA5} (JpgView Control) - http://patrick168.blogdns.com:8888/jpgview.cab
    O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} (Pixum EasyUploadX Control) - http://www.pixum.nl/apps/EasyUploadX.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://165.91.110.101:2010/activex/AMC.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v10_nl.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O16 - DPF: {E6644870-F140-11D4-B761-00D0B73F3C8E} (CamImage Class) - http://172.16.100.18/activex/AxisCamMotionControl.ocx
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4539/mcfscan.cab
    O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A6611BB4-7160-44C5-BA10-39F0CE43DFFA}: NameServer = 194.109.6.66,194.109.9.99
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c985d469fb84d5) (gupdate1c985d469fb84d5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Status - Hewlett-Packard Company - C:\WINDOWS\System32\hpb2ksrv.exe
    O23 - Service: HP Status Print - Hewlett-Packard Company - C:\WINDOWS\System32\hpbhksrv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System
    dassvc.exe
    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - D:\National Instruments\Shared\Security
    idmsrv.exe
    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32
    isvcloc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Invise Panel Manager Service (PanelMgr Service) - Unknown owner - C:\Invise\PANELMGR.EXE (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: WinAgents TFTP Service 4 (WinAgentsTftpService4) - WinAgents Software Group - C:\Program Files\Common Files\WinAgents\TftpService.exe


    End of file - 17922 bytes
  • Hoi Sprokkie, ik heb alleen vermeld dat MSE gratis is.
    Alle andere antivirusprodukten die ik genoemd hebt zijn aan te schaffen.
    Hieronder mijn lijstje van gratis antivirusprodukten:

    Lijst bekende en goede gratis antivirusprogramma's

    Tip: Avast 6\2011 Free is de enigste, die een aantal onderdelen aan boord heeft, die je verder alleen aantreft bij betaalde antivirusprogramma's en staat daarom internationaal als beste gratis alternatief te boek.

    Avast speelt dus duidelijk op de nieuwe bedreigingen van het internet in!
    Bovendien merk je nauwelijks, dat Avast draait!
    Ook heeft Avast een "zandbox" aan boord, waarin je veilig programma's kan testen!

    [b:5dd2f26fe3]Downloadlink Avast 6 Free[/b:5dd2f26fe3]

    Andere gratis alternatieven:

    [b:5dd2f26fe3]Panda Cloud Antivirus[/b:5dd2f26fe3] - downloadlink
    [b:5dd2f26fe3]AVG Free 2011[/b:5dd2f26fe3] - downloadlink
    [b:5dd2f26fe3]Avira Antivir[/b:5dd2f26fe3] - downloadlink
    [b:5dd2f26fe3]Microsoft Security Essentials[/b:5dd2f26fe3] - downloadlink

    De rangschikking van de programma's is gedaan naar ratio van de beveiliging en herkenning van malware.


    Je log bgint er ondertussen goed uit te zien.

    Sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:5dd2f26fe3]Fix checked[/b:5dd2f26fe3] klikt!


    Start nu HijackThis en klik op de knop [b:5dd2f26fe3]Do a Scan only,

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    [/b:5dd2f26fe3]
    [list:5dd2f26fe3][*:5dd2f26fe3] zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen
    [*:5dd2f26fe3] Sluit nu de webbrowser en vervolgens klik je daarna op de knop [b:5dd2f26fe3]Fix checked[/b:5dd2f26fe3]
    [*:5dd2f26fe3] Klik hierna HijackThis op uit.[/list:u:5dd2f26fe3]


    Start MBAM weer voor een snelle scan.
    Wel eerst updaten!


    En daarna:
    [b:5dd2f26fe3]Welk programma[/b:5dd2f26fe3]: TFC.
    [b:5dd2f26fe3]Waarvoor/waarom[/b:5dd2f26fe3]:grondige reiniging van Windows.
    [b:5dd2f26fe3]Moeilijkheidsgraad[/b:5dd2f26fe3]: geen.

    [b:5dd2f26fe3]Download TFC naar je bureaublad (klick)[/color:5dd2f26fe3] [/b:5dd2f26fe3]

    [b:5dd2f26fe3]TFC opstarten[/b:5dd2f26fe3]:
    Windows 2000 en Windows XP: start TFC.exe middels dubbelklik op de snelkoppeling.
    Windows Vista en Windows 7: start TFC.exe middels rechtsklik op de snelkoppeling en dan kiezen voor "Als Administrator uitvoeren".
    [list:5dd2f26fe3][*:5dd2f26fe3] Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen!
    [*:5dd2f26fe3] Vervolgens klik je op de knop [b:5dd2f26fe3]Start[/b:5dd2f26fe3] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is.
    [*:5dd2f26fe3] Indien TFC klaar is, dan komt de melding dat de computer opnieuw opgestart wordt.
    [*:5dd2f26fe3] Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op.
    [*:5dd2f26fe3] Noot: TFC vertoont geen log![/list:u:5dd2f26fe3]

    Laat ook weten hoe jouw Windows inmiddels draait.
  • mbam log

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Databaseversie: 7383

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    5-8-2011 10:18:50
    mbam-log-2011-08-05 (10-18-50).txt

    Scantype: Snelle scan
    Objecten gescand: 211228
    Verstreken tijd: 36 minuut/minuten, 19 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 3
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 1

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Ik heb zelf die irritante meldingen van windowsbeveiliging uitgezet.
    Mbam vind dat een 4us….

    daarna TFC
    419Mb weggehaald



    ***************************************************
    **** vers hijackthis log ****
    ***************************************************

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:39:45, on 5-8-2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\hpb2ksrv.exe
    C:\WINDOWS\System32\hpbhksrv.exe
    C:\WINDOWS\system32\lkcitdl.exe
    C:\WINDOWS\system32\lkads.exe
    C:\WINDOWS\system32\lktsrv.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\NDAS\System
    dassvc.exe
    D:\National Instruments\Shared\Security
    idmsrv.exe
    C:\WINDOWS\system32
    isvcloc.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\WinAgents\TftpService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Outlook Express\MSIMN.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\axis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - d:\Xi\NetXfer\NXIEHelper.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: WakoopaBHOClass Class - {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} - C:\Documents and Settings\Ferry\Local Settings\Application Data\Wakoopa Shared\WakoopaBHO.dll
    O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - d:\Xi\NetXfer\NXToolBar.dll
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
    O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    O8 - Extra context menu item: Create PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ontvang alle bestanden door NetXfer - D:\Xi\NetXfer\NXAddList.html
    O8 - Extra context menu item: Ontvangst door NetXfer - D:\Xi\NetXfer\NXAddLink.html
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O15 - Trusted Zone: http://www.de1103.nl
    O15 - Trusted Zone: http://www.godaddy.com
    O15 - Trusted Zone: http://*.moodle.org
    O15 - Trusted Zone: http://player.omroep.nl
    O15 - Trusted IP range: http://172.16.100.18
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://62.251.20.244:90/VatDec.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://212.248.100.101:91/kxhcm10.ocx
    O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
    O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.skylinesoft.com/interactive/terraexplorer/install/TE.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/pm/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab
    O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://81.204.25.231/home/SonySncRz30View.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264673400140
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264673381171
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://procam1.be.proserve.nl/activex/AMC.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI
    etail/DASAct.cab
    O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://77.161.40.48/bl_camera.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://172.16.100.18/activex/AxisCamControl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} (QuickUpload) - http://a01-b01.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
    O16 - DPF: {C6A03519-BA6F-438E-AF3A-878F11521CA5} (JpgView Control) - http://patrick168.blogdns.com:8888/jpgview.cab
    O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} (Pixum EasyUploadX Control) - http://www.pixum.nl/apps/EasyUploadX.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://165.91.110.101:2010/activex/AMC.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v10_nl.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O16 - DPF: {E6644870-F140-11D4-B761-00D0B73F3C8E} (CamImage Class) - http://172.16.100.18/activex/AxisCamMotionControl.ocx
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4539/mcfscan.cab
    O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A6611BB4-7160-44C5-BA10-39F0CE43DFFA}: NameServer = 194.109.6.66,194.109.9.99
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c985d469fb84d5) (gupdate1c985d469fb84d5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Status - Hewlett-Packard Company - C:\WINDOWS\System32\hpb2ksrv.exe
    O23 - Service: HP Status Print - Hewlett-Packard Company - C:\WINDOWS\System32\hpbhksrv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System
    dassvc.exe
    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - D:\National Instruments\Shared\Security
    idmsrv.exe
    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32
    isvcloc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Invise Panel Manager Service (PanelMgr Service) - Unknown owner - C:\Invise\PANELMGR.EXE (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: WinAgents TFTP Service 4 (WinAgentsTftpService4) - WinAgents Software Group - C:\Program Files\Common Files\WinAgents\TftpService.exe


    End of file - 17792 bytes


    PC lijkt wel beter te draaien, opstarten gaat sneller.
    Outlookexpres schakelt ook sneller tussen de mappen
    Dat groene vakje van taskmanager is vaker meer donkergroen dan lichtgroen, was voor deze hele actie andersom.
  • Hoi Sprokkie - wat bedoel je met "Dat groene vakje van taskmanager is vaker meer donkergroen dan lichtgroen, was voor deze hele actie andersom."?

    Bedoel je daarmee het Taskmanager icoontje in de systray?


    Wat betreft jouw Windows zelf: deze heeft een enorme omvang!
    Dus een optimalisatie is wel nodig.

    Nu eerst dit: Start "aswMBR.exe" opnieuw op en klik op de knop Fix.

    Daarna je PC opnieuw opstarten!

    En start ComboFix voor een nieuwe scan - indien het tool wil updaten, dan wel opnieuw gedownload te worden - sta dit dan toe.
  • ja ik bedoel het systray icoon met het groene vakje

    ik heb de aswmbr opnieuw gestart, nieuwe 4us defininties haalde hij op
    knop je fix is grijs.

    ik laat hem op nieuw scannen en dan druk ik wel op knopje fix
  • ok scan klaar.
    alleen het fix knopje is grijs alleen fixmbr kan ik kiezen.

    Moet ik nu verder met combofix, of eerst reboot en dan combofix ?
    Voor het eerst heb ik een ander resultaat dan dat jij beschrijft.

    hieronder het log

    aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
    Run date: 2011-08-05 12:18:51
    —————————–
    12:18:51.544 OS Version: Windows 5.1.2600 Service Pack 3
    12:18:51.544 Number of processors: 1 586 0x207
    12:18:51.544 ComputerName: KAYLEIGH UserName: Ferry
    12:19:02.310 Initialize success
    12:21:21.891 AVAST engine defs: 11080500
    12:22:52.221 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    12:22:52.268 Disk 0 Vendor: WDC_WD800AB-22CBA1 04.07B04 Size: 76319MB BusType: 3
    12:22:52.268 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
    12:22:52.268 Disk 1 Vendor: Maxtor_6B200P0 BAH41BY0 Size: 194481MB BusType: 3
    12:22:52.299 Device \Driver\atapi -> DriverStartIo f749e864
    12:22:52.299 Device \Driver\atapi -> MajorFunction 877cf170
    12:22:54.315 Disk 0 MBR read successfully
    12:22:54.315 Disk 0 MBR scan
    12:22:54.408 Disk 0 Windows XP default MBR code
    12:22:54.424 Disk 0 scanning sectors +156280320
    12:22:54.518 Disk 0 scanning C:\WINDOWS\system32\drivers
    12:24:10.425 Service scanning
    12:24:13.128 Modules scanning
    12:24:25.347 Disk 0 trace - called modules:
    12:24:25.378 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x877cf170]<<
    12:24:25.378 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87754030]
    12:24:25.378 3 CLASSPNP.SYS[f763efd7] -> nt!IofCallDriver -> \Device\000000d1[0x87747210]
    12:24:25.378 5 ACPI.sys[f74fd620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x87756d98]
    12:24:25.378 \Driver\atapi[0x877479e8] -> IRP_MJ_CREATE -> 0x877cf170
    12:24:27.128 AVAST engine scan C:\WINDOWS
    12:25:17.098 AVAST engine scan C:\WINDOWS\system32
    12:39:12.702 AVAST engine scan C:\WINDOWS\system32\drivers
    12:40:33.219 AVAST engine scan C:\Documents and Settings\Ferry
    14:12:05.930 AVAST engine scan C:\Documents and Settings\All Users
    15:25:39.507 Scan finished successfully
    15:28:20.697 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ferry\Bureaublad\MBR.dat"
    15:28:20.713 The log file has been saved successfully to "C:\Documents and Settings\Ferry\Bureaublad\aswMBR-1.txt"

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.