Vraag & Antwoord

Beveiliging & privacy

niet verwijderde virussen

24 antwoorden
  • Kreeg van de week dat er besmetting was, maar die kon niet verwijdert worden , MBAM is schoon, ESET geeft al 3 dagen error 8 op deze machine. Alles up-to-date, dus even een HJT log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:10:23, on 19-3-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Internetbeveiliging\Common\FSM32.EXE C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files\NetWorx\networx.exe C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Users\.Anjo\AppData\Local\FAH\Folding@home-Win32-x86.exe C:\Windows\system32\conhost.exe C:\Users\.Anjo\AppData\Local\FAH\FahCore_a4.exe C:\Windows\system32\taskhost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={F25151F8-12D6-4670-A0DD-17DC92D6A082}&mid=b7a07ab0597547d1b29bd15f4cc3f091-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=nl&ds=is015&pr=sa&d=2012-03-06 10:26:02&v=10.0.0.7&sap=hp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Internetbeveiliging\NRS\iescript\baselitmus.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &NetWorx Desk Band - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Program Files\NetWorx\deskband.dll O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Internetbeveiliging\NRS\iescript\baselitmus.dll O4 - HKLM\..\Run: [Rocketdock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Internetbeveiliging\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Internetbeveiliging\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -agent O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\Program Files\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\Program Files\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra 'Tools' menuitem: &Instellingen voor Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Internetbeveiliging\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\ORSP Client\fsorsp.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- End of file - 8616 bytes
  • Hoi Anjo, welk tool gaf een besmetting aan en weet je ook nog waarbij het hier om ging? [color=#FF0000:e88e5b131e][b:e88e5b131e]Stap •1•[/b:e88e5b131e][/color:e88e5b131e] [b:e88e5b131e]Welk programma[/b:e88e5b131e]: [b:e88e5b131e]TDSSStarter.exe[/b:e88e5b131e] [b:e88e5b131e]Waarvoor/waarom[/b:e88e5b131e]: Rootkitscanner [b:e88e5b131e]Moeilijkheidsgraad[/b:e88e5b131e]: geen Download [b:e88e5b131e][url=http://home.kpn.nl/stefsmeenk/tools/TDSSKStarter.exe]TDSSStarter[/url][/b:e88e5b131e] naar het bureaublad. [b:e88e5b131e]"TDSSSStarter.exe" gebruiken[/b:e88e5b131e]: [list:e88e5b131e][*:e88e5b131e] [b:e88e5b131e][color=#0000FF:e88e5b131e]Sluit nu eerst alle nog openstaande programmavensters![/color:e88e5b131e][/b:e88e5b131e] [list:e88e5b131e][*:e88e5b131e][b:e88e5b131e][color=#0000FF:e88e5b131e]Windows 2000[/color:e88e5b131e][/b:e88e5b131e] en [color=#0000FF:e88e5b131e][b:e88e5b131e]Windows XP[/b:e88e5b131e][/color:e88e5b131e]: start het tool middels dubbelklik op "[i:e88e5b131e] TDSSStarter .exe[/i:e88e5b131e]". [*:e88e5b131e][color=#0000FF:e88e5b131e][b:e88e5b131e]Windows Vista[/b:e88e5b131e][/color:e88e5b131e] en [color=#0000FF:e88e5b131e][b:e88e5b131e]Windows 7[/b:e88e5b131e][/color:e88e5b131e]: start het tool middels rechtsklik op "[i:e88e5b131e]TDSSStarter.exe[/i:e88e5b131e]" en dan kiezen voor [i:e88e5b131e][b:e88e5b131e]Als Administrator uitvoeren[/b:e88e5b131e][/i:e88e5b131e].[/list:u:e88e5b131e] [*:e88e5b131e]Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten. [*:e88e5b131e]Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.[/list:u:e88e5b131e] [color=#FF0000:e88e5b131e][b:e88e5b131e]Stap •2•[/b:e88e5b131e][/color:e88e5b131e] [b:e88e5b131e]Welk programma[/b:e88e5b131e]: ComboFix [b:e88e5b131e]Waarvoor/waarom[/b:e88e5b131e]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:e88e5b131e]Moeilijkheidsgraad[/b:e88e5b131e]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:e88e5b131e]Downloadlokatie[/b:e88e5b131e]: Dit programma absoluut naar het bureaublad downloaden! [b:e88e5b131e]Download ComboFix via één van deze locaties[/b:e88e5b131e]: [list:e88e5b131e][*:e88e5b131e][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:e88e5b131e]Bleepingcomputer[/b:e88e5b131e][/url] [*:e88e5b131e][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:e88e5b131e]ForoSpyware[/b:e88e5b131e][/url] [*:e88e5b131e][url=http://subs.geekstogo.com/ComboFix.exe][b:e88e5b131e]Geekstogo[/b:e88e5b131e][/url][/list:u:e88e5b131e] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:e88e5b131e]Hier[/b:e88e5b131e][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:e88e5b131e]Hier[/b:e88e5b131e][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:e88e5b131e]hier[/b:e88e5b131e][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:e88e5b131e]Voor alle duidelijkheid nogmaals[/b:e88e5b131e]: ComboFix dient vanaf het bureaublad gestart te worden. [b:e88e5b131e]Opmerkingen[/b:e88e5b131e]: [list:e88e5b131e][*:e88e5b131e] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).[/list:u:e88e5b131e] [b:e88e5b131e]ComboFix opstarten[/b:e88e5b131e]: [list:e88e5b131e][*:e88e5b131e] [b:e88e5b131e][color=#0000FF:e88e5b131e]Sluit nu eerst alle nog openstaande programmavensters![/color:e88e5b131e][/b:e88e5b131e] [list:e88e5b131e][*:e88e5b131e][b:e88e5b131e][color=#0000FF:e88e5b131e]Windows 2000[/color:e88e5b131e][/b:e88e5b131e] en [color=#0000FF:e88e5b131e][b:e88e5b131e]Windows XP[/b:e88e5b131e][/color:e88e5b131e]: start ComboFix.exe middels dubbelklik op ComboFix.exe. [*:e88e5b131e][color=#0000FF:e88e5b131e][b:e88e5b131e]Windows Vista[/b:e88e5b131e][/color:e88e5b131e] en [color=#0000FF:e88e5b131e][b:e88e5b131e]Windows 7[/b:e88e5b131e][/color:e88e5b131e]: start ComboFix.exe via rechtsklik op ComboFix.exe en kies dan voor [i:e88e5b131e][b:e88e5b131e]Als Administrator uitvoeren[/b:e88e5b131e][/i:e88e5b131e].[/list:u:e88e5b131e][/list:u:e88e5b131e] [b:e88e5b131e]ComboFix is opgestart[/b:e88e5b131e]: [list:e88e5b131e][*:e88e5b131e]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:e88e5b131e]Combofix sluit tijdens de scan de internet verbinding; probeer deze tussentijds niet te herstellen! [*:e88e5b131e]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:e88e5b131e]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:e88e5b131e]Post de inhoud van dit logbestand in je volgende bericht. [*:e88e5b131e]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:e88e5b131e] [b:e88e5b131e]Belangrijke opmerking[/b:e88e5b131e]: [list:e88e5b131e][*:e88e5b131e][b:e88e5b131e][color=Red:e88e5b131e]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:e88e5b131e][/b:e88e5b131e] [*:e88e5b131e][b:e88e5b131e][color=blue:e88e5b131e]Illegal operation attempted on a registery key that has been marked for deletion.[/color:e88e5b131e][/b:e88e5b131e] [*:e88e5b131e][b:e88e5b131e][color=Red:e88e5b131e]Start dan de computer opnieuw op.[/color:e88e5b131e][/b:e88e5b131e][/list:u:e88e5b131e] [color=#FF0000:e88e5b131e][b:e88e5b131e]Stap •3•[/b:e88e5b131e][/color:e88e5b131e] [b:e88e5b131e]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:e88e5b131e] [list:e88e5b131e][*:e88e5b131e] TDSSKStarter-log [*:e88e5b131e] ComboFix.txt-log [/list:u:e88e5b131e]
  • F Secure geeft : Suspicious: W32/malware!Gemini in C:\Programfiles\Nirsoft\Downtester\Downtester.exe Actie: Mislukt
  • 16:20:39.0589 2980 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43 16:20:39.0621 2980 ============================================================ 16:20:39.0621 2980 Current date / time: 2012/03/19 16:20:39.0621 16:20:39.0621 2980 SystemInfo: 16:20:39.0621 2980 16:20:39.0621 2980 OS Version: 6.1.7601 ServicePack: 1.0 16:20:39.0621 2980 Product type: Workstation 16:20:39.0699 2980 ComputerName: ANJO-PC 16:20:39.0699 2980 UserName: .Anjo 16:20:39.0699 2980 Windows directory: C:\Windows 16:20:39.0699 2980 System windows directory: C:\Windows 16:20:39.0699 2980 Processor architecture: Intel x86 16:20:39.0699 2980 Number of processors: 2 16:20:39.0699 2980 Page size: 0x1000 16:20:39.0699 2980 Boot type: Normal boot 16:20:39.0699 2980 ============================================================ 16:20:47.0527 2980 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 16:20:47.0527 2980 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x7E2CB, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000050 16:20:47.0542 2980 Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x37C87B, SectorsPerTrack: 0x13, TracksPerCylinder: 0x9, Type 'K0', Flags 0x00000050 16:20:47.0558 2980 \Device\Harddisk0\DR0: 16:20:47.0558 2980 MBR used 16:20:47.0558 2980 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000 16:20:47.0558 2980 \Device\Harddisk1\DR1: 16:20:47.0558 2980 MBR used 16:20:47.0558 2980 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000 16:20:47.0558 2980 \Device\Harddisk2\DR2: 16:20:47.0574 2980 MBR used 16:20:47.0574 2980 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 16:20:47.0574 2980 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800 16:20:47.0652 2980 Initialize success 16:20:47.0652 2980 ============================================================ 16:20:47.0714 2180 ============================================================ 16:20:47.0714 2180 Scan started 16:20:47.0714 2180 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent; 16:20:47.0714 2180 ============================================================ 16:20:48.0714 2180 1394ohci (cafa7bf92ec0b97b41f6c1d1d2f3a0ad) C:\Windows\system32\drivers\1394ohci.sys 16:20:48.0886 2180 1394ohci - ok 16:20:48.0933 2180 ACPI (97e93a2d8c9d0f72f1c1a34d764a6c63) C:\Windows\system32\drivers\ACPI.sys 16:20:48.0980 2180 ACPI - ok 16:20:48.0996 2180 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 16:20:49.0089 2180 AcpiPmi - ok 16:20:49.0121 2180 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys 16:20:49.0183 2180 adp94xx - ok 16:20:49.0230 2180 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys 16:20:49.0277 2180 adpahci - ok 16:20:49.0292 2180 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys 16:20:49.0339 2180 adpu320 - ok 16:20:49.0371 2180 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 16:20:49.0464 2180 AFD - ok 16:20:49.0480 2180 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 16:20:49.0527 2180 agp440 - ok 16:20:49.0542 2180 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys 16:20:49.0589 2180 aic78xx - ok 16:20:49.0621 2180 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 16:20:49.0636 2180 aliide - ok 16:20:49.0699 2180 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 16:20:49.0746 2180 amdagp - ok 16:20:49.0777 2180 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 16:20:49.0824 2180 amdide - ok 16:20:49.0855 2180 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys 16:20:49.0933 2180 AmdK8 - ok 16:20:50.0324 2180 amdkmdag (fef6346529b840ae859de65a0f4773d2) C:\Windows\system32\DRIVERS\atikmdag.sys 16:20:50.0902 2180 amdkmdag - ok 16:20:51.0027 2180 amdkmdap (0e245c8be29baf0084b95c4d16542a79) C:\Windows\system32\DRIVERS\atikmpag.sys 16:20:51.0136 2180 amdkmdap - ok 16:20:51.0167 2180 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 16:20:51.0214 2180 AmdPPM - ok 16:20:51.0230 2180 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 16:20:51.0261 2180 amdsata - ok 16:20:51.0277 2180 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys 16:20:51.0308 2180 amdsbs - ok 16:20:51.0339 2180 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 16:20:51.0355 2180 amdxata - ok 16:20:51.0371 2180 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 16:20:51.0449 2180 AppID - ok 16:20:51.0480 2180 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys 16:20:51.0496 2180 arc - ok 16:20:51.0527 2180 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys 16:20:51.0558 2180 arcsas - ok 16:20:51.0605 2180 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 16:20:51.0730 2180 AsyncMac - ok 16:20:51.0746 2180 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 16:20:51.0792 2180 atapi - ok 16:20:51.0855 2180 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys 16:20:51.0917 2180 b06bdrv - ok 16:20:51.0933 2180 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 16:20:51.0980 2180 b57nd60x - ok 16:20:52.0011 2180 BackupReader (fb2d375c8f90cb17aaf2f90fe37c7b91) C:\Windows\system32\DRIVERS\BackupReader.sys 16:20:52.0042 2180 BackupReader - ok 16:20:52.0058 2180 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 16:20:52.0136 2180 Beep - ok 16:20:52.0152 2180 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 16:20:52.0199 2180 blbdrive - ok 16:20:52.0214 2180 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 16:20:52.0339 2180 bowser - ok 16:20:52.0355 2180 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys 16:20:52.0402 2180 BrFiltLo - ok 16:20:52.0402 2180 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys 16:20:52.0480 2180 BrFiltUp - ok 16:20:52.0511 2180 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 16:20:52.0636 2180 Brserid - ok 16:20:52.0683 2180 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 16:20:52.0761 2180 BrSerWdm - ok 16:20:52.0777 2180 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 16:20:52.0855 2180 BrUsbMdm - ok 16:20:52.0855 2180 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 16:20:52.0902 2180 BrUsbSer - ok 16:20:52.0917 2180 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys 16:20:52.0964 2180 BTHMODEM - ok 16:20:52.0996 2180 catchme - ok 16:20:53.0027 2180 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 16:20:53.0105 2180 cdfs - ok 16:20:53.0136 2180 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys 16:20:53.0230 2180 cdrom - ok 16:20:53.0261 2180 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys 16:20:53.0324 2180 circlass - ok 16:20:53.0371 2180 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 16:20:53.0433 2180 CLFS - ok 16:20:53.0449 2180 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys 16:20:53.0527 2180 CmBatt - ok 16:20:53.0542 2180 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 16:20:53.0558 2180 cmdide - ok 16:20:53.0589 2180 CNG (378fe2aef273419d1ee31620e83de94a) C:\Windows\system32\Drivers\cng.sys 16:20:53.0667 2180 CNG - ok 16:20:53.0683 2180 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys 16:20:53.0699 2180 Compbatt - ok 16:20:53.0714 2180 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys 16:20:53.0761 2180 CompositeBus - ok 16:20:53.0808 2180 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys 16:20:53.0886 2180 cpuz135 - ok 16:20:53.0902 2180 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys 16:20:53.0933 2180 crcdisk - ok 16:20:53.0949 2180 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys 16:20:54.0011 2180 CSC - ok 16:20:54.0042 2180 dc3d (b7ef38c2c22a7805de919cff5e16a372) C:\Windows\system32\DRIVERS\dc3d.sys 16:20:54.0074 2180 dc3d - ok 16:20:54.0089 2180 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 16:20:54.0261 2180 DfsC - ok 16:20:54.0292 2180 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 16:20:54.0355 2180 discache - ok 16:20:54.0386 2180 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys 16:20:54.0417 2180 Disk - ok 16:20:54.0433 2180 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys 16:20:54.0480 2180 dmvsc - ok 16:20:54.0496 2180 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 16:20:54.0589 2180 drmkaud - ok 16:20:54.0621 2180 DXGKrnl (5a186ecfba1e81df3367221f889ae0a7) C:\Windows\System32\drivers\dxgkrnl.sys 16:20:54.0699 2180 DXGKrnl - ok 16:20:54.0730 2180 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys 16:20:54.0824 2180 E1G60 - ok 16:20:54.0886 2180 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys 16:20:54.0996 2180 ebdrv - ok 16:20:55.0042 2180 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys 16:20:55.0089 2180 elxstor - ok 16:20:55.0105 2180 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 16:20:55.0136 2180 ErrDev - ok 16:20:55.0167 2180 es1371 (24e564f710d887ecc75cfe59882ecc5d) C:\Windows\system32\drivers\es1371mp.sys 16:20:55.0246 2180 es1371 - ok 16:20:55.0292 2180 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 16:20:55.0402 2180 exfat - ok 16:20:55.0511 2180 F-Secure Gatekeeper (29d12e1e45d93b45d2598e2663bbeff4) C:\Program Files\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys 16:20:55.0558 2180 F-Secure Gatekeeper - ok 16:20:55.0589 2180 F-Secure HIPS (f5aca65237c7511d5803cdc5e7003d75) C:\Program Files\Internetbeveiliging\HIPS\drivers\fshs.sys 16:20:55.0636 2180 F-Secure HIPS - ok 16:20:55.0652 2180 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 16:20:55.0714 2180 fastfat - ok 16:20:55.0746 2180 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys 16:20:55.0824 2180 fdc - ok 16:20:55.0855 2180 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 16:20:55.0980 2180 FileInfo - ok 16:20:56.0074 2180 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 16:20:56.0230 2180 Filetrace - ok 16:20:56.0246 2180 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys 16:20:56.0292 2180 flpydisk - ok 16:20:56.0308 2180 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 16:20:56.0371 2180 FltMgr - ok 16:20:56.0402 2180 fsbts (343786e182b9c9ae3066e00dec650f50) C:\Windows\system32\Drivers\fsbts.sys 16:20:56.0449 2180 fsbts - ok 16:20:56.0464 2180 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 16:20:56.0496 2180 FsDepends - ok 16:20:56.0542 2180 FSES (2bffae1318ce3d9847a8d61b3726e54e) C:\Windows\system32\drivers\fses.sys 16:20:56.0605 2180 FSES - ok 16:20:56.0636 2180 FSFW (73e6e711455491da6ebbaf9603e96323) C:\Windows\system32\drivers\fsdfw.sys 16:20:56.0667 2180 FSFW - ok 16:20:56.0746 2180 fsvista (f4a1769bd7a3f073c492663e6a7decd1) C:\Program Files\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys 16:20:56.0792 2180 fsvista - ok 16:20:56.0824 2180 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 16:20:56.0886 2180 Fs_Rec - ok 16:20:56.0917 2180 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 16:20:56.0996 2180 fvevol - ok 16:20:57.0011 2180 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys 16:20:57.0042 2180 gagp30kx - ok 16:20:57.0121 2180 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 16:20:57.0183 2180 hcw85cir - ok 16:20:57.0230 2180 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 16:20:57.0324 2180 HdAudAddService - ok 16:20:57.0386 2180 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys 16:20:57.0464 2180 HDAudBus - ok 16:20:57.0480 2180 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys 16:20:57.0558 2180 HidBatt - ok 16:20:57.0589 2180 HidBth (72b8842c548a9584329690867fca8b0e) C:\Windows\system32\drivers\hidbth.sys 16:20:57.0652 2180 HidBth - ok 16:20:57.0683 2180 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys 16:20:57.0746 2180 HidIr - ok 16:20:57.0761 2180 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys 16:20:57.0871 2180 HidUsb - ok 16:20:57.0917 2180 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 16:20:57.0949 2180 HpSAMD - ok 16:20:57.0996 2180 HTCAND32 (950cc1e6ae3a6cd23e0945cde089b02c) C:\Windows\system32\Drivers\ANDROIDUSB.sys 16:20:58.0058 2180 HTCAND32 - ok 16:20:58.0105 2180 htcnprot (339adefad60353f960e3ca67ce468c24) C:\Windows\system32\DRIVERS\htcnprot.sys 16:20:58.0167 2180 htcnprot - ok 16:20:58.0199 2180 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 16:20:58.0292 2180 HTTP - ok 16:20:58.0324 2180 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 16:20:58.0339 2180 hwpolicy - ok 16:20:58.0371 2180 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 16:20:58.0417 2180 i8042prt - ok 16:20:58.0464 2180 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 16:20:58.0511 2180 iaStorV - ok 16:20:58.0527 2180 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys 16:20:58.0558 2180 iirsp - ok 16:20:58.0589 2180 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 16:20:58.0621 2180 intelide - ok 16:20:58.0652 2180 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\drivers\intelppm.sys 16:20:58.0714 2180 intelppm - ok 16:20:58.0746 2180 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:20:58.0808 2180 IpFilterDriver - ok 16:20:58.0824 2180 IPMIDRV (d38a50ed76f309c75591fdfa427e2997) C:\Windows\system32\drivers\IPMIDrv.sys 16:20:58.0886 2180 IPMIDRV - ok 16:20:58.0902 2180 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 16:20:58.0996 2180 IPNAT - ok 16:20:59.0027 2180 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 16:20:59.0074 2180 IRENUM - ok 16:20:59.0089 2180 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 16:20:59.0121 2180 isapnp - ok 16:20:59.0152 2180 iScsiPrt (bb0dc67524e2c3b38d985f4f6f13f729) C:\Windows\system32\drivers\msiscsi.sys 16:20:59.0183 2180 iScsiPrt - ok 16:20:59.0199 2180 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 16:20:59.0230 2180 kbdclass - ok 16:20:59.0246 2180 kbdhid (056b425b6e108632daf3fef267cef7a6) C:\Windows\system32\DRIVERS\kbdhid.sys 16:20:59.0277 2180 kbdhid - ok 16:20:59.0324 2180 KSecDD (91beb3c853eb11ab8363f2f261875fea) C:\Windows\system32\Drivers\ksecdd.sys 16:20:59.0371 2180 KSecDD - ok 16:20:59.0386 2180 KSecPkg (a424cf447b8fe515f282236b3877d12a) C:\Windows\system32\Drivers\ksecpkg.sys 16:20:59.0417 2180 KSecPkg - ok 16:20:59.0480 2180 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 16:20:59.0558 2180 lltdio - ok 16:20:59.0574 2180 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys 16:20:59.0605 2180 LSI_FC - ok 16:20:59.0621 2180 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys 16:20:59.0652 2180 LSI_SAS - ok 16:20:59.0667 2180 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys 16:20:59.0699 2180 LSI_SAS2 - ok 16:20:59.0730 2180 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys 16:20:59.0761 2180 LSI_SCSI - ok 16:20:59.0777 2180 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 16:20:59.0824 2180 luafv - ok 16:20:59.0933 2180 LVRS (ed643e777ba3f7151ef3f0fb6be4f7f0) C:\Windows\system32\DRIVERS\lvrs.sys 16:21:00.0027 2180 LVRS - ok 16:21:00.0214 2180 LVUVC (5bc80451109a8dd7f2ddd35bce2929a3) C:\Windows\system32\DRIVERS\lvuvc.sys 16:21:00.0386 2180 LVUVC - ok 16:21:00.0417 2180 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys 16:21:00.0433 2180 megasas - ok 16:21:00.0464 2180 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys 16:21:00.0496 2180 MegaSR - ok 16:21:00.0527 2180 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 16:21:00.0621 2180 Modem - ok 16:21:00.0636 2180 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 16:21:00.0714 2180 monitor - ok 16:21:00.0746 2180 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 16:21:00.0761 2180 mouclass - ok 16:21:00.0792 2180 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 16:21:00.0839 2180 mouhid - ok 16:21:00.0855 2180 mountmgr (7d79e6cf080068fa14f7166db744bbcb) C:\Windows\system32\drivers\mountmgr.sys 16:21:00.0886 2180 mountmgr - ok 16:21:00.0917 2180 mpio (4df386c97ee446ab8d45413e63c15aa0) C:\Windows\system32\drivers\mpio.sys 16:21:00.0949 2180 mpio - ok 16:21:00.0964 2180 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 16:21:01.0042 2180 mpsdrv - ok 16:21:01.0074 2180 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 16:21:01.0167 2180 MRxDAV - ok 16:21:01.0214 2180 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 16:21:01.0339 2180 mrxsmb - ok 16:21:01.0464 2180 mrxsmb10 (b1a3f4ae743fdb71668f7e6ea11da0f5) C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:21:01.0699 2180 mrxsmb10 - ok 16:21:01.0714 2180 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:21:01.0746 2180 mrxsmb20 - ok 16:21:01.0777 2180 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 16:21:01.0808 2180 msahci - ok 16:21:01.0839 2180 msdsm (60b7b332bb86c4f313c7d4cf8d3a830c) C:\Windows\system32\drivers\msdsm.sys 16:21:01.0902 2180 msdsm - ok 16:21:01.0917 2180 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 16:21:02.0042 2180 Msfs - ok 16:21:02.0074 2180 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 16:21:02.0167 2180 mshidkmdf - ok 16:21:02.0183 2180 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 16:21:02.0214 2180 msisadrv - ok 16:21:02.0230 2180 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 16:21:02.0261 2180 MSKSSRV - ok 16:21:02.0292 2180 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 16:21:02.0339 2180 MSPCLOCK - ok 16:21:02.0355 2180 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 16:21:02.0402 2180 MSPQM - ok 16:21:02.0449 2180 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 16:21:02.0511 2180 MsRPC - ok 16:21:02.0527 2180 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 16:21:02.0558 2180 mssmbios - ok 16:21:02.0574 2180 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 16:21:02.0636 2180 MSTEE - ok 16:21:02.0636 2180 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys 16:21:02.0683 2180 MTConfig - ok 16:21:02.0699 2180 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 16:21:02.0730 2180 Mup - ok 16:21:02.0777 2180 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 16:21:02.0871 2180 NativeWifiP - ok 16:21:02.0902 2180 NDIS (5546f38e16f6d2637a438acc98e99ba7) C:\Windows\system32\drivers\ndis.sys 16:21:02.0996 2180 NDIS - ok 16:21:03.0011 2180 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 16:21:03.0121 2180 NdisCap - ok 16:21:03.0136 2180 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 16:21:03.0183 2180 NdisTapi - ok 16:21:03.0199 2180 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 16:21:03.0246 2180 Ndisuio - ok 16:21:03.0261 2180 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 16:21:03.0308 2180 NdisWan - ok 16:21:03.0339 2180 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 16:21:03.0386 2180 NDProxy - ok 16:21:03.0417 2180 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 16:21:03.0464 2180 NetBIOS - ok 16:21:03.0496 2180 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 16:21:03.0542 2180 NetBT - ok 16:21:03.0652 2180 netr28 (c1e4bd71f67b5cac0a0dc4f0ff5da409) C:\Windows\system32\DRIVERS\netr28.sys 16:21:03.0746 2180 netr28 - ok 16:21:03.0777 2180 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys 16:21:03.0808 2180 nfrd960 - ok 16:21:03.0824 2180 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 16:21:03.0871 2180 Npfs - ok 16:21:03.0902 2180 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 16:21:03.0964 2180 nsiproxy - ok 16:21:04.0011 2180 Ntfs (7bbb008e799a03415610dd6a9ec25119) C:\Windows\system32\drivers\Ntfs.sys 16:21:04.0105 2180 Ntfs - ok 16:21:04.0183 2180 NuidFltr (28613c245d9f26190dcee18430a4ebbe) C:\Windows\system32\DRIVERS\NuidFltr.sys 16:21:04.0277 2180 NuidFltr - ok 16:21:04.0324 2180 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 16:21:04.0386 2180 Null - ok 16:21:04.0480 2180 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys 16:21:04.0558 2180 NVENETFD - ok 16:21:04.0605 2180 NVNET (1de923088878b495cd4219e47ba34eb8) C:\Windows\system32\DRIVERS\nvmf6232.sys 16:21:04.0683 2180 NVNET - ok 16:21:04.0699 2180 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 16:21:04.0730 2180 nvraid - ok 16:21:04.0777 2180 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 16:21:04.0824 2180 nvstor - ok 16:21:04.0871 2180 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 16:21:04.0933 2180 nv_agp - ok 16:21:04.0964 2180 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 16:21:05.0027 2180 ohci1394 - ok 16:21:05.0105 2180 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 16:21:05.0167 2180 Parport - ok 16:21:05.0183 2180 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 16:21:05.0214 2180 partmgr - ok 16:21:05.0230 2180 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 16:21:05.0261 2180 Parvdm - ok 16:21:05.0308 2180 pci (baa20ef5383f0ff93c3cd7ddfb1de62f) C:\Windows\system32\drivers\pci.sys 16:21:05.0339 2180 pci - ok 16:21:05.0355 2180 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 16:21:05.0386 2180 pciide - ok 16:21:05.0417 2180 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys 16:21:05.0449 2180 pcmcia - ok 16:21:05.0464 2180 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 16:21:05.0496 2180 pcw - ok 16:21:05.0511 2180 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 16:21:05.0589 2180 PEAUTH - ok 16:21:05.0699 2180 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys 16:21:05.0746 2180 Point32 - ok 16:21:05.0792 2180 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 16:21:05.0917 2180 PptpMiniport - ok 16:21:05.0933 2180 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys 16:21:06.0027 2180 Processor - ok 16:21:06.0058 2180 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 16:21:06.0105 2180 Psched - ok 16:21:06.0152 2180 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys 16:21:06.0246 2180 ql2300 - ok 16:21:06.0261 2180 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys 16:21:06.0324 2180 ql40xx - ok 16:21:06.0339 2180 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 16:21:06.0371 2180 QWAVEdrv - ok 16:21:06.0402 2180 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 16:21:06.0449 2180 RasAcd - ok 16:21:06.0496 2180 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 16:21:06.0558 2180 RasAgileVpn - ok 16:21:06.0574 2180 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 16:21:06.0636 2180 Rasl2tp - ok 16:21:06.0746 2180 RasPppoe (c4aacceca39af598dcdb3d9304067569) C:\Windows\system32\DRIVERS\raspppoe.sys 16:21:06.0949 2180 RasPppoe - ok 16:21:06.0980 2180 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 16:21:07.0042 2180 RasSstp - ok 16:21:07.0058 2180 rdbss (9f741994288c85744eb838958ff3481e) C:\Windows\system32\DRIVERS\rdbss.sys 16:21:07.0136 2180 rdbss - ok 16:21:07.0152 2180 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 16:21:07.0183 2180 rdpbus - ok 16:21:07.0199 2180 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 16:21:07.0261 2180 RDPCDD - ok 16:21:07.0308 2180 RDPDR (7f881c6d3781cab9c0e15595bb8696be) C:\Windows\system32\drivers\rdpdr.sys 16:21:07.0355 2180 RDPDR - ok 16:21:07.0371 2180 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 16:21:07.0417 2180 RDPENCDD - ok 16:21:07.0433 2180 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 16:21:07.0480 2180 RDPREFMP - ok 16:21:07.0511 2180 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys 16:21:07.0574 2180 RdpVideoMiniport - ok 16:21:07.0621 2180 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys 16:21:07.0683 2180 RDPWD - ok 16:21:07.0714 2180 rdyboost (b39424595c95c3a0aa6b5913eb207276) C:\Windows\system32\drivers\rdyboost.sys 16:21:07.0761 2180 rdyboost - ok 16:21:07.0808 2180 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 16:21:07.0902 2180 rspndr - ok 16:21:07.0949 2180 RTHDMIAzAudService (2c358271f0a50167ba3dfb6a2c35607a) C:\Windows\system32\drivers\RtHDMIV.sys 16:21:07.0996 2180 RTHDMIAzAudService - ok 16:21:08.0058 2180 RTL8167 (5283b9a27ff230f2ff70d92451ff409a) C:\Windows\system32\DRIVERS\Rt86win7.sys 16:21:08.0121 2180 RTL8167 - ok 16:21:08.0152 2180 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys 16:21:08.0199 2180 s3cap - ok 16:21:08.0230 2180 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 16:21:08.0246 2180 sbp2port - ok 16:21:08.0277 2180 scfilter (12784cf1b1e9c3540cc7c83324965277) C:\Windows\system32\DRIVERS\scfilter.sys 16:21:08.0308 2180 scfilter - ok 16:21:08.0324 2180 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 16:21:08.0371 2180 secdrv - ok 16:21:08.0402 2180 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 16:21:08.0449 2180 Serenum - ok 16:21:08.0496 2180 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 16:21:08.0605 2180 Serial - ok 16:21:08.0621 2180 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys 16:21:08.0667 2180 sermouse - ok 16:21:08.0699 2180 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 16:21:08.0746 2180 sffdisk - ok 16:21:08.0746 2180 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 16:21:08.0792 2180 sffp_mmc - ok 16:21:08.0808 2180 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 16:21:08.0839 2180 sffp_sd - ok 16:21:08.0855 2180 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys 16:21:08.0886 2180 sfloppy - ok 16:21:08.0933 2180 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 16:21:08.0964 2180 sisagp - ok 16:21:08.0980 2180 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys 16:21:09.0011 2180 SiSRaid2 - ok 16:21:09.0027 2180 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys 16:21:09.0058 2180 SiSRaid4 - ok 16:21:09.0089 2180 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 16:21:09.0136 2180 Smb - ok 16:21:09.0167 2180 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 16:21:09.0199 2180 spldr - ok 16:21:09.0246 2180 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 16:21:09.0386 2180 srv - ok 16:21:09.0417 2180 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 16:21:09.0496 2180 srv2 - ok 16:21:09.0511 2180 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 16:21:09.0558 2180 srvnet - ok 16:21:09.0605 2180 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys 16:21:09.0621 2180 stexstor - ok 16:21:09.0667 2180 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys 16:21:09.0714 2180 StillCam - ok 16:21:09.0746 2180 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys 16:21:09.0777 2180 storflt - ok 16:21:09.0808 2180 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys 16:21:09.0855 2180 storvsc - ok 16:21:09.0886 2180 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 16:21:09.0917 2180 swenum - ok 16:21:09.0949 2180 Synth3dVsc (16e7642da4bacccd7696b326caa84870) C:\Windows\system32\drivers\Synth3dVsc.sys 16:21:09.0964 2180 Synth3dVsc - ok 16:21:10.0042 2180 Tcpip (3c1c41e317710f74cec1e7f0d5325993) C:\Windows\system32\drivers\tcpip.sys 16:21:10.0152 2180 Tcpip - ok 16:21:10.0199 2180 TCPIP6 (3c1c41e317710f74cec1e7f0d5325993) C:\Windows\system32\DRIVERS\tcpip.sys 16:21:10.0292 2180 TCPIP6 - ok 16:21:10.0339 2180 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 16:21:10.0417 2180 tcpipreg - ok 16:21:10.0449 2180 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 16:21:10.0464 2180 TDPIPE - ok 16:21:10.0496 2180 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys 16:21:10.0527 2180 TDTCP - ok 16:21:10.0542 2180 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 16:21:10.0605 2180 tdx - ok 16:21:10.0699 2180 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\Windows\system32\DRIVERS\teamviewervpn.sys 16:21:10.0746 2180 teamviewervpn - ok 16:21:10.0761 2180 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys 16:21:10.0792 2180 TermDD - ok 16:21:10.0839 2180 terminpt (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows\system32\drivers\terminpt.sys 16:21:10.0917 2180 terminpt - ok 16:21:11.0011 2180 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 16:21:11.0105 2180 tssecsrv - ok 16:21:11.0121 2180 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 16:21:11.0167 2180 TsUsbFlt - ok 16:21:11.0183 2180 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys 16:21:11.0261 2180 TsUsbGD - ok 16:21:11.0324 2180 tsusbhub (045acb987c650d8186c6b4a692223860) C:\Windows\system32\drivers\tsusbhub.sys 16:21:11.0449 2180 tsusbhub - ok 16:21:11.0464 2180 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 16:21:11.0511 2180 tunnel - ok 16:21:11.0542 2180 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys 16:21:11.0574 2180 uagp35 - ok 16:21:11.0589 2180 udfs (e604de37d14c79d9e44dbd585a31f095) C:\Windows\system32\DRIVERS\udfs.sys 16:21:11.0652 2180 udfs - ok 16:21:11.0699 2180 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 16:21:11.0730 2180 uliagpkx - ok 16:21:11.0777 2180 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys 16:21:11.0871 2180 umbus - ok 16:21:11.0902 2180 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 16:21:12.0011 2180 UmPass - ok 16:21:12.0105 2180 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys 16:21:12.0183 2180 usbaudio - ok 16:21:12.0230 2180 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 16:21:12.0277 2180 usbccgp - ok 16:21:12.0308 2180 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 16:21:12.0355 2180 usbcir - ok 16:21:12.0386 2180 usbehci (627f715b39b6058a76bccb1c7026c01e) C:\Windows\system32\DRIVERS\usbehci.sys 16:21:12.0402 2180 usbehci - ok 16:21:12.0480 2180 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 16:21:12.0605 2180 usbhub - ok 16:21:12.0636 2180 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 16:21:12.0730 2180 usbohci - ok 16:21:12.0746 2180 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 16:21:12.0792 2180 usbprint - ok 16:21:12.0824 2180 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 16:21:12.0855 2180 usbscan - ok 16:21:12.0886 2180 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:21:12.0964 2180 USBSTOR - ok 16:21:12.0996 2180 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 16:21:13.0058 2180 usbuhci - ok 16:21:13.0105 2180 usbvideo (9aff8de4d52ce4acdd0b963342e97337) C:\Windows\system32\Drivers\usbvideo.sys 16:21:13.0152 2180 usbvideo - ok 16:21:13.0183 2180 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 16:21:13.0214 2180 vdrvroot - ok 16:21:13.0246 2180 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 16:21:13.0292 2180 vga - ok 16:21:13.0324 2180 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 16:21:13.0355 2180 VgaSave - ok 16:21:13.0371 2180 VGPU - ok 16:21:13.0402 2180 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 16:21:13.0433 2180 vhdmp - ok 16:21:13.0449 2180 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 16:21:13.0480 2180 viaagp - ok 16:21:13.0496 2180 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys 16:21:13.0542 2180 ViaC7 - ok 16:21:13.0558 2180 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 16:21:13.0589 2180 viaide - ok 16:21:13.0605 2180 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys 16:21:13.0683 2180 vmbus - ok 16:21:13.0714 2180 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys 16:21:13.0746 2180 VMBusHID - ok 16:21:13.0761 2180 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 16:21:13.0792 2180 volmgr - ok 16:21:13.0824 2180 volmgrx (670b6d02548bc93f54cde5979560a7b8) C:\Windows\system32\drivers\volmgrx.sys 16:21:13.0855 2180 volmgrx - ok 16:21:13.0886 2180 volsnap (c2232c62cd2e44e40cdadd00bbcfe366) C:\Windows\system32\drivers\volsnap.sys 16:21:13.0933 2180 volsnap - ok 16:21:13.0980 2180 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys 16:21:14.0011 2180 vpcbus - ok 16:21:14.0058 2180 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys 16:21:14.0121 2180 vpcnfltr - ok 16:21:14.0152 2180 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys 16:21:14.0214 2180 vpcusb - ok 16:21:14.0277 2180 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys 16:21:14.0355 2180 vpcvmm - ok 16:21:14.0386 2180 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys 16:21:14.0417 2180 vsmraid - ok 16:21:14.0449 2180 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 16:21:14.0527 2180 vwifibus - ok 16:21:14.0558 2180 vwififlt (632f1b4b573b19ce0c80df8432d1f65d) C:\Windows\system32\DRIVERS\vwififlt.sys 16:21:14.0605 2180 vwififlt - ok 16:21:14.0652 2180 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys 16:21:14.0730 2180 WacomPen - ok 16:21:14.0792 2180 WANARP (1ffe8ca5f775e1c4da3629f215a322b5) C:\Windows\system32\DRIVERS\wanarp.sys 16:21:14.0902 2180 WANARP - ok 16:21:14.0902 2180 Wanarpv6 (1ffe8ca5f775e1c4da3629f215a322b5) C:\Windows\system32\DRIVERS\wanarp.sys 16:21:14.0949 2180 Wanarpv6 - ok 16:21:14.0980 2180 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys 16:21:15.0011 2180 Wd - ok 16:21:15.0042 2180 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 16:21:15.0089 2180 Wdf01000 - ok 16:21:15.0136 2180 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 16:21:15.0183 2180 WfpLwf - ok 16:21:15.0214 2180 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 16:21:15.0261 2180 WIMMount - ok 16:21:15.0355 2180 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys 16:21:15.0417 2180 WinUsb - ok 16:21:15.0449 2180 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 16:21:15.0496 2180 WmiAcpi - ok 16:21:15.0558 2180 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 16:21:15.0636 2180 ws2ifsl - ok 16:21:15.0683 2180 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 16:21:15.0730 2180 WudfPf - ok 16:21:15.0761 2180 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 16:21:15.0824 2180 WUDFRd - ok 16:21:15.0886 2180 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 16:21:15.0996 2180 \Device\Harddisk0\DR0 - ok 16:21:15.0996 2180 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1 16:21:16.0058 2180 \Device\Harddisk1\DR1 - ok 16:21:16.0074 2180 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2 16:21:16.0652 2180 \Device\Harddisk2\DR2 - ok 16:21:16.0667 2180 Boot (0x1200) (fdf902ee993d8eb210f83b977f2096b9) \Device\Harddisk0\DR0\Partition0 16:21:16.0667 2180 \Device\Harddisk0\DR0\Partition0 - ok 16:21:16.0683 2180 Boot (0x1200) (89dd1190050300a88b63ec65e3e46882) \Device\Harddisk1\DR1\Partition0 16:21:16.0683 2180 \Device\Harddisk1\DR1\Partition0 - ok 16:21:16.0683 2180 Boot (0x1200) (52349edaba6f10ac7dc4fc00a4c71988) \Device\Harddisk2\DR2\Partition0 16:21:16.0699 2180 \Device\Harddisk2\DR2\Partition0 - ok 16:21:16.0714 2180 Boot (0x1200) (6e28453a5ffafde885620870ec1955b3) \Device\Harddisk2\DR2\Partition1 16:21:16.0730 2180 \Device\Harddisk2\DR2\Partition1 - ok 16:21:16.0730 2180 ============================================================ 16:21:16.0730 2180 Scan finished 16:21:16.0730 2180 ============================================================ 16:21:17.0574 0348 Deinitialize success ============================================== System Restore Point Check: TDSSKiller Starter Restore Point Created Succesfully ============================================== EOF
  • ComboFix 12-03-18.04 - .Anjo 19-03-2012 19:08:16.3.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3583.2300 [GMT 1:00] Gestart vanuit: c:\users\.Anjo\Desktop\ComboFix.exe AV: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} FW: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Setup.exe c:\windows\system32\drivers\etc\hosts.ics . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-19 to 2012-03-19 )))))))))))))))))))))))))))))) . . 2012-03-19 18:12 . 2012-03-19 18:12 -------- d-----w- c:\users\.Anjo\AppData\Local\temp 2012-03-19 18:12 . 2012-03-19 18:12 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-03-19 18:12 . 2012-03-19 18:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-19 15:20 . 2012-03-19 15:21 -------- d-----w- C:\TDSSStarter 2012-03-19 14:10 . 2012-03-19 14:10 388096 ----a-r- c:\users\.Anjo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-03-19 11:19 . 2012-03-19 11:19 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9C00F5D-A827-4F3C-8C78-612EA547712C}\offreg.dll 2012-03-16 10:33 . 2012-03-16 10:33 -------- d-----w- c:\program files\ESET 2012-03-16 10:14 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9C00F5D-A827-4F3C-8C78-612EA547712C}\mpengine.dll 2012-03-14 02:00 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-14 02:00 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-13 23:08 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-03-13 23:08 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-03-13 23:00 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-13 23:00 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-13 23:00 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-13 23:00 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll 2012-03-13 23:00 . 2012-02-17 05:30 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-13 23:00 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-13 23:00 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-13 07:48 . 2012-03-13 07:48 -------- d-----w- c:\users\.Anjo\AppData\Local\Apps 2012-03-06 09:25 . 2012-03-06 09:25 -------- d--h--w- c:\programdata\Common Files 2012-03-03 11:27 . 2012-03-03 11:27 -------- d-----w- c:\program files\DVD Decrypter 2012-03-02 10:54 . 2012-03-02 10:54 5164704 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2012-03-01 12:52 . 2012-03-01 12:55 -------- d-----w- c:\users\.Anjo\AppData\Local\DuplicateCleaner 2012-03-01 12:52 . 2012-03-01 12:52 -------- d-----w- c:\program files\Duplicate Cleaner 2012-02-22 21:17 . 2012-02-22 21:17 -------- d-----w- c:\windows\Hewlett-Packard 2012-02-21 14:13 . 2010-11-20 12:17 2171392 ----a-w- c:\windows\system32\VPCWizard.exe 2012-02-21 14:13 . 2010-11-20 10:50 48128 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys 2012-02-21 14:13 . 2010-11-20 12:30 296064 ----a-w- c:\windows\system32\drivers\vpcvmm.sys 2012-02-21 14:13 . 2010-11-20 12:30 172416 ----a-w- c:\windows\system32\drivers\vpchbus.sys 2012-02-21 14:13 . 2010-11-20 12:21 14848 ----a-w- c:\windows\system32\vpchbuspipe.dll 2012-02-21 14:13 . 2010-11-20 10:50 78336 ----a-w- c:\windows\system32\drivers\vpcusb.sys 2012-02-21 14:13 . 2010-11-20 12:17 1260032 ----a-w- c:\windows\system32\VPCSettings.exe 2012-02-21 14:13 . 2010-11-20 10:50 559616 ----a-w- c:\windows\system32\VMCPropertyHandler.dll 2012-02-21 14:13 . 2010-11-20 10:52 1003008 ----a-w- c:\windows\system32\VMWindow.exe 2012-02-21 14:13 . 2010-11-20 10:52 793600 ----a-w- c:\windows\system32\vmsal.exe 2012-02-21 14:13 . 2010-11-20 12:17 3330560 ----a-w- c:\windows\system32\vpc.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-23 08:18 . 2011-08-06 14:38 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-18 06:44 . 2012-01-18 06:44 540960 ----a-w- c:\windows\system32\LVUI2RC.dll 2012-01-18 06:44 . 2012-01-18 06:44 4332960 ----a-w- c:\windows\system32\drivers\lvuvc.sys 2012-01-18 06:44 . 2012-01-18 06:44 545056 ----a-w- c:\windows\system32\LVUI2.dll 2012-01-18 06:44 . 2012-01-18 06:44 312096 ----a-w- c:\windows\system32\drivers\lvrs.sys 2012-01-18 06:44 . 2012-01-18 06:44 307488 ----a-w- c:\windows\system32\lvcodec2.dll 2012-01-18 06:44 . 2012-01-18 06:44 196896 ----a-w- c:\windows\system32\lvci13311044.dll 2012-01-18 06:44 . 2012-01-18 06:44 336408 ----a-w- c:\windows\system32\DevManagerCore.dll 2012-01-18 06:44 . 2012-01-18 06:44 10920984 ----a-w- c:\windows\system32\LogiDPP.dll 2012-01-18 06:44 . 2012-01-18 06:44 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe 2012-01-04 08:58 . 2012-02-15 11:23 442880 ----a-w- c:\windows\system32\ntshrui.dll 2011-12-30 05:27 . 2012-02-15 11:24 478720 ----a-w- c:\windows\system32\timedate.cpl 2012-02-21 13:04 . 2011-11-22 08:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552] "DriverMax"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-03-02 8557464] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Rocketdock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "F-Secure Manager"="c:\program files\Internetbeveiliging\Common\FSM32.EXE" [2009-08-05 199264] "F-Secure TNB"="c:\program files\Internetbeveiliging\FSGUI\TNBUtil.exe" [2009-08-05 2349664] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880] "NetWorx"="c:\program files\NetWorx\networx.exe" [2012-01-29 3380224] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2011-03-06 08:19 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock] 2007-09-02 11:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-21 136176] R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856] R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832] R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] R3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [2011-03-02 53504] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-21 136176] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2010-12-30 1017184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-08-06 77184] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-06 1343400] R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2011-11-22 42672] S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Internetbeveiliging\HIPS\drivers\fshs.sys [2009-08-05 68064] S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-11-22 36792] S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-11-22 73160] S1 fsvista;F-Secure Vista Support Driver;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-08-06 48640] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-13 176128] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-13 8598528] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-13 257024] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 45288] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [2011-11-22 148632] S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Internetbeveiliging\ORSP Client\fsorsp.exe [2011-11-22 61088] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-11-11 25088] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - 64460519 *Deregistered* - 64460519 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPService REG_MULTI_SZ HPSLPSVC HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}] 2010-02-16 18:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Inhoud van de 'Gedeelde Taken' map . 2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-21 09:37] . 2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-21 09:37] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://isearch.avg.com/?cid={F25151F8-12D6-4670-A0DD-17DC92D6A082}&mid=b7a07ab0597547d1b29bd15f4cc3f091-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=nl&ds=is015&pr=sa&d=2012-03-06 10:26&v=10.0.0.7&sap=hp IE: &Verzenden naar OneNote - c:\program files\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\program files\MICROS~2\Office14\EXCEL.EXE/3000 LSP: c:\program files\Internetbeveiliging\FSPS\program\FSLSP.DLL TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 192.168.1.1 FF - ProfilePath - c:\users\.Anjo\AppData\Roaming\Mozilla\Firefox\Profiles\uwm8kbs3.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B95ca62c3-dc63-4a0d-82ed-33069ed1f1df%7D&mid=b7a07ab0597547d1b29bd15f4cc3f091-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=is015&v=10.0.0.7&lang=nl&pr=sa&d=2012-03-06%2010%3A26%3A02&sap=ku&q= FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS VERWIJDERD - - - - . URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file) MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe MSConfigStartUp-DriverMax - c:\program files\Innovative Solutions\DriverMax\devices.exe MSConfigStartUp-DriverMax_RESTART - c:\program files\Innovative Solutions\DriverMax\devices.exe MSConfigStartUp-PlusService - c:\program files\Yuna Software\Messenger Plus!\PlusService.exe . . . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 Disk: SAMSUNG_ rev.1AC0 -> Harddisk2\DR2 -> \Device\0000006d . device: opened successfully user: MBR read successfully kernel: MBR read successfully user != kernel MBR !!! sectors 625142446 (+255): user != kernel . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(744) c:\program files\internetbeveiliging\hips\fshook32.dll . - - - - - - - > 'lsass.exe'(540) c:\program files\internetbeveiliging\hips\fshook32.dll . Voltooingstijd: 2012-03-19 19:13:43 ComboFix-quarantined-files.txt 2012-03-19 18:13 ComboFix2.txt 2011-12-01 17:09 . Pre-Run: 245.478.920.192 bytes beschikbaar Post-Run: 245.195.337.728 bytes beschikbaar . - - End Of File - - DC0EA53AA51A3F1883BEE2F3BC18A074
  • Hoi Anjo, een en ander ziet goed uit. Maar je hebt in Firefox conduitsearch als zoekpagina en verder gebruik je in Firefox AVG'iSerch, terwijl jij zelf F-Secure gebruikt als AV. Download [url=http://oldtimer.geekstogo.com/OTL.com][b:06190179a8][color=red:06190179a8]OTL[/color:06190179a8][/b:06190179a8][/url] en plaats het bestand op je bureaublad. [b:06190179a8]"OTL.com" gebruiken[/b:06190179a8]: [list:06190179a8][*:06190179a8] [b:06190179a8][color=#0000FF:06190179a8]Sluit nu eerst alle nog openstaande programmavensters![/color:06190179a8][/b:06190179a8] [list:06190179a8][*:06190179a8] [b:06190179a8]Start het tool middels dubbelklik op "OTL.com".[/b:06190179a8] [/list:u:06190179a8][/list:u:06190179a8] [list:06190179a8][*:06190179a8]Zet een vinkje bij [color=#0000FF:06190179a8][b:06190179a8]Scan All Users[/b:06190179a8][/color:06190179a8]. [*:06190179a8]Klik op de knop [color=#BF00BF:06190179a8][b:06190179a8]Quick Scan[/b:06190179a8][/color:06190179a8]. [*:06190179a8]Verander de instellingen van OTL niet, tenzij ik hiervoor specifiek instructies geef. [*:06190179a8]De scan zal niet heel erg lang duren. [list:06190179a8][*:06190179a8]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is. [b:06190179a8]OTL.Txt[/b:06190179a8] en [b:06190179a8]Extras.txt[/b:06190179a8]. [*:06190179a8]Deze logbestanden zijn opgeslagen in dezelfde locatie als OTL. [*:06190179a8]Kopieer vervolgens de inhoud van zowel OTL.txt alsook Extras.txt en plak die gegevens in je volgende bericht.[/list:u:06190179a8][/list:u:06190179a8]
  • Zowel die AVG als dat andere zeggen me niets, zie ze zogauw ook niet in programmalijst in configsacherm staan. Mss weer eens te snel geklikt.... OTL logfile created on: 19-3-2012 20:24:02 - Run 1 OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\.Anjo\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 3,50 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 67,89% Memory free 7,00 Gb Paging File | 5,46 Gb Available in Paging File | 78,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297,99 Gb Total Space | 228,54 Gb Free Space | 76,69% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 298,17 Gb Free Space | 64,02% Space Free | Partition Type: NTFS Drive Z: | 698,63 Gb Total Space | 440,55 Gb Free Space | 63,06% Space Free | Partition Type: NTFS Computer Name: ANJO-PC | User Name: .Anjo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717:833140598d]========== Processes (SafeList) ==========[/color:833140598d] PRC - [2012-03-19 20:23:35 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\.Anjo\Desktop\OTL.com PRC - [2012-03-19 20:22:18 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012-03-02 13:06:48 | 008,557,464 | ---- | M] (Innovative Solutions) -- C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe PRC - [2012-01-29 10:28:04 | 003,380,224 | ---- | M] (SoftPerfect Research) -- C:\Program Files\NetWorx\networx.exe PRC - [2011-12-20 13:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2011-11-22 11:39:32 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Internetbeveiliging\ORSP Client\fsorsp.exe PRC - [2011-11-22 11:39:12 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Internetbeveiliging\Anti-Virus\fsav32.exe PRC - [2011-11-22 11:38:59 | 001,008,296 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Internetbeveiliging\Anti-Virus\fssm32.exe PRC - [2011-11-22 11:38:59 | 000,512,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Internetbeveiliging\Anti-Virus\fsgk32.exe PRC - [2011-11-11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011-11-11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe PRC - [2011-10-13 07:10:00 | 000,397,312 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011-10-13 07:09:32 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011-08-10 17:00:40 | 001,218,264 | ---- | M] (Auslogics) -- C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe PRC - [2011-08-06 14:09:06 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011-04-08 13:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe PRC - [2010-11-20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010-03-25 02:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2009-08-05 16:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Internetbeveiliging\Common\FSMA32.EXE PRC - [2009-08-05 16:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Internetbeveiliging\Common\FSM32.EXE PRC - [2009-08-05 16:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Internetbeveiliging\Common\FSHDLL32.EXE PRC - [2009-08-05 16:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Internetbeveiliging\Anti-Virus\fsgk32st.exe PRC - [2007-09-02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe [color=#E56717:833140598d]========== Modules (No Company Name) ==========[/color:833140598d] MOD - [2012-03-19 20:22:18 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012-02-28 10:55:56 | 000,008,608 | ---- | M] () -- C:\Program Files\Innovative Solutions\DriverMax\sync.dll MOD - [2012-02-16 03:24:21 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\2bcd7e4401927815a7e303995a398dd1\System.Data.ni.dll MOD - [2012-02-16 03:23:31 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\86e13c994c45a0ebb134ba79cc8db5b0\System.Xml.ni.dll MOD - [2012-02-16 03:23:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c2aeba667b40810a127bb2b9ee758fbc\System.Configuration.ni.dll MOD - [2012-02-16 03:23:23 | 007,966,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\6de5bb05157bebd7544a5ea4f5d94fc0\System.ni.dll MOD - [2011-12-20 13:32:00 | 001,515,520 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll MOD - [2011-12-20 13:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2011-12-20 13:32:00 | 000,559,244 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll MOD - [2011-12-20 13:32:00 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2011-12-20 13:32:00 | 000,389,120 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll MOD - [2011-12-20 13:32:00 | 000,172,032 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2011-12-20 13:32:00 | 000,143,360 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2011-12-20 13:32:00 | 000,103,936 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll MOD - [2011-12-20 13:32:00 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll MOD - [2011-12-15 22:47:53 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16a188a686ef601a1973c0f24715f5a1\mscorlib.ni.dll MOD - [2011-11-22 12:21:07 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011-11-11 14:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll MOD - [2011-11-11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe MOD - [2011-09-17 12:18:22 | 000,480,256 | ---- | M] () -- C:\Program Files\NetWorx\sqlite.dll MOD - [2011-08-12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll MOD - [2011-08-12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2011-08-12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2011-08-12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll MOD - [2011-08-12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll MOD - [2011-08-10 17:00:38 | 000,348,376 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics BoostSpeed\madExcept_.bpl MOD - [2011-08-10 17:00:38 | 000,182,488 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics BoostSpeed\madBasic_.bpl MOD - [2011-08-10 17:00:38 | 000,048,856 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics BoostSpeed\madDisAsm_.bpl MOD - [2011-08-06 14:09:35 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll MOD - [2011-03-17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2011-03-02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2010-11-20 22:29:11 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009-08-05 16:57:04 | 000,081,920 | ---- | M] () -- C:\Program Files\Internetbeveiliging\FSGUI\strres.eng MOD - [2009-08-05 16:56:56 | 000,920,160 | ---- | M] () -- C:\Program Files\Internetbeveiliging\FSGUI\gres.dll MOD - [2009-08-05 16:56:50 | 000,143,360 | ---- | M] () -- C:\Program Files\Internetbeveiliging\FSGUI\flyerres.eng MOD - [2009-08-05 16:56:50 | 000,045,056 | ---- | M] () -- C:\Program Files\Internetbeveiliging\FSGUI\fsavures.eng MOD - [2009-08-05 16:56:32 | 000,838,240 | ---- | M] () -- C:\Program Files\Internetbeveiliging\FSGUI\about.dll MOD - [2009-08-05 16:56:32 | 000,088,672 | ---- | M] () -- C:\Program Files\Internetbeveiliging\FSGUI\aboutres.dll MOD - [2007-09-02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe MOD - [2007-09-02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll [color=#E56717:833140598d]========== Win32 Services (SafeList) ==========[/color:833140598d] SRV - File not found [Auto | Stopped] -- C:\Users\.Anjo\AppData\Local\temp\7zS2DFB\hpslpsvc32.dll -- (HPSLPSVC) SRV - [2012-01-31 15:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-01-18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2012-01-03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-12-14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011-11-22 12:08:33 | 000,522,848 | ---- | M] (F-Secure Corporation) [Disabled | Stopped] -- C:\Program Files\Internetbeveiliging\FWES\program\fsdfwd.exe -- (FSDFWD) SRV - [2011-11-22 11:39:32 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Internetbeveiliging\ORSP Client\fsorsp.exe -- (FSORSPClient) SRV - [2011-10-13 07:09:32 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011-09-15 12:06:04 | 000,088,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011-08-06 15:42:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011-06-12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010-05-18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009-08-05 16:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Internetbeveiliging\Common\FSMA32.EXE -- (FSMA) SRV - [2009-08-05 16:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Internetbeveiliging\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717:833140598d]========== Driver Services (SafeList) ==========[/color:833140598d] DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ANJO~1\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012-01-18 07:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC) DRV - [2012-01-18 07:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2011-11-22 12:09:22 | 000,073,160 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW) DRV - [2011-11-22 12:08:46 | 000,036,792 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fses.sys -- (FSES) DRV - [2011-11-22 11:41:23 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fsbts.sys -- (fsbts) DRV - [2011-11-22 11:39:06 | 000,148,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper) DRV - [2011-11-11 15:24:56 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2011-10-13 07:55:06 | 008,598,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011-10-13 06:30:18 | 000,257,024 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2011-08-06 14:10:48 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV - [2011-08-01 15:57:34 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV - [2011-07-06 18:12:48 | 000,328,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2011-03-02 13:33:12 | 000,053,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BackupReader.sys -- (BackupReader) DRV - [2010-11-20 22:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010-11-20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010-11-20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub) DRV - [2010-11-20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010-11-20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010-11-20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010-11-20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010-11-20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010-11-20 22:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt) DRV - [2010-11-20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010-11-20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010-11-20 13:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm) DRV - [2010-11-20 13:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) DRV - [2010-11-20 11:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) DRV - [2010-11-20 11:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr) DRV - [2010-11-09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135) DRV - [2010-08-12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET) DRV - [2010-06-23 10:24:58 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2009-10-26 23:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009-08-05 16:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\Internetbeveiliging\HIPS\drivers\fshs.sys -- (F-Secure HIPS) DRV - [2009-08-05 16:56:12 | 000,012,384 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys -- (fsvista) DRV - [2009-07-13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2002-06-03 09:18:32 | 000,040,832 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) [color=#E56717:833140598d]========== Standard Registry (SafeList) ==========[/color:833140598d] [color=#E56717:833140598d]========== Internet Explorer ==========[/color:833140598d] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1165024880-1036307557-907016693-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={F25151F8-12D6-4670-A0DD-17DC92D6A082}&mid=b7a07ab0597547d1b29bd15f4cc3f091-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=nl&ds=is015&pr=sa&d=2012-03-06 10:26:02&v=10.0.0.7&sap=hp IE - HKU\S-1-5-21-1165024880-1036307557-907016693-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl IE - HKU\S-1-5-21-1165024880-1036307557-907016693-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 F8 83 EF DE 24 CA 01 [binary data] IE - HKU\S-1-5-21-1165024880-1036307557-907016693-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-1165024880-1036307557-907016693-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1165024880-1036307557-907016693-1000\..\SearchScopes\{7113DC5C-E4AD-44E7-92C1-29E755753943}: "URL" = http://www.google.nl/search?hl=nl&q={searchTerms} IE - HKU\S-1-5-21-1165024880-1036307557-907016693-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F25151F8-12D6-4670-A0DD-17DC92D6A082}&mid=b7a07ab0597547d1b29bd15f4cc3f091-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=nl&ds=is015&pr=sa&d=2012-03-06 10:26:02&v=10.0.0.7&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-1165024880-1036307557-907016693-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717:833140598d]========== FireFox ==========[/color:833140598d] FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.defaultthis.engineName: "NCH EN Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "http://www.google.nl/" FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B95ca62c3-dc63-4a0d-82ed-33069ed1f1df%7D&mid=b7a07ab0597547d1b29bd15f4cc3f091-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=is015&v=10.0.0.7&lang=nl&pr=sa&d=2012-03-06%2010%3A26%3A02&sap=ku&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Internetbeveiliging\NRS\litmus-ff@f-secure.com [2012-03-09 02:57:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011-12-21 10:37:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-02-06 14:25:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-03-19 20:22:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-02-06 14:25:48 | 000,000,000 | ---D | M] [2011-11-22 09:12:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\.Anjo\AppData\Roaming\mozilla\Extensions [2012-02-02 17:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\.Anjo\AppData\Roaming\mozilla\Firefox\Profiles\uwm8kbs3.default\extensions [2011-12-07 12:28:43 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\.Anjo\AppData\Roaming\mozilla\Firefox\Profiles\uwm8kbs3.default\extensions\DeviceDetection@logitech.com [2011-12-13 15:06:06 | 000,000,915 | ---- | M] () -- C:\Users\.Anjo\AppData\Roaming\Mozilla\Firefox\Profiles\uwm8kbs3.default\searchplugins\conduit.xml [2012-02-16 14:42:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-03-18 10:28:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-03-09 02:57:19 | 000,000,000 | ---D | M] ("Browsing Protection") -- C:\PROGRAM FILES\INTERNETBEVEILIGING\NRS\LITMUS-FF@F-SECURE.COM [2012-03-19 20:22:18 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012-03-06 10:25:59 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012-01-15 09:52:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012-01-15 09:52:45 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml [2012-01-15 09:52:45 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml [2012-01-15 09:52:45 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml O1 HOSTS File: ([2012-03-19 19:12:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Internetbeveiliging\NRS\iescript\baselitmus.dll (F-Secure Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Internetbeveiliging\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Program Files\NetWorx\deskband.dll (SoftPerfect Research) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Internetbeveiliging\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Internetbeveiliging\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect Research) O4 - HKLM..\Run: [Rocketdock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-1165024880-1036307557-907016693-1000..\Run: [DriverMax] C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions) O4 - HKU\S-1-5-21-1165024880-1036307557-907016693-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1165024880-1036307557-907016693-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1165024880-1036307557-907016693-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-1165024880-1036307557-907016693-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Verzenden naar OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Instellingen voor Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Internetbeveiliging\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Internetbeveiliging\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Internetbeveiliging\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Internetbeveiliging\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Internetbeveiliging\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Internetbeveiliging\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Internetbeveiliging\FSPS\program\FSLSP.DLL (F-Secure Corporation) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04AC0EF6-446C-44D4-ADA0-1E5E8DBEE7E6}: DhcpNameServer = 212.54.40.25 212.54.35.25 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1832D995-9B58-49DB-B89B-FEE91C4A6CFF}: DhcpNameServer = 212.54.40.25 212.54.35.25 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE1F8152-CA01-49F2-A491-B39B5A6E18D2}: DhcpNameServer = 212.54.40.25 212.54.35.25 192.168.1.1 O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717:833140598d]========== Files/Folders - Created Within 30 Days ==========[/color:833140598d] [2012-03-19 20:23:34 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\.Anjo\Desktop\OTL.com [2012-03-19 19:13:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012-03-19 19:13:44 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012-03-19 19:13:44 | 000,000,000 | ---D | C] -- C:\Users\.Anjo\AppData\Local\temp [2012-03-19 19:05:11 | 004,439,541 | R--- | C] (Swearware) -- C:\Users\.Anjo\Desktop\ComboFix.exe [2012-03-19 16:20:34 | 000,000,000 | ---D | C] -- C:\TDSSStarter [2012-03-16 11:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012-03-13 08:48:03 | 000,000,000 | ---D | C] -- C:\Users\.Anjo\AppData\Local\Apps [2012-03-06 10:25:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012-03-03 12:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Decrypter [2012-03-03 12:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter [2012-03-01 13:52:19 | 000,000,000 | ---D | C] -- C:\Users\.Anjo\AppData\Local\DuplicateCleaner [2012-03-01 13:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\Duplicate Cleaner [2012-02-22 22:17:28 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard [2012-02-21 15:16:36 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-TW [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-CN [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Virtual PC [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\tr-TR [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\th-TH [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sv-SE [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ru-RU [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ro-RO [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-PT [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-BR [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pl-PL [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nb-NO [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ko-KR [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ja-JP [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\it-IT [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\hu-HU [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\he-IL [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\fr-FR [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\fi-FI [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\es-ES [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\en-US [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\el-GR [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\de-DE [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\da-DK [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\cs-CZ [2012-02-21 15:16:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ar-SA [color=#E56717:833140598d]========== Files - Modified Within 30 Days ==========[/color:833140598d] [2012-03-19 20:23:35 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\.Anjo\Desktop\OTL.com [2012-03-19 20:21:45 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-03-19 20:21:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-03-19 20:21:38 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2012-03-19 20:21:37 | 2818,023,424 | -HS- | M] () -- C:\hiberfil.sys [2012-03-19 19:47:00 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-03-19 19:12:23 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012-03-19 19:05:13 | 004,439,541 | R--- | M] (Swearware) -- C:\Users\.Anjo\Desktop\ComboFix.exe [2012-03-19 16:19:39 | 000,092,672 | ---- | M] () -- C:\Users\.Anjo\Desktop\TDSSKStarter.exe [2012-03-19 15:10:05 | 000,002,965 | ---- | M] () -- C:\Users\.Anjo\Desktop\HiJackThis.lnk [2012-03-19 12:23:42 | 000,023,632 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-03-19 12:23:42 | 000,023,632 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-03-19 12:23:00 | 000,754,990 | ---- | M] () -- C:\Windows\System32\perfh013.dat [2012-03-19 12:23:00 | 000,662,528 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-03-19 12:23:00 | 000,157,180 | ---- | M] () -- C:\Windows\System32\perfc013.dat [2012-03-19 12:23:00 | 000,125,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-03-16 11:35:19 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-03-16 00:31:01 | 000,001,916 | ---- | M] () -- C:\PROGRAM [2012-03-14 11:20:17 | 004,679,730 | ---- | M] () -- C:\Users\.Anjo\Documents\test2-1.jpg [2012-03-14 11:19:38 | 004,350,035 | ---- | M] () -- C:\Users\.Anjo\Documents\test1-1.jpg [2012-03-14 03:19:18 | 000,427,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012-03-03 18:45:28 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012-03-03 12:27:51 | 000,001,981 | ---- | M] () -- C:\Users\.Anjo\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Decrypter.lnk [2012-03-03 12:27:51 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\DVD Decrypter.lnk [2012-03-03 11:37:50 | 000,000,130 | ---- | M] () -- C:\Users\.Anjo\AppData\Roaming\default.rss [2012-02-22 12:05:27 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk [2012-02-21 14:07:18 | 000,001,625 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk [2012-02-18 23:37:12 | 000,001,233 | ---- | M] () -- C:\Users\.Anjo\Desktop\Any Video Converter.lnk [2012-02-18 23:32:48 | 000,006,144 | ---- | M] () -- C:\Users\.Anjo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717:833140598d]========== Files Created - No Company Name ==========[/color:833140598d] [2012-03-19 16:20:13 | 000,092,672 | ---- | C] () -- C:\Users\.Anjo\Desktop\TDSSKStarter.exe [2012-03-19 15:10:05 | 000,002,965 | ---- | C] () -- C:\Users\.Anjo\Desktop\HiJackThis.lnk [2012-03-16 11:35:19 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-03-14 11:20:06 | 004,679,730 | ---- | C] () -- C:\Users\.Anjo\Documents\test2-1.jpg [2012-03-14 11:19:15 | 004,350,035 | ---- | C] () -- C:\Users\.Anjo\Documents\test1-1.jpg [2012-03-03 12:27:51 | 000,001,981 | ---- | C] () -- C:\Users\.Anjo\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Decrypter.lnk [2012-03-03 12:27:51 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\DVD Decrypter.lnk [2012-02-22 12:05:27 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk [2012-02-06 14:18:54 | 000,230,076 | ---- | C] () -- C:\Windows\hpoins19.dat [2012-02-06 14:18:54 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2012-01-18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2012-01-18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2012-01-18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2011-12-14 21:03:50 | 000,006,144 | ---- | C] () -- C:\Users\.Anjo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-12-07 12:26:41 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2011-12-03 11:21:15 | 000,000,106 | ---- | C] () -- C:\Windows\Podcasts.INI [2011-12-01 18:03:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011-12-01 18:03:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011-12-01 18:03:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011-12-01 18:03:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011-12-01 18:03:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011-11-22 20:06:23 | 000,000,130 | ---- | C] () -- C:\Users\.Anjo\AppData\Roaming\default.rss [2011-11-22 20:06:17 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011-11-22 11:24:51 | 000,042,672 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys [2011-11-22 10:14:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011-11-22 09:38:12 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011-11-22 09:38:10 | 000,237,701 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011-11-22 09:38:06 | 000,014,051 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2011-08-12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2011-08-06 14:24:30 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2011-07-30 10:57:46 | 003,999,744 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2011-07-26 06:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011-07-03 21:48:42 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll [2011-06-17 08:26:10 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011-06-17 08:17:28 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011-06-10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011-01-04 16:28:18 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010-11-21 00:57:58 | 000,754,990 | ---- | C] () -- C:\Windows\System32\perfh013.dat [2010-11-21 00:57:58 | 000,341,322 | ---- | C] () -- C:\Windows\System32\perfi013.dat [2010-11-21 00:57:58 | 000,157,180 | ---- | C] () -- C:\Windows\System32\perfc013.dat [2010-11-21 00:57:58 | 000,043,068 | ---- | C] () -- C:\Windows\System32\perfd013.dat [2010-11-20 22:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2010-11-20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [color=#E56717:833140598d]========== LOP Check ==========[/color:833140598d] [2011-11-22 20:14:09 | 000,000,000 | ---D | M] -- C:\Users\.Anjo\AppData\Roaming\AnvSoft [2012-03-10 10:50:23 | 000,000,000 | ---D | M] -- C:\Users\.Anjo\AppData\Roaming\Auslogics [2012-01-24 10:33:26 | 000,000,000 | ---D | M] -- C:\Users\.Anjo\AppData\Roaming\EurekaLog [2011-12-09 00:00:00 | 000,000,000 | ---D | M] -- C:\Users\.Anjo\AppData\Roaming\F-Secure [2012-01-22 11:43:34 | 000,000,000 | ---D | M] -- C:\Users\.Anjo\AppData\Roaming\HTC [2012-02-06 15:22:51 | 000,000,000 | ---D | M] -- C:\Users\.Anjo\AppData\Roaming\ImgBurn [2011-12-07 12:36:54 | 000,000,000 | ---D | M] -- C:\Users\.Anjo\AppData\Roaming\Leadertech [2012-03-13 08:51:04 | 000,000,000 | ---D | M] -- C:\Users\.Anjo\AppData\Roaming\MediaMonkey [2012-03-12 09:03:00 | 000,000,000 | ---D | M] -- C:\Users\.Anjo\AppData\Roaming\NewsLeecher [2011-11-22 13:07:44 | 000,000,000 | ---D | M] -- C:\Users\.Anjo\AppData\Roaming\Outlook [2011-11-25 09:48:25 | 000,000,000 | ---D | M] -- C:\Users\.Anjo\AppData\Roaming\Sync App Settings [2012-03-13 10:04:34 | 000,000,000 | ---D | M] -- C:\Users\.Anjo\AppData\Roaming\TeamViewer [2009-07-14 05:53:46 | 000,030,696 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717:833140598d]========== Purity Check ==========[/color:833140598d] [color=#E56717:833140598d]========== Alternate Data Streams ==========[/color:833140598d] @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:07BF512B < End of report >
  • OTL Extras logfile created on: 19-3-2012 20:24:02 - Run 1 OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\.Anjo\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 3,50 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 67,89% Memory free 7,00 Gb Paging File | 5,46 Gb Available in Paging File | 78,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297,99 Gb Total Space | 228,54 Gb Free Space | 76,69% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 298,17 Gb Free Space | 64,02% Space Free | Partition Type: NTFS Drive Z: | 698,63 Gb Total Space | 440,55 Gb Free Space | 63,06% Space Free | Partition Type: NTFS Computer Name: ANJO-PC | User Name: .Anjo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717:ed0b2c6be9]========== Extra Registry (SafeList) ==========[/color:ed0b2c6be9] [color=#E56717:ed0b2c6be9]========== File Associations ==========[/color:ed0b2c6be9] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1165024880-1036307557-907016693-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717:ed0b2c6be9]========== Shell Spawning ==========[/color:ed0b2c6be9] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717:ed0b2c6be9]========== Security Center Settings ==========[/color:ed0b2c6be9] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717:ed0b2c6be9]========== System Restore Settings ==========[/color:ed0b2c6be9] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717:ed0b2c6be9]========== Firewall Settings ==========[/color:ed0b2c6be9] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [color=#E56717:ed0b2c6be9]========== Authorized Applications List ==========[/color:ed0b2c6be9] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717:ed0b2c6be9]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color:ed0b2c6be9] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5 "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA "{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core "{281964AE-248C-4480-ACFC-BF466018AD56}_is1" = CPU-Z version 1.5 "{2894741d-e1fe-45c1-b8e7-d1f91668c7d2}" = Nero 9 "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters "{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode "{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{42A13600-DC90-48E0-B63E-83861EF081D7}" = Radiotracker "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner "{637202C6-DA35-4428-8E2C-23D2EE098DF1}" = Discover Tool V1.0 "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{7A3FFA58-876F-489C-B6CF-0503916224DF}" = HTC Sync "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{90140000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2010 "{90140000-0015-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2010 "{90140000-0016-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2010 "{90140000-0018-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2010 "{90140000-0019-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2010 "{90140000-001A-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2010 "{90140000-001B-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010 "{90140000-001F-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010 "{90140000-002C-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{D3B92058-CF96-445F-A297-F7ED19C4E841}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2010 "{90140000-0044-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010 "{90140000-006E-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{260407D0-98A1-4D9A-A956-3D1DEDDDF3B9}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2010 "{90140000-00A1-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2010 "{90140000-00BA-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT "{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Nederlands "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5 "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C20C2630-B3A7-44BA-BDD0-31E256AE490E}" = Windows Live Call "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CC38A00D-7EED-46CE-9281-D1D97B81F22A}" = Windows Live Messenger "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files "{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech-webcamsoftware "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM "{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites "{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}" = Windows Live Essentials "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Allway Sync_is1" = Allway Sync version 11.6.1 "Any Video Converter_is1" = Any Video Converter 3.3.4 "AutoUnpack_is1" = AutoUnpack 4.5.2 "CanonMyPrinter" = Canon My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "CCleaner" = CCleaner "ClassicFTP" = Classic FTP "CPUID CPU-Z_is1" = CPUID CPU-Z 1.58 "CPUID HWMonitor_is1" = CPUID HWMonitor 1.19 "Digital Editions" = Adobe Digital Editions "DMX5_is1" = DriverMax 6 "DVD Decrypter" = DVD Decrypter (Remove Only) "EasyBCD" = EasyBCD 2.1.1 "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "ESET Online Scanner" = ESET Online Scanner v3 "F-Secure Product 444" = Ziggo uitgebreide internetbeveiliging "Google Calendar Sync" = Google Calendar Sync "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "ImgBurn" = ImgBurn "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.60.1.1000 "MediaMonkey_is1" = MediaMonkey 4.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox 11.0 (x86 nl)" = Mozilla Firefox 11.0 (x86 nl) "NetWorx_is1" = NetWorx 5.2.2 "NewsLeecher_is1" = NewsLeecher v4.0 Final "NirSoft DownTester" = NirSoft DownTester "NVIDIA Drivers" = NVIDIA Drivers "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "PIXresizer_is1" = PIXresizer "RocketDock_is1" = RocketDock 1.3.5 "Shop for HP Supplies" = Shop for HP Supplies "TeamViewer 7" = TeamViewer 7 "VLC media player" = VLC media player 1.1.11 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.00 (32-bit) [color=#E56717:ed0b2c6be9]========== Last 10 Event Log Errors ==========[/color:ed0b2c6be9] [ Application Events ] Error - 14-3-2012 22:19:22 | Computer Name = Anjo-PC | Source = FSecure-FSecure-F-Secure Management Agent | ID = 103 Description = 2 2012-03-15 03:19:21+02:00 ANJO-PC ANJO-PC\.Anjo F-Secure Management Agent The module F-Secure Anti-Virus Firewall Daemon monitored by F-Secure Management Agent has stopped responding or was terminated. An attempt to restart it will be made later. If you see this message frequently, contact the system administrator or reinstall F-Secure products. Error - 15-3-2012 10:29:10 | Computer Name = Anjo-PC | Source = FSecure-FSecure-F-Secure Management Agent | ID = 103 Description = 1 2012-03-15 15:29:10+02:00 ANJO-PC SYSTEM F-Secure Management Agent The module F-Secure Anti-Virus Firewall Daemon monitored by F-Secure Management Agent has stopped responding or was terminated. An attempt to restart it will be made later. If you see this message frequently, contact the system administrator or reinstall F-Secure products. Error - 15-3-2012 10:30:51 | Computer Name = Anjo-PC | Source = WinMgmt | ID = 10 Description = Error - 15-3-2012 11:15:01 | Computer Name = Anjo-PC | Source = Application Error | ID = 1000 Description = Naam van toepassing met fout: Skype.exe, versie: 5.8.0.158, tijdstempel: 0x4f4de709 Naam van module met fout: ntdll.dll, versie: 6.1.7601.21861, tijdstempel: 0x4ec49970 Uitzonderingscode: 0xc0000005 Foutoffset: 0x0001f90c Id van proces met fout: 0xd10 Starttijd van toepassing met fout: 0x01cd02b7ff23996a Pad naar toepassing met fout: C:\Program Files\Skype\Phone\Skype.exe Pad naar module met fout: C:\Windows\SYSTEM32\ntdll.dll Rapport-id: a1df6812-6eb1-11e1-81a8-00160a271962 Error - 15-3-2012 19:30:30 | Computer Name = Anjo-PC | Source = SideBySide | ID = 16842785 Description = Kan activeringscontext voor 'C:\Program Files\HTC\HTC Sync 3.0\FDAgentForOutlook64.exe' niet maken. Kan afhankelijke assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose. Error - 15-3-2012 19:30:55 | Computer Name = Anjo-PC | Source = SideBySide | ID = 16842785 Description = Kan activeringscontext voor 'c:\program files\innovative solutions\drivermax\DPInst\amd64\dpinst.exe' niet maken. Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose. Error - 15-3-2012 19:30:55 | Computer Name = Anjo-PC | Source = SideBySide | ID = 16842785 Description = Kan activeringscontext voor 'c:\program files\innovative solutions\drivermax\DPInst\ia64\dpinst.exe' niet maken. Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose. Error - 15-3-2012 19:31:02 | Computer Name = Anjo-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = 2 2012-03-16 00:31:01+02:00 ANJO-PC ANJO-PC\.Anjo F-Secure Anti-Virus Manual scanning was finished - workstation was found infected! Error - 15-3-2012 19:32:05 | Computer Name = Anjo-PC | Source = SideBySide | ID = 16842785 Description = Kan activeringscontext voor 'c:\program files\HTC\htc sync 3.0\FDAgentForOutlook64.exe' niet maken. Kan afhankelijke assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose. Error - 16-3-2012 6:31:54 | Computer Name = Anjo-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = 3 2012-03-16 11:31:54+02:00 ANJO-PC Anjo-PC\.Anjo F-Secure Anti-Virus Malicious code found in file C:\Users\.Anjo\Downloads\Windows_7_Professional_OEM.rar.exe. Infection: Gen:Variant.Application.MediaFinder.1 Action: The file was quarantined. [ System Events ] Error - 15-3-2012 10:29:46 | Computer Name = Anjo-PC | Source = Service Control Manager | ID = 7023 Description = De HP Network Devices Support-service is gestopt met de volgende foutcode: %%126. Error - 15-3-2012 10:31:11 | Computer Name = Anjo-PC | Source = Service Control Manager | ID = 7023 Description = De HP Network Devices Support-service is gestopt met de volgende foutcode: %%126. Error - 15-3-2012 10:31:12 | Computer Name = Anjo-PC | Source = Service Control Manager | ID = 7023 Description = De HP Network Devices Support-service is gestopt met de volgende foutcode: %%126. Error - 16-3-2012 1:40:17 | Computer Name = Anjo-PC | Source = Service Control Manager | ID = 7023 Description = De HP Network Devices Support-service is gestopt met de volgende foutcode: %%126. Error - 16-3-2012 5:41:36 | Computer Name = Anjo-PC | Source = Service Control Manager | ID = 7023 Description = De HP Network Devices Support-service is gestopt met de volgende foutcode: %%126. Error - 16-3-2012 5:42:40 | Computer Name = Anjo-PC | Source = Service Control Manager | ID = 7023 Description = De HP Network Devices Support-service is gestopt met de volgende foutcode: %%126. Error - 16-3-2012 5:43:11 | Computer Name = Anjo-PC | Source = Service Control Manager | ID = 7023 Description = De HP Network Devices Support-service is gestopt met de volgende foutcode: %%126. Error - 17-3-2012 17:50:23 | Computer Name = Anjo-PC | Source = Service Control Manager | ID = 7023 Description = De HP Network Devices Support-service is gestopt met de volgende foutcode: %%126. Error - 17-3-2012 17:50:53 | Computer Name = Anjo-PC | Source = DCOM | ID = 10010 Description = Error - 17-3-2012 17:50:53 | Computer Name = Anjo-PC | Source = Service Control Manager | ID = 7023 Description = De HP Network Devices Support-service is gestopt met de volgende foutcode: %%126. < End of report >
  • Hoi Anjo, F-Secure heeft zijn eigen firewall, maar die wordt tegengewerkt door de Windows Firewall, die nog steeds aktief is! Ga daarom naar naar Start\Uitvoeren en de opdracht luidt: [b:a33cab7c9f]services.msc[/b:a33cab7c9f]. Klik op de knop OK. N.B.: Uitvoeren kan ook gestart worden door gelijktijdig de "Windowstoets + R-toets" in te drukken. In het venster Services scroll je naar [b:a33cab7c9f][color=#0000FF:a33cab7c9f]Windows Firewall[/color:a33cab7c9f][/b:a33cab7c9f]. Dubbelklikk op die vermelding, bij "Opstarttype" zet je de instelling op "Gedeaktiveerd". Klik nu eerst op de knop [b:a33cab7c9f]Toepassen[/b:a33cab7c9f]; vervolgens klik je op de knop [b:a33cab7c9f]Stoppen[/b:a33cab7c9f], wacht even en klik uiteindelijk op [b:a33cab7c9f]OK[/b:a33cab7c9f]. [color=#0000FF:a33cab7c9f][b:a33cab7c9f]Web Client[/b:a33cab7c9f][/color:a33cab7c9f] Doe hetzelfde met [color=#0000FF:a33cab7c9f][b:a33cab7c9f]Web Client[/b:a33cab7c9f][/color:a33cab7c9f] als hetgeen je met de [b:a33cab7c9f][color=#0000FF:a33cab7c9f]Windows Firewall[/color:a33cab7c9f][/b:a33cab7c9f] gedaan hebt. [color=#FF0000:a33cab7c9f][b:a33cab7c9f]Dit is een pure beveiligingsmaatregel.[/b:a33cab7c9f][/color:a33cab7c9f] [b:a33cab7c9f]Sluit voordat je OTL de fix laat doen, eerst alle andere openstaande vensters![/b:a33cab7c9f] Start OTL[list:a33cab7c9f][*:a33cab7c9f]Plak de volgende (vetgedrukte, blauwe tekst) onder [color=#0000FF:a33cab7c9f][b:a33cab7c9f]Custom Scans/Fixes[/b:a33cab7c9f][/color:a33cab7c9f] [b:a33cab7c9f][color=#0000FF:a33cab7c9f] :OTL "URL" = http://isearch.avg.com/search?cid={F25151F8-12D6-4670-A0DD-17DC92D6A082}&mid=b7a07ab0597547d1b29bd15f4cc3f091-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=nl&ds=is015&pr=sa&d=2012-03-06 10:26:02&v=10.0.0.7&sap=dsp&q={searchTerms} FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.defaultthis.engineName: "NCH EN Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}" FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B95ca62c3-dc63-4a0d-82ed-33069ed1f1df%7D&mid=b7a07ab0597547d1b29bd15f4cc3f091-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=is015&v=10.0.0.7&lang=nl&pr=sa&d=2012-03-06%2010%3A26%3A02&sap=ku&q=" [2011-12-13 15:06:06 | 000,000,915 | ---- | M] () -- C:\Users\.Anjo\AppData\Roaming\Mozilla\Firefox\Profiles\uwm8kbs3.default\searchplugins\conduit.xml [2012-03-06 10:25:59 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml :Services :Reg :Files :Commands [purity] [emptytemp] [emptyjava] [emptyflash] [createrestorepoint] [reboot][/color:a33cab7c9f][/b:a33cab7c9f] [*:a33cab7c9f]Klik daarna bovenaan op de knop [color=#FF0000:a33cab7c9f][b:a33cab7c9f]Run Fix[/b:a33cab7c9f][/color:a33cab7c9f][*:a33cab7c9f]Laat het programma ongestoord zijn werk doen. [*:a33cab7c9f]De pc zal na afloop opnieuw opgestart worden. [*:a33cab7c9f]Post tevens de inhoud van het OTL-scanlog[/list:u:a33cab7c9f]
  • Vreemd, ik heb op alle machines de firewalls uitstaan ivm netwerksnelheid en verplkaatsen grote bestanden in huis. Heb nu in services de zaak uitgezet LOG: All processes killed ========== OTL ========== Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename Prefs.js: "NCH EN Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "http://isearch.avg.com/search?cid=%7B95ca62c3-dc63-4a0d-82ed-33069ed1f1df%7D&mid=b7a07ab0597547d1b29bd15f4cc3f091-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=is015&v=10.0.0.7&lang=nl&pr=sa&d=2012-03-06%2010%3A26%3A02&sap=ku&q=" removed from keyword.URL C:\Users\.Anjo\AppData\Roaming\Mozilla\Firefox\Profiles\uwm8kbs3.default\searchplugins\conduit.xml moved successfully. C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: .Anjo ->Temp folder emptied: 10957 bytes ->Temporary Internet Files folder emptied: 512122 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 60051010 bytes ->Flash cache emptied: 233 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 6466 bytes RecycleBin emptied: 3617267128 bytes Total Files Cleaned = 3.508,00 mb [EMPTYJAVA] User: .Anjo ->Java cache emptied: 0 bytes User: All Users User: Default User: Default User User: Public Total Java Files Cleaned = 0,00 mb [EMPTYFLASH] User: .Anjo ->Flash cache emptied: 0 bytes User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.39.1 log created on 03202012_111432 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  • Hoi Anjo, mogelijk dat ComboFix al in een eerder stadium de standaard MS instellingen terugzet. Controleer of via dezelfde weg of Windows Defender mogelijk ook op Automatisch opstarten staat. Zo ja deactiveren! En hoe gaat het inmiddels?
  • Krijg geen rara meldingen meer, behoudens dat FF nu wat raar doet. Zo ontbreekt bij elke opstart mijn bladwijzerbalk. Op te lossen door die in "werkbalken "uit en aan te zetten, maar is toch vreemd, net als de ( uitgeschakelde) vraag of dat FF mijn standaardbrowser moet zijn. Defender had ik al gekilld in settings, tHNXX
  • Dan Firefox eerst deïnstalleren, waarbij je dus niet jouw persoonlijke datagegevens laat verwijderen, de PC herstarten en dan de nieuwste Firefox installeren.
  • Ga ik later doen. Kan m natuurlijk wél alles laten wissen, ik gebruik die sync-optie om op mijn 5 machines dezelfde bladwijzers te hebben. Werkt best goed. Vervelende is dat de Gears niet meer ondersteund worden, mijn NAS draait op JAVA en dan moet je gears hebben, toch??
  • NAS en netwerk zijn voor mij niet mijn sterkste kant; dat laat ik graag aan anderen over. Wat betreft die sync-optie, toch zou ik mijn eigen bestanden van FF niet mee laten deïstalleren!
  • OK, meld me als eea weer volledig achter de rug is en ik de safetyscanner heb laten draaien. Wat is die webclient nou eigenlijk??
  • Safetyscan geeft 0 problemen aan... Bedankt Abraham :lol:
  • Abraham, zijn er nog bijzonderheden ivm de-installeren van combofix, OTL en TDKSKKiller??
  • Hoi Anjo, niet nee. Indien jouw systeem weer normaal werkt en er geen problemen meer zijn, kunnen we gaan opruimen.
  • Ik wacht op instructies, dit systeem werkt vlgs mij weer vlekkeloos

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.