Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

searchnu.com/406

None
41 antwoorden
  • Beste lezer,

    Mijn browser start op met www.searchnu.com/406. Wie kan mij van dit probleem afhelpen?

    Ik heb het internet geraadpleegd en informatie gevonden om het probleem handmatig te verwijderen. Ik heb helaas niet de vaardigheid om folders te verwijderen en het register bij te werken. Ik heb de volgende informatie gevonden:

    Step 1, the associated files of searchnu.com/406 to be deleted is listed as below:

    %AllUsersProfile%\{random}\

    %AllUsersProfile%\{random}\*.lnk
    Step 2, the registry entries of searchnu.com/406 that need to be removed are listed as follows:

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\{random}

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Regedit32

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current\Winlogon\”Shell” = “{random}.exe”


    Groet


    Jan
  • Hallo Jan, je kan inderdaad dan beter niet in het Windows register rotzooien.

    [b:40f2874e58]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:40f2874e58]
    [list:40f2874e58][*:40f2874e58]Lees telkens elke instruktie eerst goed door.
    [*:40f2874e58]De gegeven instrukties gelden alleen jouw Windows.
    [*:40f2874e58]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat mogelijk serieuze problemen in Windows veroorzaken.
    [*:40f2874e58][b:40f2874e58]Installeer geen nieuwe programma's, updates of nieuwe hardware terwijl we met de fix bezig zijn.
    [*:40f2874e58]Gebruik ook geen andere programma's of tools dan diegenen waartoe ik opdracht geef.[/b:40f2874e58]
    [*:40f2874e58] Emoticons (smileys) a.u.b. uitzetten, wanneer je een log post.
    [*:40f2874e58]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken.
    [*:40f2874e58]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht.
    [*:40f2874e58]Ook indien je iets niet begrijpt, meldt dat dan.
    [*:40f2874e58]De fix, eenmaal gestart, dient afgewerkt te worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:40f2874e58][/color:40f2874e58]

    [b:40f2874e58]Stap •1•[/b:40f2874e58][/color:40f2874e58]
    [b:40f2874e58]Welk programma[/b:40f2874e58]: sUbs [b:40f2874e58]dds[/b:40f2874e58]
    [b:40f2874e58]Waarvoor/waarom[/b:40f2874e58]: DDS is een diagnosetool en maakt gebruik van scripts.
    [b:40f2874e58]Moeilijkheidsgraad[/b:40f2874e58]: Lees eerst goed wat te doen.
    [b:40f2874e58]Downloadlokatie[/b:40f2874e58]: Dit programma absoluut naar het bureaublad downloaden of anders eerst daar naar toe verplaatsen!
    [b:40f2874e58]Download DDS[/b:40f2874e58] van [b:40f2874e58]sUBS[/b:40f2874e58] van één van deze locaties en plaats het op je [b:40f2874e58]bureaublad[/b:40f2874e58]:
    [b:40f2874e58]DDS - Bleeping Computer download.
    DDS - Bleeping Computer download.
    DDS - Infospyware.[/b:40f2874e58]

    [img:40f2874e58]http://img.photobucket.com/albums/v666/sUBs/dds_scr.gif[/img:40f2874e58]

    [b:40f2874e58]sUBs dds.scr gebruiken[/b:40f2874e58]:
    [list:40f2874e58][*:40f2874e58][b:40f2874e58]Belangrijk[/color:40f2874e58][/b:40f2874e58]: deaktiveer eerst de antivirussoftware en de aktieve spywarescanners!
    [*:40f2874e58] [b:40f2874e58]Sluit vervolgens eerst alle nog openstaande programmavensters![/color:40f2874e58][/b:40f2874e58]
    [list:40f2874e58][*:40f2874e58]Windows 2000 en Windows XP: start sUBs dds.scr middels dubbelklik op de snelkoppeling.
    [*:40f2874e58]Windows Vista en Windows 7: start sUBs dds.scr rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.[/list:u:40f2874e58]
    [*:40f2874e58] Na de scan worden twee tekstdocumnenten geopend - DDS.txt en Attach.txt
    [*:40f2874e58] Kopieer en plak de gehele inhoud van de [b:40f2874e58]DDS-logfile[/b:40f2874e58] in jouw volgende bericht.
    [*:40f2874e58] Attach.txt post je pas wanneer ik er om vraag.[/list:u:40f2874e58]

    [b:40f2874e58]Stap •2•[/b:40f2874e58][/color:40f2874e58]
    [b:40f2874e58]Welk programma[/b:40f2874e58]: Malwarebytes MBAM
    [b:40f2874e58]Waarvoor/waarom[/b:40f2874e58]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:40f2874e58]Moeilijkheidsgraad[/b:40f2874e58]: geen.

    [b:40f2874e58]Download Malwarebytes MBAM via één van deze locaties[/b:40f2874e58]:
    [list:40f2874e58][*:40f2874e58][b:40f2874e58]Softpedia.com[/b:40f2874e58][*:40f2874e58][b:40f2874e58]Majorgeeks.com[/b:40f2874e58][/list:u:40f2874e58]
    [b:40f2874e58]Allereerst[/b:40f2874e58]:
    • Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
    • Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'!
    • [b:40f2874e58]Malwarebytes MBAM opstarten[/b:40f2874e58]:
      [list:40f2874e58][*:40f2874e58] [b:40f2874e58]Sluit nu eerst alle nog openstaande programmavensters![/color:40f2874e58][/b:40f2874e58]
      [list:40f2874e58][*:40f2874e58][b:40f2874e58]Windows 2000[/color:40f2874e58][/b:40f2874e58] en [b:40f2874e58]Windows XP[/b:40f2874e58][/color:40f2874e58]: start MBAM middels dubbelklik op de snelkoppeling.
      [*:40f2874e58][b:40f2874e58]Windows Vista[/b:40f2874e58][/color:40f2874e58] en [b:40f2874e58]Windows 7[/b:40f2874e58][/color:40f2874e58]: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.[/list:u:40f2874e58][/list:u:40f2874e58]
      [list:40f2874e58][*:40f2874e58][b:40f2874e58]Let op:[/b:40f2874e58]
      [list:40f2874e58][*:40f2874e58]Malwarebytes verstrekt nu de volledige versie van MBAM.
      [*:40f2874e58]Bij de eerstse start kijg je de mogelijkheid de volledige versie te gebruiken of de gratis versie.
      [*:40f2874e58]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken.
      [*:40f2874e58]Zodoende zal MBAM als gratis versie verder te gebruiken zijn[/list:u:40f2874e58]
      [img:40f2874e58]http://img30.imageshack.us/img30/3928/mbam2.png[/img:40f2874e58]

      [*:40f2874e58][b:40f2874e58]Doe ook nog het volgende:[/b:40f2874e58]
      [list:40f2874e58][*:40f2874e58]Zodra het programma gestart is, ga dan naar het tabblad "[b:40f2874e58]Instellingen[/b:40f2874e58]".
      [*:40f2874e58]Vink hier aan: "[b:40f2874e58]Sluit Internet Explorer tijdens verwijdering van malware[/b:40f2874e58]".[/list:u:40f2874e58][/list:u:40f2874e58]

      [b:40f2874e58]Scannen[/b:40f2874e58]:
      [list:40f2874e58][*:40f2874e58] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
      [*:40f2874e58]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
      [*:40f2874e58]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:40f2874e58]
      [b:40f2874e58]Infecties gevonden[/b:40f2874e58]:
      [list:40f2874e58][*:40f2874e58]Klik nu eerst op OK om de melding weg te klikken
      [*:40f2874e58]Klik vervolgens rechtsonder op de knop Bekijk resultaten.
      [*:40f2874e58]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
      [*:40f2874e58]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
      [*:40f2874e58]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
      [*:40f2874e58]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:40f2874e58]
      [b:40f2874e58]MBAM-Log[/b:40f2874e58]:
      [list:40f2874e58][*:40f2874e58] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te

      klikken'.[/list:u:40f2874e58]
      [b:40f2874e58]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:40f2874e58]

      [b:40f2874e58]Stap •3•[/b:40f2874e58][/color:40f2874e58]
      [b:40f2874e58]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:40f2874e58]
      [list:40f2874e58][*:40f2874e58] DDS-logfile
      [*:40f2874e58] MBAM scanlog[/list:u:40f2874e58]
  • Hallo Jan, je kan inderdaad dan beter niet in het Windows register rotzooien.

    Hallo Abraham,

    Allereerst bedankt voor je reactie! Hieronder tref je de gevraagde logfile aan:


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
    Run by J. Spaans at 10:37:07 on 2012-04-13
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.377 [GMT 2:00]
    .
    AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Documents and Settings\J. Spaans\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\J. Spaans\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\J. Spaans\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.nl/
    uSearchMigratedDefaultURL = hxxp://www.google.com/
    mSearchMigratedDefaultURL = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
    BHO: Adobe PDF Reader Help bij koppelingen: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: {7aa6ef0c-f173-4a58-b153-833326ab7941} - No File
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: ANWB Toolbar: {ebb03e3e-020a-418d-b322-761b730ca860} - c:\program files\anwb\anwbtoolbar\ANWBToolbar.dll
    TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "c:\documents and settings\j. spaans\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
    mRun: [SoundMax] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
    StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\ziggow~1.lnk - c:\program files
    etgear\wn111v2\WN111V2.exe
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {C180B365-AAB4-49c3-8E52-C37832A8C758} - {EBB03E3E-020A-418D-B322-761B730CA860} - c:\program files\anwb\anwbtoolbar\ANWBToolbar.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198315244015
    DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - hxxp://www.cig.canon-europe.com/ph/nl_NL/st/download/ddup/CNIMGUP_01_210102E.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{4A38CB2B-E753-4794-92F5-DEDBDDCA09F2} : NameServer = 208.67.220.220,208.67.222.222
    TCP: Interfaces\{D581D448-7A84-41F6-A668-AF7073A69FF0} : DhcpNameServer = 10.0.0.1
    Notify: TPSvc - TPSvc.dll
    AppInit_DLLs:
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2012-2-24 99728]
    R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2012-3-29 72080]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-24 36000]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-3-24 86224]
    R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-3-24 110032]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-24 74640]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-12-15 654408]
    R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers
    pf.sys [2010-1-27 50704]
    R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-12-15 22344]
    S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2012-2-24 99728]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys –> c:\windows\system32\drivers\Lbd.sys [?]
    S2 gupdate1ca0970b9e2ef88;Google Updateservice (gupdate1ca0970b9e2ef88);c:\program files\google\update\GoogleUpdate.exe [2009-7-20 133104]
    S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-8-7 12672]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-20 133104]
    S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files
    etgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
    S3 pbfilter;pbfilter;\??\d:\belangrijke bestanden\programfiles1\peerblock\pbfilter.sys –> d:\belangrijke bestanden\programfiles1\peerblock\pbfilter.sys [?]
    S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2009-1-14 458752]
    .
    =============== Created Last 30 ================
    .
    2012-04-13 08:34:57 ——– d–h–w- c:\windows\PIF
    2012-04-13 08:00:10 711240 —-a-w- c:\windows\isRS-000.tmp
    2012-04-12 16:43:57 388096 —-a-r- c:\documents and settings\j. spaans\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-04-12 16:43:55 ——– d—–w- c:\program files\Trend Micro
    2012-04-12 14:21:49 42864 —-a-r- c:\windows\system32\SBBD.EXE
    2012-04-12 14:21:49 101112 —-a-r- c:\windows\system32\drivers\SBREDrv.sys
    2012-04-12 14:21:41 ——– d—–w- c:\program files\STOPzilla!
    2012-04-12 14:21:39 ——– d—–w- c:\program files\common files\iS3
    2012-04-12 14:21:39 ——– d—–w- c:\documents and settings\all users\application data\STOPzilla!
    2012-04-12 14:09:06 ——– d–h–r- c:\documents and settings\j. spaans\Onlangs geopend
    2012-04-11 03:00:32 6582328 —-a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{9f49e88f-0d78-4c36-a88a-8c68e59389b4}\mpengine.dll
    2012-04-04 11:13:38 23376 —-a-r- c:\windows\system32\SZIO5.dll
    2012-04-04 11:13:26 546640 —-a-r- c:\windows\system32\SZComp5.dll
    2012-04-04 11:13:22 481104 —-a-r- c:\windows\system32\SZBase5.dll
    2012-03-29 14:36:48 72080 —-a-r- c:\windows\system32\drivers\SZKGFS.sys
    2012-03-24 10:43:05 ——– d—–w- c:\documents and settings\j. spaans\application data\Avira
    2012-03-24 10:37:19 74640 —-a-w- c:\windows\system32\drivers\avgntflt.sys
    2012-03-24 10:37:19 36000 —-a-w- c:\windows\system32\drivers\avkmgr.sys
    2012-03-24 10:37:15 ——– d—–w- c:\program files\Avira
    2012-03-24 10:37:15 ——– d—–w- c:\documents and settings\all users\application data\Avira
    2012-03-17 00:15:50 ——– d—–w- c:\program files\SpywareBlaster
    2012-03-14 21:58:30 ——– d—–w- c:\documents and settings\all users\application data\boost_interprocess
    .
    ==================== Find3M ====================
    .
    2012-04-10 08:07:49 1080 —-a-w- c:\windows\AUTOLNCH.REG
    2012-04-04 13:56:40 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-01 11:00:00 916992 —-a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:00:00 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:00:00 1469440 ——w- c:\windows\system32\inetcpl.cpl
    2012-02-29 14:10:27 177664 —-a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10:27 148480 —-a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17:53 385024 —-a-w- c:\windows\system32\html.iec
    2012-02-26 08:29:38 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-24 13:28:26 99728 —-a-r- c:\windows\system32\drivers\SZKG.sys
    2012-02-24 13:28:26 99728 —-a-r- c:\windows\system32\drivers\is3srv.sys
    2012-02-23 12:09:44 29008 —-a-r- c:\windows\system32\IS3XDat5.dll
    2012-02-23 12:09:42 390992 —-a-r- c:\windows\system32\IS3UI5.dll
    2012-02-23 12:09:42 231248 —-a-r- c:\windows\system32\IS3Win325.dll
    2012-02-23 12:09:40 100176 —-a-r- c:\windows\system32\IS3Svc5.dll
    2012-02-23 12:09:34 132944 —-a-r- c:\windows\system32\IS3HTUI5.dll
    2012-02-23 12:09:34 104272 —-a-r- c:\windows\system32\IS3Inet5.dll
    2012-02-23 12:09:32 67408 —-a-r- c:\windows\system32\IS3Hks5.dll
    2012-02-23 12:09:32 456528 —-a-r- c:\windows\system32\IS3DBA5.dll
    2012-02-23 12:09:30 808784 —-a-r- c:\windows\system32\IS3Base5.dll
    2012-02-23 08:18:36 237072 ——w- c:\windows\system32\MpSigStub.exe
    2012-02-03 09:57:36 1860224 —-a-w- c:\windows\system32\win32k.sys
    2009-08-27 22:10:05 652794 —-a-w- c:\program files\XviD-1.2.2-07062009.exe
    2009-05-12 15:17:58 8657729 —-a-w- c:\program files\Elecard Codec SDK G4 1.2.1.90504 Eval.exe
    2002-06-06 22:56:42 65536 —-a-w- c:\program files\movieid.exe
    2002-05-09 11:54:10 967 —-a-w- c:\program files\MovieID.pif
    .
    ============= FINISH: 10:38:36,57 ===============
  • Hallo Abraham,

    Er werden géén infecties gevonden. Hieronder het resultaat van de eerste scan. Wil je dat ik desondanks stap 3 uitvoer?

    Malwarebytes Anti-Malware (-evaluatieversie-) 1.61.0.1400
    www.malwarebytes.org

    Databaseversie: v2012.04.13.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    J. Spaans :: J-4CFF97CD5FDA4 [administrator]

    Realtime bescherming: Uitgeschakeld

    13-4-2012 11:36:16
    mbam-log-2012-04-13 (11-36-16).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 212986
    Verstreken tijd: 5 minuut/minuten, 12 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)
  • Hallo Jan, je hebt tot nu toe netjes alles gedaan.
    We gaan nu dieper vorsen in jouw Windows.

    Maar eerst dienen twee services gedeaktiveerd te worden!

    [b:da36f52537]Stap •1•[/b:da36f52537][/color:da36f52537]
    [b:da36f52537]Deaktiveer TeaTimer en SDHelper[/color:da36f52537] van Spybot tijdens de fix want deze onderdelen kunnen veranderingen ongedaan maken[/b:da36f52537].
    [list:da36f52537][*:da36f52537] Start Spybot S&D
    [*:da36f52537] Ga naar het Mode menu en selecteer "Advanced Mode"
    [*:da36f52537] In de linker kolom kies [b:da36f52537]"Tools"[/b:da36f52537] (of gereedschap ) en klik op > [b:da36f52537]Resident[/b:da36f52537]
    [*:da36f52537] Uitvinken "Resident TeaTimer en SDHelper[/color:da36f52537]" en sluit Spybot S&D.
    [*:da36f52537] [b:da36f52537]Start de computer hierna opnieuw op[/b:da36f52537].[/list:u:da36f52537]
    [b:da36f52537] Omdat Teatimer aktief was, doe daarom vervolgens ook nog dit[/b:da36f52537]:
    [b:da36f52537]Download naar je bureaublad: ResetTeaTimer.exe[/b:da36f52537] (klik)
    [list:da36f52537][*:da36f52537] Klik/dubbelklik op ResetTeaTimer.exe
    [*:da36f52537] Hierdoor zullen de via Teatimer toegestane- of geblokkeerde items weer gereset worden naar de oorspronkelijke settings.
    [*:da36f52537] [b:da36f52537]Start de computer hierna opnieuw op[/b:da36f52537].[/list:u:da36f52537]
    [b:da36f52537]Stap •2•[/b:da36f52537][/color:da36f52537]
    [b:da36f52537]Welk programma[/b:da36f52537]: [b:da36f52537]TDSSStarter.exe[/b:da36f52537]
    [b:da36f52537]Waarvoor/waarom[/b:da36f52537]: Rootkitscanner
    [b:da36f52537]Moeilijkheidsgraad[/b:da36f52537]: geen
    Download [b:da36f52537]TDSSStarter[/b:da36f52537] naar het bureaublad.

    [b:da36f52537]"TDSSSStarter.exe" gebruiken[/b:da36f52537]:
    [list:da36f52537][*:da36f52537] [b:da36f52537]Sluit nu eerst alle nog openstaande programmavensters![/color:da36f52537][/b:da36f52537]
    [list:da36f52537][*:da36f52537][b:da36f52537]Windows 2000[/color:da36f52537][/b:da36f52537] en [b:da36f52537]Windows XP[/b:da36f52537][/color:da36f52537]: start het tool middels dubbelklik op "[i:da36f52537] TDSSStarter .exe[/i:da36f52537]".
    [*:da36f52537][b:da36f52537]Windows Vista[/b:da36f52537][/color:da36f52537] en [b:da36f52537]Windows 7[/b:da36f52537][/color:da36f52537]: start het tool middels rechtsklik op "[i:da36f52537]TDSSStarter.exe[/i:da36f52537]" en dan kiezen voor [i:da36f52537][b:da36f52537]Als Administrator uitvoeren[/b:da36f52537][/i:da36f52537].[/list:u:da36f52537]

    [*:da36f52537]Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten.
    [*:da36f52537]Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.[/list:u:da36f52537]
    [b:da36f52537]Stap •3•[/b:da36f52537][/color:da36f52537]
    [b:da36f52537]Welk programma[/b:da36f52537]: ComboFix
    [b:da36f52537]Waarvoor/waarom[/b:da36f52537]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:da36f52537]Moeilijkheidsgraad[/b:da36f52537]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:da36f52537]Downloadlokatie[/b:da36f52537]: Dit programma absoluut naar het bureaublad downloaden!
    [b:da36f52537]Download ComboFix via één van deze locaties[/b:da36f52537]:
    [list:da36f52537][*:da36f52537][b:da36f52537]Bleepingcomputer[/b:da36f52537]
    [*:da36f52537][b:da36f52537]ForoSpyware[/b:da36f52537]
    [*:da36f52537][b:da36f52537]Geekstogo[/b:da36f52537][/list:u:da36f52537]
    [b:da36f52537]Hier[/b:da36f52537] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:da36f52537]Hier[/b:da36f52537] en [b:da36f52537]hier[/b:da36f52537] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:da36f52537]Voor alle duidelijkheid nogmaals[/b:da36f52537]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:da36f52537]Opmerkingen[/b:da36f52537]:
    [list:da36f52537][*:da36f52537] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren!
    Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).[/list:u:da36f52537]
    [b:da36f52537]ComboFix opstarten[/b:da36f52537]:
    [list:da36f52537][*:da36f52537] [b:da36f52537]Sluit nu eerst alle nog openstaande programmavensters![/color:da36f52537][/b:da36f52537]
    [list:da36f52537][*:da36f52537][b:da36f52537]Windows 2000[/color:da36f52537][/b:da36f52537] en [b:da36f52537]Windows XP[/b:da36f52537][/color:da36f52537]: start ComboFix.exe middels dubbelklik op ComboFix.exe.
    [*:da36f52537][b:da36f52537]Windows Vista[/b:da36f52537][/color:da36f52537] en [b:da36f52537]Windows 7[/b:da36f52537][/color:da36f52537]: start ComboFix.exe via rechtsklik op ComboFix.exe en kies dan voor [i:da36f52537][b:da36f52537]Als Administrator uitvoeren[/b:da36f52537][/i:da36f52537].[/list:u:da36f52537][/list:u:da36f52537]
    [b:da36f52537]ComboFix is opgestart[/b:da36f52537]:
    [list:da36f52537][*:da36f52537]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:da36f52537]Combofix sluit tijdens de scan de internet verbinding; probeer deze tussentijds niet te herstellen!
    [*:da36f52537]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:da36f52537]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:da36f52537]Post de inhoud van dit logbestand in je volgende bericht.
    [*:da36f52537]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:da36f52537]
    [b:da36f52537]Belangrijke opmerking[/b:da36f52537]:
    [list:da36f52537][*:da36f52537][b:da36f52537]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:da36f52537][/b:da36f52537]
    [*:da36f52537][b:da36f52537]Illegal operation attempted on a registery key that has been marked for deletion.[/color:da36f52537][/b:da36f52537]
    [*:da36f52537][b:da36f52537]Start dan de computer opnieuw op.[/color:da36f52537][/b:da36f52537][/list:u:da36f52537]

    [b:da36f52537]Stap •4•[/b:da36f52537][/color:da36f52537]
    [b:da36f52537]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:da36f52537]
    [list:da36f52537][*:da36f52537] TDSSKStarter-log
    [*:da36f52537] ComboFix.txt-log
    [/list:u:da36f52537]
  • Hallo Abraham, hieronder de gevraagde log van TDSSSStarter.exe:

    Ik had overigens RESIDENT uitgevinkt en dacht daarmee de onderliggende (aangevinkte) Teatimer en SDhelper ook gedeactiveerd te hebben, maar dat blijkt dus verkeerd gedacht. Ik heb ze nu beide uitgevinkt.


    21:10:37.0843 0592 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
    21:10:37.0843 0592 ============================================================
    21:10:37.0843 0592 Current date / time: 2012/04/13 21:10:37.0843
    21:10:37.0843 0592 SystemInfo:
    21:10:37.0843 0592
    21:10:37.0843 0592 OS Version: 5.1.2600 ServicePack: 3.0
    21:10:37.0843 0592 Product type: Workstation
    21:10:37.0843 0592 ComputerName: J-4CFF97CD5FDA4
    21:10:37.0843 0592 UserName: J. Spaans
    21:10:37.0843 0592 Windows directory: C:\WINDOWS
    21:10:37.0843 0592 System windows directory: C:\WINDOWS
    21:10:37.0843 0592 Processor architecture: Intel x86
    21:10:37.0843 0592 Number of processors: 2
    21:10:37.0843 0592 Page size: 0x1000
    21:10:37.0843 0592 Boot type: Normal boot
    21:10:37.0843 0592 ============================================================
    21:10:39.0109 0592 Drive \Device\Harddisk0\DR0 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    21:10:39.0125 0592 \Device\Harddisk0\DR0:
    21:10:39.0125 0592 MBR used
    21:10:39.0125 0592 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
    21:10:39.0140 0592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x154BFD62
    21:10:39.0390 0592 Initialize success
    21:10:39.0390 0592 ============================================================
    21:10:39.0421 3988 ============================================================
    21:10:39.0421 3988 Scan started
    21:10:39.0421 3988 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
    21:10:39.0421 3988 ============================================================
    21:10:40.0109 3988 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    21:10:40.0625 3988 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
    21:10:40.0875 3988 ACS (8cddbfcdac7226fe0202c7338107725b) C:\WINDOWS\system32\acs.exe
    21:10:40.0921 3988 ACS ( UnsignedFile.Multi.Generic ) - [b:fde340f979]warning[/color:fde340f979][/b:fde340f979]
    21:10:40.0921 3988 ACS - detected UnsignedFile.Multi.Generic (1)
    21:10:40.0984 3988 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
    21:10:41.0062 3988 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    21:10:41.0343 3988 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    21:10:41.0421 3988 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    21:10:41.0750 3988 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll
    21:10:42.0000 3988 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe
    21:10:42.0343 3988 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe
    21:10:42.0390 3988 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    21:10:42.0484 3988 Apple Mobile Device (7e94e567c1aa5abe6174032b3dab6c23) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    21:10:42.0578 3988 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    21:10:42.0921 3988 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    21:10:42.0968 3988 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    21:10:43.0234 3988 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    21:10:43.0500 3988 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    21:10:44.0171 3988 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll
    21:10:44.0453 3988 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    21:10:44.0703 3988 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    21:10:44.0812 3988 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    21:10:44.0875 3988 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
    21:10:44.0937 3988 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    21:10:45.0218 3988 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll
    21:10:45.0468 3988 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
    21:10:45.0546 3988 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll
    21:10:45.0828 3988 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    21:10:46.0078 3988 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    21:10:46.0343 3988 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    21:10:46.0578 3988 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    21:10:46.0828 3988 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe
    21:10:47.0062 3988 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe
    21:10:47.0343 3988 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:10:47.0437 3988 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
    21:10:47.0453 3988 cpuz132 ( UnsignedFile.Multi.Generic ) - [b:fde340f979]warning[/color:fde340f979][/b:fde340f979]
    21:10:47.0453 3988 cpuz132 - detected UnsignedFile.Multi.Generic (1)
    21:10:47.0500 3988 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll
    21:10:47.0765 3988 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll
    21:10:47.0843 3988 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll
    21:10:48.0109 3988 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    21:10:48.0359 3988 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
    21:10:48.0609 3988 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
    21:10:48.0875 3988 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    21:10:49.0125 3988 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll
    21:10:49.0390 3988 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    21:10:49.0656 3988 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
    21:10:49.0671 3988 DNINDIS5 ( UnsignedFile.Multi.Generic ) - [b:fde340f979]warning[/color:fde340f979][/b:fde340f979]
    21:10:49.0671 3988 DNINDIS5 - detected UnsignedFile.Multi.Generic (1)
    21:10:49.0796 3988 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll
    21:10:49.0953 3988 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll
    21:10:50.0328 3988 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    21:10:50.0578 3988 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll
    21:10:50.0906 3988 EL2000 (d0c7f8ca97d16263d434d943b4b7004f) C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys
    21:10:50.0921 3988 EL2000 ( UnsignedFile.Multi.Generic ) - [b:fde340f979]warning[/color:fde340f979][/b:fde340f979]
    21:10:50.0921 3988 EL2000 - detected UnsignedFile.Multi.Generic (1)
    21:10:51.0000 3988 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll
    21:10:51.0343 3988 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
    21:10:51.0515 3988 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\system32\es.dll
    21:10:51.0609 3988 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    21:10:51.0875 3988 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
    21:10:51.0937 3988 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    21:10:52.0171 3988 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
    21:10:52.0421 3988 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    21:10:52.0656 3988 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    21:10:52.0984 3988 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    21:10:53.0046 3988 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    21:10:53.0281 3988 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    21:10:53.0515 3988 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    21:10:53.0562 3988 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
    21:10:53.0562 3988 giveio ( UnsignedFile.Multi.Generic ) - [b:fde340f979]warning[/color:fde340f979][/b:fde340f979]
    21:10:53.0562 3988 giveio - detected UnsignedFile.Multi.Generic (1)
    21:10:53.0593 3988 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    21:10:53.0812 3988 gupdate1ca0970b9e2ef88 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
    21:10:53.0828 3988 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
    21:10:53.0875 3988 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    21:10:53.0953 3988 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    21:10:54.0140 3988 HidServ (10003105aab8d5a7db51a9cb3d9f55a3) C:\WINDOWS\System32\hidserv.dll
    21:10:54.0312 3988 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    21:10:54.0484 3988 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll
    21:10:54.0671 3988 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    21:10:54.0750 3988 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    21:10:54.0796 3988 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    21:10:54.0875 3988 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    21:10:54.0937 3988 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll
    21:10:55.0171 3988 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    21:10:55.0390 3988 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    21:10:55.0453 3988 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    21:10:55.0640 3988 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe
    21:10:55.0812 3988 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys
    21:10:55.0984 3988 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    21:10:56.0156 3988 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    21:10:56.0328 3988 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    21:10:56.0515 3988 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    21:10:56.0703 3988 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    21:10:56.0906 3988 iPod Service (7a3611564fce7c8be50b03f58cb3eb7d) C:\Program Files\iPod\bin\iPodService.exe
    21:10:56.0937 3988 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    21:10:57.0093 3988 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    21:10:57.0250 3988 is3srv (dccbdfd30bbeca6d74d9133981429b94) C:\WINDOWS\system32\drivers\is3srv.sys
    21:10:57.0281 3988 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    21:10:57.0453 3988 itchfltr (936123d83e80c1cb3ea042d7fb98da25) C:\WINDOWS\system32\DRIVERS\itchfltr.sys
    21:10:57.0562 3988 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
    21:10:57.0609 3988 jswpsapi (396c4dbcf101bed7487219025ffdbf75) C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
    21:10:57.0640 3988 jswpsapi ( UnsignedFile.Multi.Generic ) - [b:fde340f979]warning[/color:fde340f979][/b:fde340f979]
    21:10:57.0656 3988 jswpsapi - detected UnsignedFile.Multi.Generic (1)
    21:10:57.0671 3988 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
    21:10:57.0734 3988 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    21:10:57.0906 3988 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    21:10:58.0062 3988 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    21:10:58.0234 3988 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    21:10:58.0281 3988 lanmanserver (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll
    21:10:58.0328 3988 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll
    21:10:58.0390 3988 LCcfltr (6dbfde591322242ecec5c48fca325e82) C:\WINDOWS\system32\drivers\lccfltr.sys
    21:10:58.0437 3988 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll
    21:10:58.0609 3988 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
    21:10:58.0703 3988 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    21:10:58.0781 3988 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll
    21:10:58.0937 3988 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys
    21:10:59.0000 3988 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    21:10:59.0187 3988 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe
    21:10:59.0328 3988 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
    21:10:59.0468 3988 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    21:10:59.0625 3988 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    21:10:59.0796 3988 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    21:11:00.0015 3988 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    21:11:00.0234 3988 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    21:11:00.0328 3988 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe
    21:11:00.0484 3988 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    21:11:00.0625 3988 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    21:11:00.0765 3988 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    21:11:00.0906 3988 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    21:11:01.0062 3988 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    21:11:01.0203 3988 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    21:11:01.0281 3988 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll
    21:11:01.0546 3988 NBService (3bae2bfcb6d69e19c8373f635dd544dc) D:\Belangrijke bestanden\Programfiles1\Nero 7\Nero BackItUp\NBService.exe
    21:11:01.0625 3988 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    21:11:01.0781 3988 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS
    distapi.sys
    21:11:01.0812 3988 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS
    disuio.sys
    21:11:01.0968 3988 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS
    diswan.sys
    21:11:02.0109 3988 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    21:11:02.0171 3988 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS
    etbios.sys
    21:11:02.0296 3988 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS
    etbt.sys
    21:11:02.0453 3988 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32
    etdde.exe
    21:11:02.0593 3988 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32
    etdde.exe
    21:11:02.0750 3988 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
    21:11:02.0890 3988 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32
    etman.dll
    21:11:03.0109 3988 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    21:11:03.0171 3988 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS
    ic1394.sys
    21:11:03.0343 3988 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll
    21:11:03.0453 3988 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    21:11:03.0515 3988 npf (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers
    pf.sys
    21:11:03.0546 3988 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    21:11:03.0718 3988 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    21:11:03.0875 3988 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
    21:11:04.0031 3988 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32
    tmssvc.dll
    21:11:04.0187 3988 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    21:11:04.0531 3988 nv (8e72e452b9cc1e455d19e3c9fa964d37) C:\WINDOWS\system32\DRIVERS
    v4_mini.sys
    21:11:04.0750 3988 NVSvc (934833b3cd462a6f8a96f64d024c8b20) C:\WINDOWS\system32
    vsvc32.exe
    21:11:04.0812 3988 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS
    wlnkflt.sys
    21:11:04.0968 3988 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS
    wlnkfwd.sys
    21:11:05.0140 3988 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    21:11:05.0312 3988 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:11:05.0359 3988 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
    21:11:05.0515 3988 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    21:11:05.0671 3988 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
    21:11:05.0906 3988 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
    21:11:06.0062 3988 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\drivers\PCIIde.sys
    21:11:06.0234 3988 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
    21:11:06.0437 3988 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
    21:11:06.0453 3988 pfc ( UnsignedFile.Multi.Generic ) - [b:fde340f979]warning[/color:fde340f979][/b:fde340f979]
    21:11:06.0453 3988 pfc - detected UnsignedFile.Multi.Generic (1)
    21:11:06.0484 3988 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\WINDOWS\system32\IoctlSvc.exe
    21:11:06.0500 3988 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - [b:fde340f979]warning[/color:fde340f979][/b:fde340f979]
    21:11:06.0500 3988 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
    21:11:06.0546 3988 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
    21:11:06.0593 3988 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
    21:11:06.0609 3988 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - [b:fde340f979]warning[/color:fde340f979][/b:fde340f979]
    21:11:06.0609 3988 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
    21:11:06.0656 3988 Point32 (08b11f5c60edca255b18cedef8efba2a) C:\WINDOWS\system32\DRIVERS\point32.sys
    21:11:06.0718 3988 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
    21:11:06.0875 3988 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    21:11:07.0000 3988 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
    21:11:07.0156 3988 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    21:11:07.0296 3988 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    21:11:07.0468 3988 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    21:11:07.0546 3988 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    21:11:07.0734 3988 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll
    21:11:07.0890 3988 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    21:11:08.0046 3988 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll
    21:11:08.0203 3988 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    21:11:08.0359 3988 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    21:11:08.0531 3988 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    21:11:08.0671 3988 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    21:11:08.0875 3988 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
    21:11:08.0937 3988 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe
    21:11:09.0093 3988 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
    21:11:09.0234 3988 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll
    21:11:09.0406 3988 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe
    21:11:09.0562 3988 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\System32\rpcss.dll
    21:11:09.0625 3988 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe
    21:11:09.0781 3988 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
    21:11:09.0937 3988 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe
    21:11:10.0109 3988 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll
    21:11:10.0265 3988 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    21:11:10.0421 3988 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll
    21:11:10.0578 3988 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll
    21:11:10.0734 3988 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    21:11:10.0890 3988 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
    21:11:11.0031 3988 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    21:11:11.0218 3988 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll
    21:11:11.0390 3988 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
    21:11:11.0468 3988 smwdm (7d9b50329af9fd94b0529282530d2cb7) C:\WINDOWS\system32\drivers\smwdm.sys
    21:11:11.0531 3988 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    21:11:11.0546 3988 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - [b:fde340f979]warning[/color:fde340f979][/b:fde340f979]
    21:11:11.0546 3988 SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1)
    21:11:11.0578 3988 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    21:11:11.0750 3988 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    21:11:11.0796 3988 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
    21:11:11.0968 3988 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll
    21:11:12.0125 3988 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    21:11:12.0171 3988 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll
    21:11:12.0343 3988 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    21:11:12.0375 3988 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll
    21:11:12.0531 3988 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    21:11:12.0687 3988 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    21:11:12.0921 3988 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    21:11:13.0093 3988 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe
    21:11:13.0250 3988 szkg5 (dccbdfd30bbeca6d74d9133981429b94) C:\WINDOWS\system32\DRIVERS\szkg.sys
    21:11:13.0296 3988 szkgfs (7e151ce5b2b641e97cddca64c8d83211) C:\WINDOWS\system32\drivers\szkgfs.sys
    21:11:13.0375 3988 szserver (f1ad6b22ffcccba68b3a6d6e70fcb105) C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    21:11:13.0406 3988 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll
    21:11:13.0578 3988 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    21:11:13.0671 3988 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    21:11:13.0828 3988 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    21:11:13.0968 3988 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    21:11:14.0125 3988 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll
    21:11:14.0281 3988 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
    21:11:14.0343 3988 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll
    21:11:14.0484 3988 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    21:11:14.0656 3988 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    21:11:14.0828 3988 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll
    21:11:14.0984 3988 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe
    21:11:15.0140 3988 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
    21:11:15.0171 3988 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    21:11:15.0328 3988 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    21:11:15.0468 3988 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    21:11:15.0609 3988 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    21:11:15.0765 3988 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    21:11:15.0890 3988 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    21:11:16.0046 3988 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    21:11:16.0187 3988 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    21:11:16.0343 3988 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
    21:11:16.0500 3988 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe
    21:11:16.0656 3988 W32Time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll
    21:11:16.0781 3988 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    21:11:16.0953 3988 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    21:11:17.0093 3988 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll
    21:11:17.0265 3988 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
    21:11:17.0312 3988 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll
    21:11:17.0484 3988 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    21:11:17.0515 3988 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    21:11:17.0703 3988 WMPNetworkSvc (79a01acd485687ee602411a06b63a9a5) C:\Program Files\Windows Media Player\WMPNetwk.exe
    21:11:17.0812 3988 WN111v2 (966860e5ea3591aa471ec9ced49dc8d2) C:\WINDOWS\system32\DRIVERS\WN111v2.sys
    21:11:17.0890 3988 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    21:11:18.0078 3988 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll
    21:11:18.0234 3988 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
    21:11:18.0234 3988 WSIMD ( UnsignedFile.Multi.Generic ) - [b:fde340f979]warning[/color:fde340f979][/b:fde340f979]
    21:11:18.0234 3988 WSIMD - detected UnsignedFile.Multi.Generic (1)
    21:11:18.0250 3988 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll
    21:11:18.0421 3988 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    21:11:18.0453 3988 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    21:11:18.0500 3988 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    21:11:18.0562 3988 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll
    21:11:18.0750 3988 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll
    21:11:18.0906 3988 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
    21:11:19.0093 3988 Boot (0x1200) (2b99cca1658721b1a9720d8f68652e23) \Device\Harddisk0\DR0\Partition0
    21:11:19.0109 3988 Boot (0x1200) (5a24015bf40b1ffb464e6f361e028da1) \Device\Harddisk0\DR0\Partition1
    21:11:19.0109 3988 ============================================================
    21:11:19.0109 3988 Scan finished
    21:11:19.0109 3988 ============================================================
    21:11:20.0000 1444 Deinitialize success
    .
    ==============================================
    System Restore Point Check:
    .
    TDSSKiller Starter Restore Point Created Succesfully
    ==============================================
    .
    ==============================================
    C:\TDSSStarter\Report_13-04-2012_2108_.log
    ==============================================
    Registry Export
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    ==============================================
    EOF
  • Hieronder de ComboFix log. Abraham, klopt het dat ik bij de volgende stap (4) vermelde twee programma's weer moet starten en de logs daarvan posten?

    ComboFix 12-04-13.01 - J. Spaans 13-04-2012 21:43:58.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.306 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\J. Spaans\Bureaublad\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\J. Spaans\Application Data\Desktopicon
    c:\documents and settings\J. Spaans\Application Data\Desktopicon\eBay.ico
    c:\documents and settings\J. Spaans\Application Data\Desktopicon\uninst.exe
    c:\program files\Elecard Codec SDK G4 1.2.1.90504 Eval.exe
    c:\program files\XviD-1.2.2-07062009.exe
    c:\windows\IsUn0413.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-03-13 to 2012-04-13 ))))))))))))))))))))))))))))))
    .
    .
    2012-04-13 19:07 . 2012-04-13 19:11 ——– d—–w- C:\TDSSStarter
    2012-04-13 08:34 . 2012-04-13 08:34 ——– d–h–w- c:\windows\PIF
    2012-04-12 16:43 . 2012-04-12 16:43 388096 —-a-r- c:\documents and settings\J. Spaans\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-04-12 16:43 . 2012-04-12 16:43 ——– d—–w- c:\program files\Trend Micro
    2012-04-12 14:21 . 2012-01-19 08:22 42864 —-a-r- c:\windows\system32\SBBD.EXE
    2012-04-12 14:21 . 2012-01-12 07:26 101112 —-a-r- c:\windows\system32\drivers\SBREDrv.sys
    2012-04-12 14:21 . 2012-04-12 14:21 ——– d—–w- c:\program files\STOPzilla!
    2012-04-12 14:21 . 2012-04-13 19:53 ——– d—–w- c:\documents and settings\All Users\Application Data\STOPzilla!
    2012-04-12 14:21 . 2012-04-12 14:21 ——– d—–w- c:\program files\Common Files\iS3
    2012-04-12 14:09 . 2012-04-13 19:39 ——– d–h–r- c:\documents and settings\J. Spaans\Onlangs geopend
    2012-04-11 03:00 . 2012-03-14 02:15 6582328 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9F49E88F-0D78-4C36-A88A-8C68E59389B4}\mpengine.dll
    2012-04-04 11:13 . 2012-04-04 11:13 23376 —-a-r- c:\windows\system32\SZIO5.dll
    2012-04-04 11:13 . 2012-04-04 11:13 546640 —-a-r- c:\windows\system32\SZComp5.dll
    2012-04-04 11:13 . 2012-04-04 11:13 481104 —-a-r- c:\windows\system32\SZBase5.dll
    2012-03-29 14:36 . 2012-03-29 14:36 72080 —-a-r- c:\windows\system32\drivers\SZKGFS.sys
    2012-03-24 10:43 . 2012-03-24 10:43 ——– d—–w- c:\documents and settings\J. Spaans\Application Data\Avira
    2012-03-24 10:37 . 2012-01-31 07:57 74640 —-a-w- c:\windows\system32\drivers\avgntflt.sys
    2012-03-24 10:37 . 2012-01-31 07:57 137416 —-a-w- c:\windows\system32\drivers\avipbb.sys
    2012-03-24 10:37 . 2011-09-16 15:09 36000 —-a-w- c:\windows\system32\drivers\avkmgr.sys
    2012-03-24 10:37 . 2012-03-24 10:37 ——– d—–w- c:\program files\Avira
    2012-03-24 10:37 . 2012-03-24 10:37 ——– d—–w- c:\documents and settings\All Users\Application Data\Avira
    2012-03-17 00:15 . 2012-03-17 00:18 ——– d—–w- c:\program files\SpywareBlaster
    2012-03-14 21:58 . 2012-03-14 21:58 ——– d—–w- c:\documents and settings\All Users\Application Data\boost_interprocess
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-10 08:07 . 2008-08-16 12:34 1080 —-a-w- c:\windows\AUTOLNCH.REG
    2012-04-04 13:56 . 2008-12-15 09:45 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-14 02:15 . 2007-05-17 00:02 6582328 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2012-03-01 11:00 . 2004-08-04 12:00 916992 —-a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:00 . 2004-08-04 12:00 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:00 . 2004-08-04 12:00 1469440 ——w- c:\windows\system32\inetcpl.cpl
    2012-02-29 14:10 . 2004-08-04 12:00 177664 —-a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10 . 2004-08-04 12:00 148480 —-a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17 . 2004-08-04 12:00 385024 —-a-w- c:\windows\system32\html.iec
    2012-02-26 08:29 . 2011-05-14 10:20 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-24 13:28 . 2012-02-24 13:28 99728 —-a-r- c:\windows\system32\drivers\SZKG.sys
    2012-02-24 13:28 . 2012-02-24 13:28 99728 —-a-r- c:\windows\system32\drivers\is3srv.sys
    2012-02-23 12:09 . 2012-02-23 12:09 29008 —-a-r- c:\windows\system32\IS3XDat5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 390992 —-a-r- c:\windows\system32\IS3UI5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 231248 —-a-r- c:\windows\system32\IS3Win325.dll
    2012-02-23 12:09 . 2012-02-23 12:09 100176 —-a-r- c:\windows\system32\IS3Svc5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 132944 —-a-r- c:\windows\system32\IS3HTUI5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 104272 —-a-r- c:\windows\system32\IS3Inet5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 67408 —-a-r- c:\windows\system32\IS3Hks5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 456528 —-a-r- c:\windows\system32\IS3DBA5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 808784 —-a-r- c:\windows\system32\IS3Base5.dll
    2012-02-23 08:18 . 2009-10-02 18:30 237072 ——w- c:\windows\system32\MpSigStub.exe
    2012-02-03 09:57 . 2004-08-04 12:00 1860224 —-a-w- c:\windows\system32\win32k.sys
    2002-06-06 22:56 . 2009-03-07 21:28 65536 —-a-w- c:\program files\movieid.exe
    2002-05-09 11:54 . 2009-03-07 21:28 967 —-a-w- c:\program files\MovieID.pif
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-20 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
    "nwiz"="nwiz.exe" [2008-05-03 1630208]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
    .
    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    HP Photosmart Premier Snelstart.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
    Office Opstarten.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-9-22 51984]
    Ziggo Wireless Utility.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2009-7-15 1532001]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2009-08-13 13:51 177440 —-a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2006-02-19 00:41 49152 —-a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-11-12 15:33 141600 —-a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 17:03 1695232 —-a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2008-05-28 06:27 570664 —-a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
    2003-05-30 07:42 585728 —-a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2003-05-29 14:28 790528 -c–a-w- c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-07-20 19:30 39408 —-a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
    2002-11-23 00:15 631362 —-a-w- c:\program files\Logitech\iTouch\iTouch.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\HPZipm12.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
    "c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexingService.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [24-2-2012 15:28 99728]
    R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [29-3-2012 16:36 72080]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [24-3-2012 12:37 36000]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24-3-2012 12:37 86224]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [15-12-2008 11:45 654408]
    R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers
    pf.sys [27-1-2010 4:09 50704]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 18:19 13592]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [1-10-2008 17:45 57440]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [15-12-2008 11:45 22344]
    S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [24-2-2012 15:28 99728]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys –> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 gupdate1ca0970b9e2ef88;Google Updateservice (gupdate1ca0970b9e2ef88);c:\program files\Google\Update\GoogleUpdate.exe [20-7-2009 21:31 133104]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [24-7-2003 13:10 17149]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20-7-2009 21:31 133104]
    S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [27-2-2008 12:54 360547]
    S3 pbfilter;pbfilter;\??\d:\belangrijke bestanden\Programfiles1\PeerBlock\pbfilter.sys –> d:\belangrijke bestanden\Programfiles1\PeerBlock\pbfilter.sys [?]
    S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [14-1-2009 3:23 458752]
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - 08944499
    *NewlyCreated* - 26668473
    *Deregistered* - 08944499
    *Deregistered* - 26668473
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    2012-04-13 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-20 16:47]
    .
    2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 19:31]
    .
    2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 19:31]
    .
    2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1957994488-1801674531-1004Core.job
    - c:\documents and settings\J. Spaans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-12 09:43]
    .
    2012-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1957994488-1801674531-1004UA.job
    - c:\documents and settings\J. Spaans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-12 09:43]
    .
    2012-04-13 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uSearchMigratedDefaultURL = hxxp://www.google.com/
    mSearchMigratedDefaultURL = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{4A38CB2B-E753-4794-92F5-DEDBDDCA09F2}: NameServer = 208.67.220.220,208.67.222.222
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - hxxp://www.cig.canon-europe.com/ph/nl_NL/st/download/ddup/CNIMGUP_01_210102E.cab
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    BHO-{7aa6ef0c-f173-4a58-b153-833326ab7941} - (no file)
    Toolbar-10 - (no file)
    Notify-TPSvc - TPSvc.dll
    MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    AddRemove-Aangifte inkomstenbelasting 2008 - g:\2008\ib2008u.exe
    AddRemove-eBay Icon - c:\documents and settings\J. Spaans\Application Data\Desktopicon\uninst.exe
    AddRemove-HP PrecisionScan LTX - c:\windows\IsUn0413.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-13 21:53
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    .
    c:\windows\TEMP\TMP000000D8062B7AC436910342 524288 bytes
    .
    Scan succesvol afgerond
    verborgen bestanden: 1
    .
    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•¤|ÿÿÿÿ•¤|ù•9~*]
    "3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    Voltooingstijd: 2012-04-13 21:57:04
    ComboFix-quarantined-files.txt 2012-04-13 19:56
    .
    Pre-Run: 3.934.863.360 bytes beschikbaar
    Post-Run: 4.231.553.024 bytes beschikbaar
    .
    - - End Of File - - AF38052163722E7922711E8B0B39110D
  • Jan vraagt:"Abraham, klopt het dat ik bij de volgende stap (4) vermelde twee programma's weer moet starten en de logs daarvan posten?"

    Hallo Jan, nee hoor - indien je de opdracht uitgevoerd hebt, hoef je het niet weer te doen.

    [b:a6535b824f]Stap •1•[/b:a6535b824f][/color:a6535b824f]
    [b:a6535b824f]Welk programma[/b:a6535b824f]: TFC.
    [b:a6535b824f]Waarvoor/waarom[/b:a6535b824f]:grondige reiniging van Windows.
    [b:a6535b824f]Moeilijkheidsgraad[/b:a6535b824f]: geen.
    [b:a6535b824f]Download: Download TFC naar je bureaublad (klick)[/color:a6535b824f] [/b:a6535b824f]

    [b:a6535b824f]TFC opstarten[/b:a6535b824f]:
    Windows 2000 en Windows XP: dubbelklik op [b:a6535b824f]TFC.exe[/b:a6535b824f].
    Windows Vista en Windows 7: rechtsklik op [b:a6535b824f]TFC.exe[/b en kies "Als Administrator uitvoeren".
    [list:a6535b824f][*:a6535b824f] Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen!
    [*:a6535b824f] Vervolgens klik je op de knop Start[/b:a6535b824f] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is.
    [*:a6535b824f] Indien TFC klaar is, dan komt de melding dat de computer opnieuw opgestart wordt.
    [*:a6535b824f] Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op.
    [*:a6535b824f] Noot: TFC vertoont geen log![/list:u:a6535b824f]

    [b:a6535b824f]Stap •2•[/b:a6535b824f][/color:a6535b824f]
    Download de [b:a6535b824f]Emsisoft Emergency Kit[/color:a6535b824f][/b:a6535b824f] naar het bureaublad en pak het [b:a6535b824f]ZIP[/b:a6535b824f] bestand uit.
    [list:a6535b824f]
    [*:a6535b824f] Open de map "[b:a6535b824f]EmsisoftEmergencyKit[/b:a6535b824f]" en dubbelklik op "[b:a6535b824f]Start.exe[/b:a6535b824f]"
    [*:a6535b824f] Klik nu op "[b:a6535b824f]Emergency Kit Scanner[/b:a6535b824f]" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "[b:a6535b824f]Ja[/b:a6535b824f]"
    [img:a6535b824f]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK11.jpg[/img:a6535b824f]
    [*:a6535b824f] Als de update gereed is en de melding "[b:a6535b824f]Update process is succesvol afgerond[/b:a6535b824f]" verschijnt klikt u op "[b:a6535b824f]menu[/b:a6535b824f]" en dan op "[b:a6535b824f]Scan PC[/b:a6535b824f]"
    [*:a6535b824f] Selecteer de optie "[b:a6535b824f]Diep[/b:a6535b824f]" als deze niet standaard al zo is ingesteld.
    [*:a6535b824f] Klik Nu op de knop "[b:a6535b824f]Scan[/b:a6535b824f]" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
    [*:a6535b824f] Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.

    Opmerking:

    Als u deze melding ziet.

    [b:a6535b824f]C:\Documents and Settings\username\Bureaublad\ComboFix.exe/$0\List.bat Verwijderd Virus.Win32.HTML!IK [/b:a6535b824f]

    Wanneer het bestand in het venster met scanresultaten staat kun je rechtsklikken op die detectie en kiezen voor [b:a6535b824f] "Versturen als vals alarm (False Positive)".[/b:a6535b824f]


    [*:a6535b824f] Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "[b:a6535b824f]verwijder geselecteerde[/b:a6535b824f]" u zal nu de volgende melding krijgen maar klik hier op "[b:a6535b824f]Ja[/b:a6535b824f]"
    [img:a6535b824f]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK2.jpg[/img:a6535b824f]
    [*:a6535b824f] Als het verwijderen gereed is klikt u op de knop "[b:a6535b824f]View report[/b:a6535b824f]" en selecteert u het tekstbestand van deze scan met de naam zoals: [b:a6535b824f]a2scan_110730-111615.txt[/b:a6535b824f]
    [*:a6535b824f] Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
    [*:a6535b824f] Herstart nu de computer.[/list:u:a6535b824f]
  • Hallo Abraham,

    Ik heb beide handelingen uitgevoerd. Hieronder de gevraagde scanlog:

    Emsisoft Emergency Kit - Versie 1.0
    Laatste Update: 14-4-2012 11:17:13

    Scaninstellingen:

    Scantype: Diepe Scan
    Objecten: Geheugen, Sporen, Cookies, C:\, D:\
    Scan archieven: Aan
    Heuristieken: Uit
    ADS Scan: Aan

    Scan gestart: 14-4-2012 11:18:47

    c:\windows\system32\fonts Ontdekt: Trace.Directory.IamBigBrother!A2
    Value: HKEY_CURRENT_USER\Software\Jaytown\ANWBToolbar\ConfigurationFile –> LastConfigRead Ontdekt: Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_CURRENT_USER\Software\Jaytown\ANWBToolbar\ConfigurationFile –> XML Ontdekt: Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_CURRENT_USER\Software\Jaytown\ANWBToolbar\Updates –> LastTime Ontdekt: Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> BandClsid Ontdekt: Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> ButtonText Ontdekt: Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> Clsid Ontdekt: Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> Default Visible Ontdekt: Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> HotIcon Ontdekt: Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> Icon Ontdekt: Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> MenuStatusBar Ontdekt: Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> MenuText Ontdekt: Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser –> {ebb03e3e-020a-418d-b322-761b730ca860} Ontdekt: Trace.Registry.ANWBToolbar!A2
    Value: HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar –> {ebb03e3e-020a-418d-b322-761b730ca860} Ontdekt: Trace.Registry.ANWBToolbar!A2
    Key: HKEY_CURRENT_USER\software\kazaa Ontdekt: Trace.Registry.KaZaA!A2

    Gescand

    Bestanden: 168065
    Sporen: 506787
    Cookies: 14
    Processen: 46

    Gevonden

    Bestanden: 0
    Sporen: 15
    Cookies: 0
    Processen: 0
    Registersleutels: 0

    Scan Geëindigd: 14-4-2012 13:43:58
    Scantijd: 2:25:11

    Key: HKEY_CURRENT_USER\software\kazaa Verwijderd Trace.Registry.KaZaA!A2
    Value: HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser –> {ebb03e3e-020a-418d-b322-761b730ca860} Verwijderd Trace.Registry.ANWBToolbar!A2
    Value: HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar –> {ebb03e3e-020a-418d-b322-761b730ca860} Verwijderd Trace.Registry.ANWBToolbar!A2
    Value: HKEY_CURRENT_USER\Software\Jaytown\ANWBToolbar\ConfigurationFile –> LastConfigRead Verwijderd Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_CURRENT_USER\Software\Jaytown\ANWBToolbar\ConfigurationFile –> XML Verwijderd Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_CURRENT_USER\Software\Jaytown\ANWBToolbar\Updates –> LastTime Verwijderd Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> BandClsid Verwijderd Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> ButtonText Verwijderd Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> Clsid Verwijderd Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> Default Visible Verwijderd Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> HotIcon Verwijderd Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> Icon Verwijderd Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> MenuStatusBar Verwijderd Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> MenuText Verwijderd Trace.Registry.ANWB Toolbar!A2
    c:\windows\system32\fonts Verwijderd Trace.Directory.IamBigBrother!A2

    Verwijderd

    Bestanden: 0
    Sporen: 15
    Cookies: 0
  • Doe de ComboFix scan nogmaals.
    Het kan na opstarten van ComboFix gebeuren dat er een melding komt:

    - of ComboFix wil geupdated worden;
    - of ComboFix wil opnieuw gedownload worden.

    Post wederom de inhoud van het ComboFix-log.
  • [quote:31371835e0="Abraham54"]Doe de ComboFix scan nogmaals.

    Post wederom de inhoud van het ComboFix-log.[/quote:31371835e0]

    Abraham, hieronder de CF log:


    ComboFix 12-04-13.01 - J. Spaans 16-04-2012 10:11:08.3.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.284 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\J. Spaans\Bureaublad\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-03-16 to 2012-04-16 ))))))))))))))))))))))))))))))
    .
    .
    2012-04-13 19:07 . 2012-04-13 20:13 ——– d—–w- C:\TDSSStarter
    2012-04-13 08:34 . 2012-04-13 08:34 ——– d–h–w- c:\windows\PIF
    2012-04-12 16:43 . 2012-04-12 16:43 388096 —-a-r- c:\documents and settings\J. Spaans\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-04-12 16:43 . 2012-04-12 16:43 ——– d—–w- c:\program files\Trend Micro
    2012-04-12 14:21 . 2012-01-19 08:22 42864 —-a-r- c:\windows\system32\SBBD.EXE
    2012-04-12 14:21 . 2012-01-12 07:26 101112 —-a-r- c:\windows\system32\drivers\SBREDrv.sys
    2012-04-12 14:21 . 2012-04-12 14:21 ——– d—–w- c:\program files\STOPzilla!
    2012-04-12 14:21 . 2012-04-16 08:19 ——– d—–w- c:\documents and settings\All Users\Application Data\STOPzilla!
    2012-04-12 14:21 . 2012-04-12 14:21 ——– d—–w- c:\program files\Common Files\iS3
    2012-04-12 14:09 . 2012-04-15 11:01 ——– d–h–r- c:\documents and settings\J. Spaans\Onlangs geopend
    2012-04-11 03:00 . 2012-03-14 02:15 6582328 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9F49E88F-0D78-4C36-A88A-8C68E59389B4}\mpengine.dll
    2012-04-04 11:13 . 2012-04-04 11:13 23376 —-a-r- c:\windows\system32\SZIO5.dll
    2012-04-04 11:13 . 2012-04-04 11:13 546640 —-a-r- c:\windows\system32\SZComp5.dll
    2012-04-04 11:13 . 2012-04-04 11:13 481104 —-a-r- c:\windows\system32\SZBase5.dll
    2012-03-29 14:36 . 2012-03-29 14:36 72080 —-a-r- c:\windows\system32\drivers\SZKGFS.sys
    2012-03-24 10:43 . 2012-03-24 10:43 ——– d—–w- c:\documents and settings\J. Spaans\Application Data\Avira
    2012-03-24 10:37 . 2012-01-31 07:57 74640 —-a-w- c:\windows\system32\drivers\avgntflt.sys
    2012-03-24 10:37 . 2012-01-31 07:57 137416 —-a-w- c:\windows\system32\drivers\avipbb.sys
    2012-03-24 10:37 . 2011-09-16 15:09 36000 —-a-w- c:\windows\system32\drivers\avkmgr.sys
    2012-03-24 10:37 . 2012-03-24 10:37 ——– d—–w- c:\program files\Avira
    2012-03-24 10:37 . 2012-03-24 10:37 ——– d—–w- c:\documents and settings\All Users\Application Data\Avira
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-10 08:07 . 2008-08-16 12:34 1080 —-a-w- c:\windows\AUTOLNCH.REG
    2012-04-04 13:56 . 2008-12-15 09:45 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-14 02:15 . 2007-05-17 00:02 6582328 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2012-03-01 11:00 . 2004-08-04 12:00 916992 —-a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:00 . 2004-08-04 12:00 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:00 . 2004-08-04 12:00 1469440 ——w- c:\windows\system32\inetcpl.cpl
    2012-02-29 14:10 . 2004-08-04 12:00 177664 —-a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10 . 2004-08-04 12:00 148480 —-a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17 . 2004-08-04 12:00 385024 —-a-w- c:\windows\system32\html.iec
    2012-02-26 08:29 . 2011-05-14 10:20 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-24 13:28 . 2012-02-24 13:28 99728 —-a-r- c:\windows\system32\drivers\SZKG.sys
    2012-02-24 13:28 . 2012-02-24 13:28 99728 —-a-r- c:\windows\system32\drivers\is3srv.sys
    2012-02-23 12:09 . 2012-02-23 12:09 29008 —-a-r- c:\windows\system32\IS3XDat5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 390992 —-a-r- c:\windows\system32\IS3UI5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 231248 —-a-r- c:\windows\system32\IS3Win325.dll
    2012-02-23 12:09 . 2012-02-23 12:09 100176 —-a-r- c:\windows\system32\IS3Svc5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 132944 —-a-r- c:\windows\system32\IS3HTUI5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 104272 —-a-r- c:\windows\system32\IS3Inet5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 67408 —-a-r- c:\windows\system32\IS3Hks5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 456528 —-a-r- c:\windows\system32\IS3DBA5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 808784 —-a-r- c:\windows\system32\IS3Base5.dll
    2012-02-23 08:18 . 2009-10-02 18:30 237072 ——w- c:\windows\system32\MpSigStub.exe
    2012-02-03 09:57 . 2004-08-04 12:00 1860224 —-a-w- c:\windows\system32\win32k.sys
    2002-06-06 22:56 . 2009-03-07 21:28 65536 —-a-w- c:\program files\movieid.exe
    2002-05-09 11:54 . 2009-03-07 21:28 967 —-a-w- c:\program files\MovieID.pif
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-04-13_19.53.32 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-04-16 08:00 . 2012-04-16 08:00 16384 c:\windows\Temp\Perflib_Perfdata_1c4.dat
    + 2012-04-16 08:09 . 2012-04-16 08:09 12568 c:\windows\system32\drivers\PROCEXP113.SYS
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-20 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
    "nwiz"="nwiz.exe" [2008-05-03 1630208]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
    .
    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    HP Photosmart Premier Snelstart.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
    Office Opstarten.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-9-22 51984]
    Ziggo Wireless Utility.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2009-7-15 1532001]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\TPSvc]
    TPSvc.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2009-08-13 13:51 177440 —-a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2006-02-19 00:41 49152 —-a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-11-12 15:33 141600 —-a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 17:03 1695232 —-a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2008-05-28 06:27 570664 —-a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
    2003-05-30 07:42 585728 —-a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2003-05-29 14:28 790528 -c–a-w- c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-07-20 19:30 39408 —-a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
    2002-11-23 00:15 631362 —-a-w- c:\program files\Logitech\iTouch\iTouch.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\HPZipm12.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
    "c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexingService.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [24-2-2012 15:28 99728]
    R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [29-3-2012 16:36 72080]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [24-3-2012 12:37 36000]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24-3-2012 12:37 86224]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [15-12-2008 11:45 654408]
    R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers
    pf.sys [27-1-2010 4:09 50704]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 18:19 13592]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [1-10-2008 17:45 57440]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [15-12-2008 11:45 22344]
    S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [24-2-2012 15:28 99728]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys –> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 gupdate1ca0970b9e2ef88;Google Updateservice (gupdate1ca0970b9e2ef88);c:\program files\Google\Update\GoogleUpdate.exe [20-7-2009 21:31 133104]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [24-7-2003 13:10 17149]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20-7-2009 21:31 133104]
    S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [27-2-2008 12:54 360547]
    S3 pbfilter;pbfilter;\??\d:\belangrijke bestanden\Programfiles1\PeerBlock\pbfilter.sys –> d:\belangrijke bestanden\Programfiles1\PeerBlock\pbfilter.sys [?]
    S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [14-1-2009 3:23 458752]
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    2012-04-13 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-20 16:47]
    .
    2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 19:31]
    .
    2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 19:31]
    .
    2012-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1957994488-1801674531-1004Core.job
    - c:\documents and settings\J. Spaans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-12 09:43]
    .
    2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1957994488-1801674531-1004UA.job
    - c:\documents and settings\J. Spaans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-12 09:43]
    .
    2012-04-16 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uSearchMigratedDefaultURL = hxxp://www.google.com/
    mSearchMigratedDefaultURL = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {{C180B365-AAB4-49c3-8E52-C37832A8C758}
    TCP: DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{4A38CB2B-E753-4794-92F5-DEDBDDCA09F2}: NameServer = 208.67.220.220,208.67.222.222
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - hxxp://www.cig.canon-europe.com/ph/nl_NL/st/download/ddup/CNIMGUP_01_210102E.cab
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-16 10:19
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•¤|ÿÿÿÿ•¤|ù•9~*]
    "3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'explorer.exe'(2628)
    c:\windows\system32\msls31.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Voltooingstijd: 2012-04-16 10:23:32
    ComboFix-quarantined-files.txt 2012-04-16 08:23
    ComboFix2.txt 2012-04-13 19:57
    .
    Pre-Run: 4.159.864.832 bytes beschikbaar
    Post-Run: 4.140.482.560 bytes beschikbaar
    .
    - - End Of File - - 652D5798A7AF69A45F53D0CAFF99131F
  • Hoe gaat het nu?
  • [quote:caa0d187f5="Abraham54"]Hoe gaat het nu?[/quote:caa0d187f5]

    Hallo Abraham,

    De situatie is ongewijzigd. De browser start nog steeds op met http://www.searchnu.com/406. Ik kan zoals eerder ook wel een ander tabblad selecteren en via Google zoeken. Ook kan ik het tabblad http://www.searchnu.com/406 verwijderen. Als ik mijn browser beëindig en weer opstart, is het er weer, ondanks het feit dat www.Google.nl als standaard browser is ingesteld. Hardnekkig probleem.
  • Jij gebruikt nog steeds IE8 - is het niet?

    Doe dan het volgende:

    [list:aeb9d5e02a][*:aeb9d5e02a]klik in IE op de knop [u:aeb9d5e02a]Extra[/color:aeb9d5e02a][/u:aeb9d5e02a] en kies [u:aeb9d5e02a]Internetopties[/color:aeb9d5e02a][/u:aeb9d5e02a].
    [list:aeb9d5e02a][*:aeb9d5e02a]Of ga via het [u:aeb9d5e02a]Configuratiescherm[/color:aeb9d5e02a][/u:aeb9d5e02a] naar [u:aeb9d5e02a]Internetopties[/color:aeb9d5e02a][/u:aeb9d5e02a][/list:u:aeb9d5e02a]
    [*:aeb9d5e02a]Klik dan op de tab [u:aeb9d5e02a]Geavanceerd[/color:aeb9d5e02a][/u:aeb9d5e02a] en daar klik je op de knop [u:aeb9d5e02a]Opnieuw instellen[/color:aeb9d5e02a][/u:aeb9d5e02a].
    [*:aeb9d5e02a]Er volgt eerst en waarschuwing en een overzicht van de gevolgen door de actie![/list:u:aeb9d5e02a]
    [list:aeb9d5e02a][*:aeb9d5e02a]Daarbij wordt een uitgebreide schoonmaakactie uitgevoerd.
    [*:aeb9d5e02a]Ook worden ook invoegtoepassingen (zoals bijv. extra zoekbalken van derden) uitgeschakeld.[/list:u:aeb9d5e02a]
    [list:aeb9d5e02a][*:aeb9d5e02a]De favorieten blijven behouden.
    [*:aeb9d5e02a]Bevestig dan ook de waarschuwing door nogmaals op de knop [u:aeb9d5e02a]Opnieuw instellen[/color:aeb9d5e02a][/u:aeb9d5e02a]te klikken.[/list:u:aeb9d5e02a]
    [b:aeb9d5e02a]Na deze actie is Internet Explorer bijna weer als nieuw.[/b:aeb9d5e02a]
  • Jij gebruikt nog steeds IE8 - is het niet?

    Hallo Abraham,

    Helaas heeft het niet geholpen. Voordat ik de hulp van dit forum inriep heb ik het internet geraadpleegd. Ik las toen al dat het lastig is om deze toevoeging te verwijderen.
  • Dan gaan we wat anders doen: download [b:32429c2939]OTL[/color:32429c2939][/b:32429c2939] en plaats het bestand op je bureaublad.

    [b:32429c2939]"OTL.com" gebruiken[/b:32429c2939][/color:32429c2939]:
    [list:32429c2939][*:32429c2939] [b:32429c2939]Sluit nu eerst alle nog openstaande programmavensters![/color:32429c2939][/b:32429c2939]
    [list:32429c2939][*:32429c2939] [b:32429c2939]Start het tool middels dubbelklik op "OTL.com".[/b:32429c2939]
    [/list:u:32429c2939][/list:u:32429c2939]
    [list:32429c2939][*:32429c2939]Zet een vinkje bij [b:32429c2939]Scan All Users[/b:32429c2939][/color:32429c2939].
    [*:32429c2939]Klik op de knop [b:32429c2939]Quick Scan[/b:32429c2939][/color:32429c2939].
    [*:32429c2939]Verander de instellingen van OTL niet, tenzij ik hiervoor specifiek instructies geef.
    [*:32429c2939]De scan zal niet heel erg lang duren.
    [list:32429c2939][*:32429c2939]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is. [b:32429c2939]OTL.Txt[/b:32429c2939] en [b:32429c2939]Extras.txt[/b:32429c2939].
    [*:32429c2939]Deze logbestanden zijn opgeslagen in dezelfde locatie als OTL.
    [*:32429c2939]Kopieer vervolgens de inhoud van zowel OTL.txt alsook Extras.txt en plak die gegevens in je volgende bericht.[/list:u:32429c2939][/list:u:32429c2939]
  • Hallo Abraham,

    Fijn dat je verder wilt helpen! Hieronder de gevraagde logs (dat je hier nog raad mee weet?):

    OTL logfile created on: 17-4-2012 22:04:25 - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\J. Spaans\Bureaublad\OTL
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    1022,73 Mb Total Physical Memory | 688,46 Mb Available Physical Memory | 67,32% Memory free
    2,41 Gb Paging File | 1,86 Gb Available in Paging File | 77,47% Paging File free
    Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 19,53 Gb Total Space | 3,86 Gb Free Space | 19,76% Space Free | Partition Type: NTFS
    Drive D: | 170,37 Gb Total Space | 108,96 Gb Free Space | 63,95% Space Free | Partition Type: NTFS

    Computer Name: J-4CFF97CD5FDA4 | User Name: J. Spaans | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========[/color:a3c86ff1bf]

    PRC - [2012-04-17 22:02:12 | 000,593,920 | —- | M] (OldTimer Tools) – C:\Documents and Settings\J. Spaans\Bureaublad\OTL\OTL.com
    PRC - [2012-04-04 15:56:40 | 000,654,408 | —- | M] (Malwarebytes Corporation) – C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012-04-04 13:13:18 | 000,067,408 | R— | M] (iS3, Inc.) – C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    PRC - [2012-01-31 09:57:32 | 000,080,336 | —- | M] (Avira Operations GmbH & Co. KG) – C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2012-01-31 09:57:06 | 000,086,224 | —- | M] (Avira Operations GmbH & Co. KG) – C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2012-01-31 09:56:50 | 000,258,512 | —- | M] (Avira Operations GmbH & Co. KG) – C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2012-01-31 09:56:50 | 000,110,032 | —- | M] (Avira Operations GmbH & Co. KG) – C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2009-07-15 11:17:38 | 001,532,001 | —- | M] (NETGEAR) – C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
    PRC - [2008-06-27 17:24:34 | 000,467,028 | —- | M] (Atheros) – C:\WINDOWS\system32\acs.exe
    PRC - [2008-04-14 19:02:58 | 001,037,312 | —- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe
    PRC - [2008-01-22 11:13:32 | 001,201,448 | —- | M] (Nero AG) – C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    PRC - [2008-01-22 11:13:20 | 000,152,872 | —- | M] (Nero AG) – C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    PRC - [2007-08-09 09:27:52 | 000,073,728 | —- | M] (HP) – C:\WINDOWS\system32\HPZipm12.exe
    PRC - [2006-11-03 18:20:12 | 000,866,584 | —- | M] (Microsoft Corporation) – C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2006-11-03 18:19:58 | 000,013,592 | —- | M] (Microsoft Corporation) – C:\Program Files\Windows Defender\MsMpEng.exe
    PRC - [2006-02-10 07:56:12 | 000,479,232 | —- | M] (Hewlett-Packard Development Company, L.P.) – C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    PRC - [2002-09-20 15:50:10 | 000,045,056 | —- | M] (Analog Devices, Inc.) – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    PRC - [1997-09-22 00:00:00 | 000,051,984 | —- | M] () – C:\Program Files\Microsoft Office\Office\OSA.EXE


    ========== Modules (No Company Name) ==========[/color:a3c86ff1bf]

    MOD - [2012-04-12 14:53:09 | 000,843,776 | —- | M] () – c:\windows\assembly
    ativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_4b363b73\system.drawing.dll
    MOD - [2012-04-12 14:53:00 | 003,035,136 | —- | M] () – c:\windows\assembly
    ativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_701811ec\system.windows.forms.dll
    MOD - [2012-04-12 14:52:35 | 000,471,040 | —- | M] () – c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
    MOD - [2012-04-04 13:06:14 | 000,139,264 | R— | M] () – C:\Program Files\Common Files\iS3\Anti-Spyware\SZEngine.dll
    MOD - [2012-02-05 13:41:50 | 000,181,616 | —- | M] () – C:\Documents and Settings\All Users\Application Data\STOPzilla!\VIPRE\libMachoUniv.dll
    MOD - [2012-02-05 13:41:48 | 000,210,288 | —- | M] () – C:\Documents and Settings\All Users\Application Data\STOPzilla!\VIPRE\libBase64.dll
    MOD - [2012-01-31 09:57:08 | 000,398,288 | —- | M] () – C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
    MOD - [2012-01-10 23:05:27 | 003,391,488 | —- | M] () – c:\windows\assembly
    ativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7c5e8321\mscorlib.dll
    MOD - [2012-01-10 23:05:13 | 002,088,960 | —- | M] () – c:\windows\assembly
    ativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_f8b2aa86\system.xml.dll
    MOD - [2012-01-10 23:04:51 | 001,966,080 | —- | M] () – c:\windows\assembly
    ativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_8a01c7d1\system.dll
    MOD - [2012-01-10 23:04:36 | 001,232,896 | —- | M] () – c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
    MOD - [2012-01-10 23:04:34 | 002,064,384 | —- | M] () – c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
    MOD - [2008-05-10 10:25:43 | 000,069,632 | —- | M] () – c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
    MOD - [2008-05-10 10:25:43 | 000,065,536 | —- | M] () – c:\windows\assembly\gac\hpqisrtb.resources\4.0.0.0_nl_a53cf5803f4c3827\hpqisrtb.resources.dll
    MOD - [2008-05-10 10:25:35 | 000,376,832 | —- | M] () – c:\windows\assembly\gac\hpqedit.resources\3.0.0.0_nl_a53cf5803f4c3827\hpqedit.resources.dll
    MOD - [2008-05-10 10:25:34 | 001,163,264 | —- | M] () – c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
    MOD - [2008-05-10 10:25:34 | 000,790,528 | —- | M] () – c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
    MOD - [2008-05-10 10:25:33 | 000,258,048 | —- | M] () – c:\windows\assembly\gac\hpqbakup.resources\3.0.0.0_nl_a53cf5803f4c3827\hpqbakup.resources.dll
    MOD - [2008-05-10 10:25:30 | 000,163,840 | —- | M] () – c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
    MOD - [2008-05-10 10:25:28 | 000,057,344 | —- | M] () – c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
    MOD - [2008-05-10 10:25:28 | 000,053,248 | —- | M] () – c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
    MOD - [2008-05-10 10:25:28 | 000,016,384 | —- | M] () – c:\windows\assembly\gac\hpqprrsc.resources\4.0.0.0_nl_a53cf5803f4c3827\hpqprrsc.resources.dll
    MOD - [2008-05-10 10:25:27 | 000,065,536 | —- | M] () – c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
    MOD - [2008-05-10 10:25:25 | 000,430,080 | —- | M] () – c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll
    MOD - [2008-05-10 10:25:25 | 000,090,112 | —- | M] () – c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
    MOD - [2008-05-10 10:25:25 | 000,086,016 | —- | M] () – c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll
    MOD - [2008-05-10 10:25:25 | 000,081,920 | —- | M] () – c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll
    MOD - [2008-05-10 10:25:25 | 000,077,824 | —- | M] () – c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll
    MOD - [2008-05-10 10:25:25 | 000,069,632 | —- | M] () – c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
    MOD - [2008-05-10 10:25:25 | 000,040,960 | —- | M] () – c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll
    MOD - [2008-05-10 10:25:23 | 000,014,848 | —- | M] () – c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll
    MOD - [2008-05-10 10:25:23 | 000,010,240 | —- | M] () – c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
    MOD - [2008-05-10 10:25:23 | 000,004,096 | —- | M] () – c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
    MOD - [2008-05-10 10:25:22 | 000,516,096 | —- | M] () – c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
    MOD - [2008-05-10 10:25:22 | 000,192,512 | —- | M] () – c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
    MOD - [2008-05-10 10:25:22 | 000,069,632 | —- | M] () – c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
    MOD - [2008-05-10 10:25:22 | 000,036,864 | —- | M] () – c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
    MOD - [2008-05-10 10:25:21 | 000,126,976 | —- | M] () – c:\windows\assembly\gac\hpqtray.resources\4.0.0.0_nl_a53cf5803f4c3827\hpqtray.resources.dll
    MOD - [2008-05-10 10:25:21 | 000,077,824 | —- | M] () – c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
    MOD - [2008-05-10 10:25:21 | 000,069,632 | —- | M] () – c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
    MOD - [2008-05-10 10:25:21 | 000,061,440 | —- | M] () – c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
    MOD - [2008-05-10 10:25:20 | 000,385,024 | —- | M] () – c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
    MOD - [2008-05-10 10:25:20 | 000,229,376 | —- | M] () – c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
    MOD - [2008-05-10 10:25:20 | 000,036,864 | —- | M] () – c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
    MOD - [2008-05-10 10:25:20 | 000,024,576 | —- | M] () – c:\windows\assembly\gac\hpqfmrsc.resources\4.0.0.0_nl_a53cf5803f4c3827\hpqfmrsc.resources.dll
    MOD - [2008-05-10 10:25:20 | 000,024,576 | —- | M] () – c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
    MOD - [2008-05-10 10:25:20 | 000,020,480 | —- | M] () – c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
    MOD - [2008-05-10 10:25:19 | 000,593,920 | —- | M] () – c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
    MOD - [2008-05-10 10:25:19 | 000,425,984 | —- | M] () – c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
    MOD - [2008-05-10 10:25:19 | 000,135,168 | —- | M] () – c:\windows\assembly\gac\hpqcc2.resources\3.0.0.0_nl_a53cf5803f4c3827\hpqcc2.resources.dll
    MOD - [2008-05-10 10:25:19 | 000,094,208 | —- | M] () – c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_nl_a53cf5803f4c3827\hpqcprsc.resources.dll
    MOD - [2007-05-09 12:49:59 | 001,339,392 | —- | M] () – c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
    MOD - [2007-05-09 12:19:45 | 000,081,920 | —- | M] () – c:\windows\assembly\gac\system.resources\1.0.5000.0_nl_b77a5c561934e089\system.resources.dll
    MOD - [2007-05-09 12:18:56 | 000,007,680 | —- | M] () – c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
    MOD - [2005-10-20 10:36:08 | 000,077,824 | R— | M] () – C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
    MOD - [2005-10-20 10:36:08 | 000,065,536 | R— | M] () – C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
    MOD - [1997-09-22 00:00:00 | 003,782,416 | —- | M] () – C:\Program Files\Microsoft Office\Office\MSO97.DLL
    MOD - [1997-09-22 00:00:00 | 000,051,984 | —- | M] () – C:\Program Files\Microsoft Office\Office\OSA.EXE


    ========== Win32 Services (SafeList) ==========[/color:a3c86ff1bf]

    SRV - File not found [On_Demand | Stopped] – %SystemRoot%\System32\appmgmts.dll – (AppMgmt)
    SRV - [2012-04-04 15:56:40 | 000,654,408 | —- | M] (Malwarebytes Corporation) [Auto | Running] – C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe – (MBAMService)
    SRV - [2012-04-04 13:13:18 | 000,067,408 | R— | M] (iS3, Inc.) [Auto | Running] – C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe – (szserver)
    SRV - [2012-01-31 09:57:06 | 000,086,224 | —- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] – C:\Program Files\Avira\AntiVir Desktop\sched.exe – (AntiVirSchedulerService)
    SRV - [2012-01-31 09:56:50 | 000,110,032 | —- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] – C:\Program Files\Avira\AntiVir Desktop\avguard.exe – (AntiVirService)
    SRV - [2008-06-27 17:24:34 | 000,467,028 | —- | M] (Atheros) [Auto | Running] – C:\WINDOWS\system32\acs.exe – (ACS)
    SRV - [2008-04-08 09:56:30 | 000,800,040 | —- | M] (Nero AG) [On_Demand | Stopped] – D:\Belangrijke bestanden\Programfiles1\Nero 7\Nero BackItUp\NBService.exe – (NBService)
    SRV - [2008-02-27 12:54:52 | 000,360,547 | —- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] – C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe – (jswpsapi)
    SRV - [2007-08-09 09:27:52 | 000,073,728 | —- | M] (HP) [Auto | Running] – C:\WINDOWS\system32\HPZipm12.exe – (Pml Driver HPZ12)
    SRV - [2006-11-03 18:19:58 | 000,013,592 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Defender\MsMpEng.exe – (WinDefend)
    SRV - [2002-09-20 15:50:10 | 000,045,056 | —- | M] (Analog Devices, Inc.) [Auto | Running] – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe – (SoundMAX Agent Service (default))


    ========== Driver Services (SafeList) ==========[/color:a3c86ff1bf]

    DRV - File not found [Kernel | On_Demand | Stopped] – – (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] – – (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] – – (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] – – (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] – – (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] – – (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] – D:\Belangrijke bestanden\Programfiles1\PeerBlock\pbfilter.sys – (pbfilter)
    DRV - File not found [Kernel | On_Demand | Stopped] – C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS – (MRENDIS5)
    DRV - File not found [Kernel | System | Stopped] – – (lbrtfdc)
    DRV - File not found [File_System | Boot | Stopped] – system32\DRIVERS\Lbd.sys – (Lbd)
    DRV - File not found [Kernel | System | Stopped] – – (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] – – (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] – C:\DOCUME~1\JC784~1.SPA\LOCALS~1\Temp\catchme.sys – (catchme)
    DRV - [2012-04-04 15:56:40 | 000,022,344 | —- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] – C:\WINDOWS\system32\drivers\mbam.sys – (MBAMProtector)
    DRV - [2012-03-29 16:36:48 | 000,072,080 | R— | M] (iS3, Inc.) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\SZKGFS.sys – (szkgfs)
    DRV - [2012-02-24 15:28:26 | 000,099,728 | R— | M] (iS3 Inc.) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\SZKG.sys – (szkg5)
    DRV - [2012-02-24 15:28:26 | 000,099,728 | R— | M] (iS3 Inc.) [Kernel | Boot | Stopped] – C:\WINDOWS\system32\drivers\is3srv.sys – (is3srv)
    DRV - [2012-01-31 09:57:31 | 000,137,416 | —- | M] (Avira GmbH) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\avipbb.sys – (avipbb)
    DRV - [2012-01-31 09:57:31 | 000,074,640 | —- | M] (Avira GmbH) [File_System | Auto | Running] – C:\WINDOWS\system32\drivers\avgntflt.sys – (avgntflt)
    DRV - [2011-09-16 17:09:17 | 000,036,000 | —- | M] (Avira GmbH) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\avkmgr.sys – (avkmgr)
    DRV - [2010-06-17 15:27:22 | 000,028,520 | —- | M] (Avira GmbH) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\ssmdrv.sys – (ssmdrv)
    DRV - [2010-01-27 04:09:02 | 000,050,704 | —- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers
    pf.sys – (npf)
    DRV - [2009-03-27 01:16:28 | 000,012,672 | —- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\cpuz132_x32.sys – (cpuz132)
    DRV - [2009-01-14 03:23:00 | 000,458,752 | —- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\WN111v2.sys – (WN111v2)
    DRV - [2008-10-01 17:45:52 | 000,057,440 | —- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\jswscimd.sys – (JSWSCIMD)
    DRV - [2007-12-14 05:31:00 | 000,057,408 | —- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\wsimd.sys – (WSIMD)
    DRV - [2003-07-24 13:10:34 | 000,017,149 | —- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\DNINDIS5.sys – (DNINDIS5)
    DRV - [2003-07-17 04:22:10 | 000,147,328 | R— | M] (3Com Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\EL2K_XP.sys – (EL2000)
    DRV - [2003-03-21 12:34:08 | 000,009,856 | —- | M] (Padus, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\pfc.sys – (pfc)
    DRV - [2002-11-15 04:15:00 | 000,012,640 | —- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\itchfltr.sys – (itchfltr)
    DRV - [2002-11-08 11:50:00 | 000,014,156 | —- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\LCCFLTR.SYS – (LCcfltr)
    DRV - [2002-09-20 04:53:34 | 000,235,100 | —- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\MidiSyn.sys – (MidiSyn)
    DRV - [1996-04-03 21:33:26 | 000,005,248 | —- | M] () [Kernel | Boot | Running] – C:\WINDOWS\system32\giveio.sys – (giveio)


    ========== Standard Registry (SafeList) ==========[/color:a3c86ff1bf]


    ========== Internet Explorer ==========[/color:a3c86ff1bf]

    IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.google.com/
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com
    esults.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-861567501-1957994488-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
    IE - HKU\S-1-5-21-861567501-1957994488-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/
    IE - HKU\S-1-5-21-861567501-1957994488-1801674531-1004\..\SearchScopes,DefaultScope = {41F2E1FC-FA21-446D-8C04-F0924B53010E}
    IE - HKU\S-1-5-21-861567501-1957994488-1801674531-1004\..\SearchScopes\{41F2E1FC-FA21-446D-8C04-F0924B53010E}: "URL" = http://www.google.nl/search?hl=nl&q={searchTerms}&rlz=1I7GPEA_nl
    IE - HKU\S-1-5-21-861567501-1957994488-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-861567501-1957994488-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;*.local


    ========== FireFox ==========[/color:a3c86ff1bf]

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins
    pitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player
    pdivx32.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin
    ew_plugin
    pjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652
    pCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111
    pGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111
    pGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\J. Spaans\Local Settings\Application Data\Google\Update\1.3.21.111
    pGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\J. Spaans\Local Settings\Application Data\Google\Update\1.3.21.111
    pGoogleUpdate3.dll (Google Inc.)



    ========== Chrome ==========[/color:a3c86ff1bf]

    CHR - default_search_provider: Search Results (Enabled)
    CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=101&systemid=406&sr=0&q={searchTerms}
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\J. Spaans\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\J. Spaans\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\J. Spaans\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser
    ppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin
    ew_plugin
    pdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin
    ew_plugin
    pjp2.dll
    CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins
    pqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins
    pqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins
    pqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins
    pqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins
    pqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins
    pqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins
    pqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player
    pdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player
    pwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player
    pdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\J. Spaans\Local Settings\Application Data\Google\Update\1.3.21.99
    pGoogleUpdate3.dll
    CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652
    pCIDetect14.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins
    pitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Documents and Settings\J. Spaans\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Zoeken = C:\Documents and Settings\J. Spaans\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Documents and Settings\J. Spaans\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012-04-13 21:53:02 | 000,000,027 | —- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32
    wiz.exe ()
    O4 - HKU\S-1-5-21-861567501-1957994488-1801674531-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Photosmart Premier Snelstart.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
    O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Ziggo Wireless Utility.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe (NETGEAR)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-861567501-1957994488-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-861567501-1957994488-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-861567501-1957994488-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-861567501-1957994488-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-861567501-1957994488-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
    O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab (JordanUploader Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198315244015 (MUWebControl Class)
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} http://www.cig.canon-europe.com/ph/nl_NL/st/download/ddup/CNIMGUP_01_210102E.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A38CB2B-E753-4794-92F5-DEDBDDCA09F2}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D581D448-7A84-41F6-A668-AF7073A69FF0}: DhcpNameServer = 10.0.0.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
    O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\J. Spaans\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\J. Spaans\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007-05-09 11:19:26 | 000,000,000 | —- | M] () - C:\AUTOEXEC.BAT – [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] – "%1" %*
    O35 - HKLM\..exefile [open] – "%1" %*
    O37 - HKLM\…com [@ = ComFile] – "%1" %*
    O37 - HKLM\…exe [@ = exefile] – "%1" %*
    O37 - HKU\S-1-5-21-861567501-1957994488-1801674531-1004\…exe [@ = exefile] – Reg Error: Key error. File not found

    ========== Files/Folders - Created Within 30 Days ==========[/color:a3c86ff1bf]

    [2012-04-17 22:02:38 | 000,000,000 | —D | C] – C:\Documents and Settings\J. Spaans\Bureaublad\OTL
    [2012-04-16 10:31:29 | 000,000,000 | -HSD | C] – C:\RECYCLER
    [2012-04-16 10:09:06 | 000,012,568 | —- | C] (Sysinternals - www.sysinternals.com) – C:\WINDOWS\System32\drivers\PROCEXP113.SYS
    [2012-04-15 12:03:52 | 000,000,000 | —D | C] – C:\Documents and Settings\J. Spaans\Bureaublad\prive
    [2012-04-15 12:00:38 | 000,000,000 | —D | C] – C:\Documents and Settings\J. Spaans\Bureaublad\werk etc
    [2012-04-14 11:15:07 | 000,000,000 | —D | C] – C:\Documents and Settings\J. Spaans\Mijn documenten\Nieuwe map
    [2012-04-14 11:06:01 | 001,585,560 | —- | C] (Emsi Software GmbH) – C:\Documents and Settings\J. Spaans\Bureaublad\start.exe
    [2012-04-14 11:05:58 | 000,000,000 | —D | C] – C:\Documents and Settings\J. Spaans\Bureaublad\Run
    [2012-04-14 11:05:58 | 000,000,000 | —D | C] – C:\Documents and Settings\J. Spaans\Bureaublad\Languages
    [2012-04-14 10:50:19 | 000,446,464 | —- | C] (OldTimer Tools) – C:\Documents and Settings\J. Spaans\Bureaublad\TFC.exe
    [2012-04-13 21:41:04 | 000,518,144 | —- | C] (SteelWerX) – C:\WINDOWS\SWREG.exe
    [2012-04-13 21:41:04 | 000,406,528 | —- | C] (SteelWerX) – C:\WINDOWS\SWSC.exe
    [2012-04-13 21:41:04 | 000,212,480 | —- | C] (SteelWerX) – C:\WINDOWS\SWXCACLS.exe
    [2012-04-13 21:41:04 | 000,060,416 | —- | C] (NirSoft) – C:\WINDOWS\NIRCMD.exe
    [2012-04-13 21:40:46 | 000,000,000 | —D | C] – C:\Qoobox
    [2012-04-13 21:38:33 | 004,461,135 | R— | C] (Swearware) – C:\Documents and Settings\J. Spaans\Bureaublad\ComboFix.exe
    [2012-04-13 21:07:25 | 000,000,000 | —D | C] – C:\TDSSStarter
    [2012-04-13 10:34:57 | 000,607,260 | —- | C] (Swearware) – C:\Documents and Settings\J. Spaans\Bureaublad\dds.pif
    [2012-04-13 10:34:57 | 000,000,000 | -H-D | C] – C:\WINDOWS\PIF
    [2012-04-13 10:34:49 | 000,607,260 | R— | C] (Swearware) – C:\Documents and Settings\J. Spaans\Bureaublad\dds.scr
    [2012-04-13 10:29:59 | 000,607,260 | —- | C] (Swearware) – C:\Documents and Settings\J. Spaans\Bureaublad\dds.com
    [2012-04-12 18:43:55 | 000,000,000 | —D | C] – C:\Program Files\Trend Micro
    [2012-04-12 18:43:55 | 000,000,000 | —D | C] – C:\Documents and Settings\J. Spaans\Menu Start\Programma's\HiJackThis
    [2012-04-12 16:21:49 | 000,101,112 | R— | C] (GFI Software) – C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2012-04-12 16:21:49 | 000,042,864 | R— | C] (GFI Software) – C:\WINDOWS\System32\SBBD.EXE
    [2012-04-12 16:21:46 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Menu Start\Programma's\STOPzilla
    [2012-04-12 16:21:41 | 000,000,000 | —D | C] – C:\Program Files\STOPzilla!
    [2012-04-12 16:21:39 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2012-04-12 16:21:39 | 000,000,000 | —D | C] – C:\Program Files\Common Files\iS3
    [2012-04-12 16:09:06 | 000,000,000 | RH-D | C] – C:\Documents and Settings\J. Spaans\Onlangs geopend
    [2012-04-04 13:13:38 | 000,023,376 | R— | C] (iS3, Inc.) – C:\WINDOWS\System32\SZIO5.dll
    [2012-04-04 13:13:26 | 000,546,640 | R— | C] (iS3, Inc.) – C:\WINDOWS\System32\SZComp5.dll
    [2012-04-04 13:13:22 | 000,481,104 | R— | C] (iS3, Inc.) – C:\WINDOWS\System32\SZBase5.dll
    [2012-03-29 16:36:48 | 000,072,080 | R— | C] (iS3, Inc.) – C:\WINDOWS\System32\drivers\SZKGFS.sys
    [2012-03-24 12:43:05 | 000,000,000 | —D | C] – C:\Documents and Settings\J. Spaans\Application Data\Avira
    [2012-03-24 12:37:41 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Menu Start\Programma's\Avira
    [2012-03-24 12:37:21 | 000,028,520 | —- | C] (Avira GmbH) – C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2012-03-24 12:37:19 | 000,137,416 | —- | C] (Avira GmbH) – C:\WINDOWS\System32\drivers\avipbb.sys
    [2012-03-24 12:37:19 | 000,074,640 | —- | C] (Avira GmbH) – C:\WINDOWS\System32\drivers\avgntflt.sys
    [2012-03-24 12:37:19 | 000,036,000 | —- | C] (Avira GmbH) – C:\WINDOWS\System32\drivers\avkmgr.sys
    [2012-03-24 12:37:15 | 000,000,000 | —D | C] – C:\Program Files\Avira
    [2012-03-24 12:37:15 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Avira
    [8 C:\Documents and Settings\J. Spaans\Bureaublad\*.tmp files -> C:\Documents and Settings\J. Spaans\Bureaublad\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========[/color:a3c86ff1bf]

    [2012-04-17 21:48:20 | 000,000,330 | -H– | M] () – C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2012-04-17 21:46:11 | 000,013,646 | —- | M] () – C:\WINDOWS\System32\wpa.dbl
    [2012-04-17 21:45:32 | 000,177,182 | —- | M] () – C:\WINDOWS\System32
    vapps.xml
    [2012-04-17 21:45:10 | 000,002,048 | –S- | M] () – C:\WINDOWS\bootstat.dat
    [2012-04-17 21:45:08 | 1072,484,352 | -HS- | M] () – C:\hiberfil.sys
    [2012-04-16 22:27:59 | 000,001,152 | —- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1957994488-1801674531-1004UA.job
    [2012-04-16 15:35:06 | 000,001,187 | —- | M] () – C:\Documents and Settings\J. Spaans\intlname.ols
    [2012-04-16 12:58:24 | 000,134,144 | —- | M] () – C:\Documents and Settings\J. Spaans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012-04-16 12:58:15 | 000,000,182 | —- | M] () – C:\WINDOWS\NeroDigital.ini
    [2012-04-16 10:09:06 | 000,012,568 | —- | M] (Sysinternals - www.sysinternals.com) – C:\WINDOWS\System32\drivers\PROCEXP113.SYS
    [2012-04-14 11:05:22 | 129,414,255 | —- | M] () – C:\Documents and Settings\J. Spaans\Bureaublad\EmsisoftEmergencyKit.zip
    [2012-04-14 10:50:11 | 000,446,464 | —- | M] (OldTimer Tools) – C:\Documents and Settings\J. Spaans\Bureaublad\TFC.exe
    [2012-04-14 06:50:22 | 000,000,112 | —- | M] () – C:\Documents and Settings\J. Spaans\Bureaublad\autorun.inf
    [2012-04-14 06:50:20 | 001,585,560 | —- | M] (Emsi Software GmbH) – C:\Documents and Settings\J. Spaans\Bureaublad\start.exe
    [2012-04-14 06:50:12 | 000,000,060 | —- | M] () – C:\Documents and Settings\J. Spaans\Bureaublad\CommandlineScanner.bat
    [2012-04-14 06:50:12 | 000,000,056 | —- | M] () – C:\Documents and Settings\J. Spaans\Bureaublad\EmergencyKitScanner.bat
    [2012-04-14 00:24:00 | 000,001,100 | —- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1957994488-1801674531-1004Core.job
    [2012-04-13 21:53:02 | 000,000,027 | —- | M] () – C:\WINDOWS\System32\drivers\etc\hosts
    [2012-04-13 21:38:35 | 004,461,135 | R— | M] (Swearware) – C:\Documents and Settings\J. Spaans\Bureaublad\ComboFix.exe
    [2012-04-13 21:05:50 | 000,093,184 | —- | M] () – C:\Documents and Settings\J. Spaans\Bureaublad\TDSSKStarter.exe
    [2012-04-13 20:56:37 | 000,126,976 | —- | M] () – C:\Documents and Settings\J. Spaans\Bureaublad\ResetTeaTimer.exe
    [2012-04-13 14:50:00 | 000,000,968 | —- | M] () – C:\WINDOWS\tasks\Google Software Updater.job
    [2012-04-13 10:34:56 | 000,607,260 | —- | M] (Swearware) – C:\Documents and Settings\J. Spaans\Bureaublad\dds.pif
    [2012-04-13 10:34:45 | 000,607,260 | R— | M] (Swearware) – C:\Documents and Settings\J. Spaans\Bureaublad\dds.scr
    [2012-04-13 10:29:54 | 000,607,260 | —- | M] (Swearware) – C:\Documents and Settings\J. Spaans\Bureaublad\dds.com
    [2012-04-13 10:00:10 | 000,000,784 | —- | M] () – C:\Documents and Settings\All Users\Bureaublad\Malwarebytes Anti-Malware.lnk
    [2012-04-13 09:49:59 | 000,000,792 | —- | M] () – C:\Documents and Settings\J. Spaans\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook starten.lnk
    [2012-04-12 18:43:56 | 000,001,992 | —- | M] () – C:\Documents and Settings\J. Spaans\Bureaublad\HiJackThis.lnk
    [2012-04-12 14:51:19 | 000,512,332 | —- | M] () – C:\WINDOWS\System32\perfh013.dat
    [2012-04-12 14:51:19 | 000,444,494 | —- | M] () – C:\WINDOWS\System32\perfh009.dat
    [2012-04-12 14:51:19 | 000,092,098 | —- | M] () – C:\WINDOWS\System32\perfc013.dat
    [2012-04-12 14:51:19 | 000,072,370 | —- | M] () – C:\WINDOWS\System32\perfc009.dat
    [2012-04-10 10:07:49 | 000,001,080 | —- | M] () – C:\WINDOWS\AUTOLNCH.REG
    [2012-04-10 04:27:37 | 000,002,296 | —- | M] () – C:\Documents and Settings\J. Spaans\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012-04-04 15:56:40 | 000,022,344 | —- | M] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbam.sys
    [2012-04-04 13:13:38 | 000,023,376 | R— | M] (iS3, Inc.) – C:\WINDOWS\System32\SZIO5.dll
    [2012-04-04 13:13:26 | 000,546,640 | R— | M] (iS3, Inc.) – C:\WINDOWS\System32\SZComp5.dll
    [2012-04-04 13:13:22 | 000,481,104 | R— | M] (iS3, Inc.) – C:\WINDOWS\System32\SZBase5.dll
    [2012-03-29 16:36:48 | 000,072,080 | R— | M] (iS3, Inc.) – C:\WINDOWS\System32\drivers\SZKGFS.sys
    [2012-03-23 04:46:28 | 000,001,044 | —- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012-03-23 04:46:28 | 000,001,040 | —- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012-03-20 00:14:16 | 000,000,193 | —- | M] () – C:\WINDOWS\hppsapp.INI
    [8 C:\Documents and Settings\J. Spaans\Bureaublad\*.tmp files -> C:\Documents and Settings\J. Spaans\Bureaublad\*.tmp -> ]

    ========== Files Created - No Company Name ==========[/color:a3c86ff1bf]

    [2012-04-14 11:06:01 | 000,000,112 | —- | C] () – C:\Documents and Settings\J. Spaans\Bureaublad\autorun.inf
    [2012-04-14 11:05:59 | 000,000,060 | —- | C] () – C:\Documents and Settings\J. Spaans\Bureaublad\CommandlineScanner.bat
    [2012-04-14 11:05:59 | 000,000,056 | —- | C] () – C:\Documents and Settings\J. Spaans\Bureaublad\EmergencyKitScanner.bat
    [2012-04-14 11:04:29 | 129,414,255 | —- | C] () – C:\Documents and Settings\J. Spaans\Bureaublad\EmsisoftEmergencyKit.zip
    [2012-04-13 21:41:04 | 000,256,000 | —- | C] () – C:\WINDOWS\PEV.exe
    [2012-04-13 21:41:04 | 000,208,896 | —- | C] () – C:\WINDOWS\MBR.exe
    [2012-04-13 21:41:04 | 000,098,816 | —- | C] () – C:\WINDOWS\sed.exe
    [2012-04-13 21:41:04 | 000,080,412 | —- | C] () – C:\WINDOWS\grep.exe
    [2012-04-13 21:41:04 | 000,068,096 | —- | C] () – C:\WINDOWS\zip.exe
    [2012-04-13 21:06:01 | 000,093,184 | —- | C] () – C:\Documents and Settings\J. Spaans\Bureaublad\TDSSKStarter.exe
    [2012-04-13 20:56:46 | 000,126,976 | —- | C] () – C:\Documents and Settings\J. Spaans\Bureaublad\ResetTeaTimer.exe
    [2012-04-12 18:43:56 | 000,001,992 | —- | C] () – C:\Documents and Settings\J. Spaans\Bureaublad\HiJackThis.lnk
    [2012-03-20 00:14:16 | 000,000,193 | —- | C] () – C:\WINDOWS\hppsapp.INI
    [2012-02-19 13:05:57 | 000,003,072 | —- | C] () – C:\WINDOWS\System32\iacenc.dll
    [2011-01-29 00:19:54 | 000,093,200 | —- | C] () – C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

    ========== LOP Check ==========[/color:a3c86ff1bf]

    [2012-03-14 23:58:30 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\boost_interprocess
    [2007-09-22 02:33:46 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\MailFrontier
    [2010-01-17 13:18:22 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\NETGEAR
    [2011-01-07 01:06:04 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\Snapfish Fotoboeken
    [2012-04-17 22:00:18 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2009-09-12 02:35:08 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\WinZip
    [2009-09-28 13:45:40 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009-07-04 17:05:40 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2011-07-17 22:16:26 | 000,000,000 | —D | M] – C:\Documents and Settings\J. Spaans\Application Data\Belastingdienst
    [2008-11-29 16:10:45 | 000,000,000 | —D | M] – C:\Documents and Settings\J. Spaans\Application Data\LaCie
    [2012-03-11 21:17:54 | 000,000,000 | —D | M] – C:\Documents and Settings\J. Spaans\Application Data\searchquband
    [2012-04-17 21:48:20 | 000,000,330 | -H– | M] () – C:\WINDOWS\Tasks\MP Scheduled Scan.job

    ========== Purity Check ==========[/color:a3c86ff1bf]



    < End of report >

    OTL Extras logfile created on: 17-4-2012 22:04:25 - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\J. Spaans\Bureaublad\OTL
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    1022,73 Mb Total Physical Memory | 688,46 Mb Available Physical Memory | 67,32% Memory free
    2,41 Gb Paging File | 1,86 Gb Available in Paging File | 77,47% Paging File free
    Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 19,53 Gb Total Space | 3,86 Gb Free Space | 19,76% Space Free | Partition Type: NTFS
    Drive D: | 170,37 Gb Total Space | 108,96 Gb Free Space | 63,95% Space Free | Partition Type: NTFS

    Computer Name: J-4CFF97CD5FDA4 | User Name: J. Spaans | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========[/color:a3c86ff1bf]


    ========== File Associations ==========[/color:a3c86ff1bf]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] – rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] – rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-861567501-1957994488-1801674531-1004\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] – Reg Error: Key error. File not found
    .html [@ = ChromeHTML] – Reg Error: Key error. File not found

    ========== Shell Spawning ==========[/color:a3c86ff1bf]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] – "%1" %*
    cmdfile [open] – "%1" %*
    comfile [open] – "%1" %*
    cplfile [cplopen] – rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] – "%1" %*
    InternetShortcut [open] – rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] – "%1" %*
    regfile [merge] – Reg Error: Key error.
    scrfile [config] – "%1"
    scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] – "%1" /S
    txtfile [edit] – Reg Error: Key error.
    Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] – %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] – %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========[/color:a3c86ff1bf]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========[/color:a3c86ff1bf]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========[/color:a3c86ff1bf]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========[/color:a3c86ff1bf]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\HPZipm12.exe" = C:\WINDOWS\system32\HPZipm12.exe:*:Enabled:HPZipm12 – (HP)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color:a3c86ff1bf]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch-software
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
    "{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}" = Microsoft .NET Framework 1.1 Dutch Language Pack
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18BA2F73-9F8E-4938-860E-F7BC31531608}" = Windows Communication Foundation Language Pack - NLD
    "{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
    "{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
    "{3004FB81-7B9E-4808-BD13-BC5A530BA60B}" = cp_PrintOnCDConfig
    "{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
    "{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
    "{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
    "{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software
    "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
    "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}" = LaCie Backup Software v1.5.2378
    "{601F42A9-8B4F-4650-A472-4CA8325E3E87}" = D6100
    "{64371D22-A18B-436E-863B-2E12DA8042FF}" = Microsoft .NET Framework 3.0 Dutch Language Pack
    "{655A0785-CB7A-42C2-A1AE-B3FE1BFB2617}" = Windows Presentation Foundation Language Pack (NLD)
    "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
    "{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{714B6179-84C4-4FBE-B934-B6CF75ED37A5}" = D6100_D7100_D7300_Help
    "{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
    "{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
    "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
    "{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
    "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
    "{90120000-0020-0413-0000-0000000FF1CE}" = Compatibiliteitspakket voor het 2007 Microsoft Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91130413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Editie 2003
    "{98EFD8F0-08DE-48DB-B922-A2EBAB711043}" = Nero 7 Premium
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{A06BD059-8EDE-41F3-B91A-73C2C6811187}" = Windows Workflow Foundation NL Language Pack
    "{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1043-7B44-A83000000003}" = Adobe Reader 8.3.1 - Nederlands
    "{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext
    "{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
    "{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
    "{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
    "{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
    "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF6E7481-4487-46D3-810A-F73EEA232CE0}" = Microsoft IntelliPoint 5.0
    "{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}" = HP Photosmart and Deskjet 7.0 Software (nld)
    "{D610D81C-36EE-4E1B-8346-1F515A5AF032}" = Microsoft .NET Framework 2.0 Language Pack - NLD
    "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
    "{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
    "{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-configuratieprogramma
    "7-Zip" = 7-Zip 4.65
    "Aangifte inkomstenbelasting 2009" = Aangifte inkomstenbelasting 2009
    "Aangifte inkomstenbelasting 2010" = Aangifte inkomstenbelasting 2010
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "ANWBToolbar" = ANWBToolbar 3.0.0 Build 183
    "Avira AntiVir Desktop" = Avira Free Antivirus
    "CCleaner" = CCleaner
    "CPUID HWMonitor_is1" = CPUID HWMonitor 1.14
    "Elecard Codec SDK G4 1.2.1.90504 Eval" = Elecard Codec SDK G4 Eval
    "FLV Player2.0.25" = FLV Player
    "Google Updater" = Google Updater
    "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
    "HP Photo & Imaging" = HP Photosmart Premier Software 6.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
    "HPExtendedCapabilities" = HP Customer Participation Program 7.0
    "Huur- en zorgtoeslag 2009" = Huur- en zorgtoeslag 2009
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
    "KeePass Password Safe_is1" = KeePass Password Safe 1.17
    "Language pack for Ad-Aware SE" = Language pack for Ad-Aware SE
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.61.0.1400
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
    "Microsoft .NET Framework 2.0 Language Pack - NLD" = Microsoft .NET Framework 2.0 Language Pack - NLD
    "Microsoft .NET Framework 3.0 Dutch Language Pack" = Microsoft .NET Framework 3.0 Nederlands taalpakket
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "Office8.0" = Microsoft Office 97 Standard
    "SpywareBlaster_is1" = SpywareBlaster 4.6
    "SystemRequirementsLab" = System Requirements Lab
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinPcapInst" = WinPcap 4.1.1
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "WMV9_VCM" = Microsoft Windows Media Video 9 VCM
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
    "Xvid_is1" = Xvid 1.2.2 final uninstall

    ========== HKEY_USERS Uninstall List ==========[/color:a3c86ff1bf]

    [HKEY_USERS\S-1-5-21-861567501-1957994488-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========[/color:a3c86ff1bf]

    [ Application Events ]
    Error - 29-11-2011 15:29:46 | Computer Name = J-4CFF97CD5FDA4 | Source = crypt32 | ID = 131080
    Description = Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    opvragen van de automatische update van het basislijstvolgordenummer van derden
    is mislukt met de fout: Deze bewerking is geretourneerd omdat de time-outperiode
    verlopen is.

    Error - 30-11-2011 17:52:23 | Computer Name = J-4CFF97CD5FDA4 | Source = crypt32 | ID = 131080
    Description = Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    opvragen van de automatische update van het basislijstvolgordenummer van derden
    is mislukt met de fout: Deze bewerking is geretourneerd omdat de time-outperiode
    verlopen is.

    Error - 1-12-2011 4:52:38 | Computer Name = J-4CFF97CD5FDA4 | Source = crypt32 | ID = 131080
    Description = Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    opvragen van de automatische update van het basislijstvolgordenummer van derden
    is mislukt met de fout: Deze bewerking is geretourneerd omdat de time-outperiode
    verlopen is.

    Error - 1-12-2011 8:25:35 | Computer Name = J-4CFF97CD5FDA4 | Source = crypt32 | ID = 131080
    Description = Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    opvragen van de automatische update van het basislijstvolgordenummer van derden
    is mislukt met de fout: Deze bewerking is geretourneerd omdat de time-outperiode
    verlopen is.

    Error - 1-12-2011 17:14:04 | Computer Name = J-4CFF97CD5FDA4 | Source = crypt32 | ID = 131080
    Description = Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    opvragen van de automatische update van het basislijstvolgordenummer van derden
    is mislukt met de fout: Deze bewerking is geretourneerd omdat de time-outperiode
    verlopen is.

    Error - 17-1-2012 12:41:25 | Computer Name = J-4CFF97CD5FDA4 | Source = crypt32 | ID = 131080
    Description = Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    opvragen van de automatische update van het basislijstvolgordenummer van derden
    is mislukt met de fout: Deze bewerking is geretourneerd omdat de time-outperiode
    verlopen is.

    Error - 1-2-2012 12:52:41 | Computer Name = J-4CFF97CD5FDA4 | Source = crypt32 | ID = 131080
    Description = Het
  • Hallo Jan - welke browser gebruik jij standaard?
    Is dat Google's Chrome?


    [b:d83da85cae]Sluit voordat je OTL de fix laat doen, eerst alle andere openstaande vensters![/b:d83da85cae]

    Start OTL[list:d83da85cae][*:d83da85cae]Plak de volgende (vetgedrukte, blauwe tekst) onder [b:d83da85cae]Custom Scans/Fixes[/b:d83da85cae][/color:d83da85cae]

    [b:d83da85cae]
    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [2012-03-11 21:17:54 | 000,000,000 | —D | M] – C:\Documents and Settings\J. Spaans\Application Data\searchquband

    :Services


    :Reg


    :Files


    :Commands
    [purity]

    [emptytemp]
    [emptyjava]
    [emptyflash]
    [createrestorepoint]
    [reboot][/color:d83da85cae][/b:d83da85cae]


    [*:d83da85cae]Klik daarna bovenaan op de knop [b:d83da85cae]Run Fix[/b:d83da85cae][/color:d83da85cae][*:d83da85cae]Laat het programma ongestoord zijn werk doen.
    [*:d83da85cae]De pc zal na afloop opnieuw opgestart worden.
    [*:d83da85cae]Post tevens de inhoud van het OTL-scanlog[/list:u:d83da85cae]
  • Hallo Jan - welke browser gebruik jij standaard?
    Is dat Google's Chrome?

    Hoi Abraham,

    Net thuis van mijn werk. Maar gelijk even draaien. Ik gebruik inderdaad Google's Chrome. Overigens nog niet zo lang.

    Nadat ik de FIX heb gestart kreeg ik na enige minuten de vermelding COMPLETED …… onderaan OTL. De PC sloot echter niet af en stond vast. Ik heb 'm met de aan\ uit knop uit en aan gezet. Ik heb OTL weer opgestart en kreeg direct daarop onderstaande log. Helaas zit die ….. nog steeds in de browser.

    All processes killed
    ========== OTL ==========
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    C:\Documents and Settings\J. Spaans\Application Data\searchquband folder moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: J. Spaans
    ->Temp folder emptied: 686135 bytes
    ->Temporary Internet Files folder emptied: 285167 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 17888981 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 410 bytes

    User: JC784~1~SPA

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 4460 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Y Tuurenhout
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4684 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 198209536 bytes

    Total Files Cleaned = 207,00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default User

    User: J. Spaans
    ->Java cache emptied: 0 bytes

    User: JC784~1~SPA

    User: LocalService

    User: NetworkService

    User: Y Tuurenhout
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: J. Spaans
    ->Flash cache emptied: 0 bytes

    User: JC784~1~SPA

    User: LocalService

    User: NetworkService

    User: Y Tuurenhout
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb

    Restore point Set: OTL Restore Point (0)

    OTL by OldTimer - Version 3.2.39.2 log created on 04182012_230346

    Files\Folders moved on Reboot…

    Registry entries deleted on Reboot…
  • Een en ander is het gevolg dat scantools nog niet met Google's Chrome overweg kunnen.
    Daarom gebruiken we weer OTL met een Chromescwitch.

    [b:2639274604]Sluit voordat je OTL de fix laat doen, eerst alle andere openstaande vensters![/b:2639274604]

    Start OTL[list:2639274604][*:2639274604]Plak de volgende (vetgedrukte, blauwe tekst) onder [b:2639274604]Custom Scans/Fixes[/b:2639274604][/color:2639274604]

    [b:2639274604]
    :OTL
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s[/color:2639274604][/b:2639274604]


    [*:2639274604]Klik daarna bovenaan op de knop [b:2639274604]Run Fix[/b:2639274604][/color:2639274604][*:2639274604]Laat het programma ongestoord zijn werk doen.
    [*:2639274604]De pc zal na afloop opnieuw opgestart worden.
    [*:2639274604]Post tevens de inhoud van het OTL-scanlog[/list:u:2639274604]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.