Vraag & Antwoord

Beveiliging & privacy

bestanden weg door virus

10 antwoorden
  • al mijn bestanden zijn letterlijk verdwenen en ik heb die bestanden echt nodig!!! wie kan mij ermee helpen? Volgens mij is dit de logfile Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:31:12, on 18-4-2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\PROGRA~2\AD-AWA~1\AdAware.exe C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe C:\Windows\PLFSetI.exe C:\ProgramData\VUOyWqOYGdRXu.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe C:\ProgramData\7NvWDE3vssCkMv.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\5736z-453g32mnkk\Desktop\HijackThis.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O8 - Extra context menu item: Zoek op het web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Ad-Aware (SBAMSvc) - Sunbelt Software - C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 6799 bytes
  • Hallo Demy, [img:c57b06410c]http://www.smartestcomputing.us.com/public/style_emoticons/default/smiley_says_hello.gif[/img:c57b06410c]welkom op dit geweldige forum. [b:c57b06410c]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:c57b06410c] [color=#0000FF:c57b06410c][list:c57b06410c][*:c57b06410c]Lees telkens elke instruktie eerst goed door. [*:c57b06410c]De gegeven instrukties gelden alleen jouw Windows. [*:c57b06410c]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat mogelijk serieuze problemen in Windows veroorzaken. [*:c57b06410c][b:c57b06410c]Installeer geen nieuwe programma's, updates of nieuwe hardware terwijl we met de fix bezig zijn. [*:c57b06410c]Gebruik ook geen andere programma's of tools dan diegenen waartoe ik opdracht geef.[/b:c57b06410c] [*:c57b06410c] Emoticons (smileys) a.u.b. uitzetten, wanneer je een log post. [*:c57b06410c]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken. [*:c57b06410c]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht. [*:c57b06410c]Ook indien je iets niet begrijpt, meldt dat dan. [*:c57b06410c]De fix, eenmaal gestart, dient afgewerkt te worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:c57b06410c][/color:c57b06410c] [color=#FF0000:c57b06410c][b:c57b06410c]Stap •1•[/b:c57b06410c][/color:c57b06410c] Download de [b:c57b06410c][url=http://download11.emsisoft.com/EmsisoftEmergencyKit.zip][color=#FF0000:c57b06410c]Emsisoft Emergency Kit[/color:c57b06410c][/url][/b:c57b06410c] naar het bureaublad en pak het [b:c57b06410c]ZIP[/b:c57b06410c] bestand uit. [list:c57b06410c] [*:c57b06410c] Open de map "[b:c57b06410c]EmsisoftEmergencyKit[/b:c57b06410c]" en dubbelklik op "[b:c57b06410c]Start.exe[/b:c57b06410c]" [*:c57b06410c] Klik nu op "[b:c57b06410c]Emergency Kit Scanner[/b:c57b06410c]" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "[b:c57b06410c]Ja[/b:c57b06410c]" [*:c57b06410c] Nadat de update gereed is en de melding "[b:c57b06410c]Update process is succesvol afgerond[/b:c57b06410c]" verschijnt, klikt u op "[b:c57b06410c]menu[/b:c57b06410c]" en dan op "[b:c57b06410c]Scan PC[/b:c57b06410c]" [*:c57b06410c] Selecteer de optie "[b:c57b06410c]Diep[/b:c57b06410c]" als deze niet standaard al zo is ingesteld. [*:c57b06410c] Klik Nu op de knop "[b:c57b06410c]Scan[/b:c57b06410c]" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af. [*:c57b06410c] Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is. [*:c57b06410c] Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "[b:c57b06410c]verwijder geselecteerde[/b:c57b06410c]"; bij de volgende melding die u krijgt, klikt u vervolgens op "[b:c57b06410c]Ja[/b:c57b06410c]" [*:c57b06410c] Indien het verwijderen gereed is, klikt u op de knop "[b:c57b06410c]View report[/b:c57b06410c]" en selecteert u het tekstbestand van deze scan met de naam zoals: [b:c57b06410c]a2scan_110730-111615.txt[/b:c57b06410c] [*:c57b06410c] Plaats de inhoud van dit LOG bestand straks in uw volgende bericht. [*:c57b06410c] [b:c57b06410c]Herstart nu de computer[/b:c57b06410c].[/list:u:c57b06410c] [color=#FF0000:c57b06410c][b:c57b06410c]Stap •2•[/b:c57b06410c][/color:c57b06410c] [b:c57b06410c]Welk programma[/b:c57b06410c]: Malwarebytes MBAM [b:c57b06410c]Waarvoor/waarom[/b:c57b06410c]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware. [b:c57b06410c]Moeilijkheidsgraad[/b:c57b06410c]: geen. [b:c57b06410c]Download Malwarebytes MBAM via één van deze locaties[/b:c57b06410c]: [list:c57b06410c][*:c57b06410c][url=http://www.softpedia.com/result.php?sid=&pid=1-423&r=Z2V0L0FudGl2aXJ1cy9NYWx3YXJlYnl0ZXMtQW50aS1NYWx3YXJlLnNodG1s][b:c57b06410c]Softpedia.com[/b:c57b06410c][/url][*:c57b06410c][url=http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html][b:c57b06410c]Majorgeeks.com[/b:c57b06410c][/url][/list:u:c57b06410c] [b:c57b06410c]Allereerst[/b:c57b06410c]:[list:c57b06410c][*:c57b06410c] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus. [*:c57b06410c] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'! [/list:u:c57b06410c] [b:c57b06410c]Malwarebytes MBAM opstarten[/b:c57b06410c]: [list:c57b06410c][*:c57b06410c] [b:c57b06410c][color=#0000FF:c57b06410c]Sluit nu eerst alle nog openstaande programmavensters![/color:c57b06410c][/b:c57b06410c] [list:c57b06410c][*:c57b06410c][b:c57b06410c][color=#0000FF:c57b06410c]Windows 2000[/color:c57b06410c][/b:c57b06410c] en [color=#0000FF:c57b06410c][b:c57b06410c]Windows XP[/b:c57b06410c][/color:c57b06410c]: start MBAM middels dubbelklik op de snelkoppeling. [*:c57b06410c][color=#0000FF:c57b06410c][b:c57b06410c]Windows Vista[/b:c57b06410c][/color:c57b06410c] en [color=#0000FF:c57b06410c][b:c57b06410c]Windows 7[/b:c57b06410c][/color:c57b06410c]: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.[/list:u:c57b06410c][/list:u:c57b06410c] [list:c57b06410c][*:c57b06410c][b:c57b06410c]Let op:[/b:c57b06410c] [list:c57b06410c][*:c57b06410c]Malwarebytes verstrekt nu de volledige versie van MBAM. [*:c57b06410c]Bij de eerstse start kijg je de mogelijkheid de volledige versie te gebruiken of de gratis versie. [*:c57b06410c]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken. [*:c57b06410c]Zodoende zal MBAM als gratis versie verder te gebruiken zijn[/list:u:c57b06410c][/list:u:c57b06410c] [img:c57b06410c]http://img30.imageshack.us/img30/3928/mbam2.png[/img:c57b06410c] [list:c57b06410c][*:c57b06410c][b:c57b06410c]Doe ook nog het volgende:[/b:c57b06410c] [list:c57b06410c][*:c57b06410c]Zodra het programma gestart is, ga dan naar het tabblad "[b:c57b06410c]Instellingen[/b:c57b06410c]". [*:c57b06410c]Vink hier aan: "[b:c57b06410c]Sluit Internet Explorer tijdens verwijdering van malware[/b:c57b06410c]".[/list:u:c57b06410c][/list:u:c57b06410c] [b:c57b06410c]Scannen[/b:c57b06410c]: [list:c57b06410c][*:c57b06410c] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'. [*:c57b06410c]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'. [*:c57b06410c]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:c57b06410c] [b:c57b06410c]Infecties gevonden[/b:c57b06410c]: [list:c57b06410c][*:c57b06410c]Klik nu eerst op OK om de melding weg te klikken [*:c57b06410c]Klik vervolgens rechtsonder op de knop Bekijk resultaten. [*:c57b06410c]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde. [*:c57b06410c]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [*:c57b06410c]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken! [*:c57b06410c]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:c57b06410c] [b:c57b06410c]MBAM-Log[/b:c57b06410c]: [list:c57b06410c][*:c57b06410c] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:c57b06410c] [b:c57b06410c]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:c57b06410c] [color=#FF0000:c57b06410c][b:c57b06410c]Stap •3•[/b:c57b06410c][/color:c57b06410c] [b:c57b06410c]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:c57b06410c] [list:c57b06410c][*:c57b06410c] EmsisoftEmergencyKit-logfile [*:c57b06410c] MBAM scanlog[/list:u:c57b06410c]
  • Heel erg bedankt abraham met de tips. ik heb de logs voor je gemaakt alleen heb nog steeds mijn bestanden niet terug... Emsisoft Emergency Kit - Versie 1.0 Laatste Update: 4/19/2012 5:16:04 PM Scaninstellingen: Scantype: Diepe Scan Objecten: Geheugen, Sporen, Cookies, C:\ Scan archieven: Aan Heuristieken: Uit ADS Scan: Aan Scan gestart: 4/19/2012 5:16:23 PM [3300] C:\ProgramData\VUOyWqOYGdRXu.exe Ontdekt: Trojan.Win32.FakeAV!IK C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@bs.serving-sys[2].txt Ontdekt: Trace.TrackingCookie.bs.serving-sys!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@doubleclick[2].txt Ontdekt: Trace.TrackingCookie.doubleclick!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@ru4[1].txt Ontdekt: Trace.TrackingCookie.ru4!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@serving-sys[2].txt Ontdekt: Trace.TrackingCookie.serving-sys!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@weborama[1].txt Ontdekt: Trace.TrackingCookie.weborama!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@247realmedia[1].txt Ontdekt: Trace.TrackingCookie.247realmedia!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@2o7[2].txt Ontdekt: Trace.TrackingCookie.2o7!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@about[2].txt Ontdekt: Trace.TrackingCookie.about!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@adtech[1].txt Ontdekt: Trace.TrackingCookie.adtech!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@advertising[2].txt Ontdekt: Trace.TrackingCookie.advertising!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@adviva[2].txt Ontdekt: Trace.TrackingCookie.adviva!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@bs.serving-sys[1].txt Ontdekt: Trace.TrackingCookie.bs.serving-sys!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@burstnet[2].txt Ontdekt: Trace.TrackingCookie.burstnet!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@casalemedia[2].txt Ontdekt: Trace.TrackingCookie.casalemedia!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@clickbank[1].txt Ontdekt: Trace.TrackingCookie.clickbank!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@com[1].txt Ontdekt: Trace.TrackingCookie.com!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@doubleclick[1].txt Ontdekt: Trace.TrackingCookie.doubleclick!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@fastclick[1].txt Ontdekt: Trace.TrackingCookie.fastclick!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@fl01.ct2.comclick[1].txt Ontdekt: Trace.TrackingCookie.fl01.ct2.comclick!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@mediaplex[1].txt Ontdekt: Trace.TrackingCookie.mediaplex!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@metriweb[1].txt Ontdekt: Trace.TrackingCookie.metriweb!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@realmedia[1].txt Ontdekt: Trace.TrackingCookie.realmedia!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@ru4[2].txt Ontdekt: Trace.TrackingCookie.ru4!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@serving-sys[2].txt Ontdekt: Trace.TrackingCookie.serving-sys!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@smartadserver[2].txt Ontdekt: Trace.TrackingCookie.smartadserver!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@specificclick[1].txt Ontdekt: Trace.TrackingCookie.specificclick!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@stat.onestat[2].txt Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@statcounter[1].txt Ontdekt: Trace.TrackingCookie.statcounter!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@statse.webtrendslive[1].txt Ontdekt: Trace.TrackingCookie.statse.webtrendslive!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@tradedoubler[2].txt Ontdekt: Trace.TrackingCookie.tradedoubler!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@tribalfusion[1].txt Ontdekt: Trace.TrackingCookie.tribalfusion!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@weborama[2].txt Ontdekt: Trace.TrackingCookie.weborama!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@zedo[1].txt Ontdekt: Trace.TrackingCookie.zedo!A2 C:\ProgramData\VUOyWqOYGdRXu.exe Ontdekt: Trojan.Win32.FakeAV!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4fefe015-40d48188/json\Option.class Ontdekt: Exploit.Java.Blacole!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4fefe015-40d48188/json\SP.class Ontdekt: Exploit.Java.Blacole!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4fefe015-40d48188/json\XML.class Ontdekt: Exploit.Java.Blacole!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb8c8a9-7a8d58c4/Field.class Ontdekt: JAVA.Agent!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb8c8a9-7a8d58c4/Inc.class Ontdekt: Exploit.Java.CVE-2011-3544!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb8c8a9-7a8d58c4/m.class Ontdekt: Exploit.Java.CVE!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\109494b5-1ee18c0d/apps\MyWorker.class Ontdekt: Trojan-Downloader.Java.OpenStream!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Efira$a.class Ontdekt: Exploit.Java.CVE-2011-3544!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Efira$b.class Ontdekt: Exploit.Java.CVE-2011-3544!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Efira$df.class Ontdekt: Exploit.Java.CVE-2011-3544!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Efira$s.class Ontdekt: Exploit.Java.CVE-2011-3544!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Men.class Ontdekt: Exploit.Java.CVE!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Ou.class Ontdekt: Exploit.Java.CVE-2011-3544!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Pol.class Ontdekt: Exploit.Java.CVE-2011-3544!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Sento.class Ontdekt: Trojan-Downloader.Java.OpenConnection!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\64f580c6-73cff73d/json\ThreadParser.class Ontdekt: Exploit.Java.Blacole!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3435d049-4933be6c/Loo$1.class Ontdekt: JAVA.Agent!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3435d049-4933be6c/fgsh.class Ontdekt: Exploit.Java.CVE-2011-3544!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3435d049-4933be6c/gggsd.class Ontdekt: Exploit.Java.CVE-2011-3544!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3435d049-4933be6c/ggs.class Ontdekt: Trojan-Downloader.Java.OpenConnection!IK C:\Users\All Users\VUOyWqOYGdRXu.exe Ontdekt: Trojan.Win32.FakeAV!IK Gescand Bestanden: 176209 Sporen: 407359 Cookies: 895 Processen: 72 Gevonden Bestanden: 22 Sporen: 0 Cookies: 33 Processen: 1 Registersleutels: 0 Scan Geëindigd: 19-4-2012 18:40:25 Scantijd: 1:24:02 C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Sento.class Verwijderd Trojan-Downloader.Java.OpenConnection!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3435d049-4933be6c/ggs.class Verwijderd Trojan-Downloader.Java.OpenConnection!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\109494b5-1ee18c0d/apps\MyWorker.class Verwijderd Trojan-Downloader.Java.OpenStream!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb8c8a9-7a8d58c4/m.class Verwijderd Exploit.Java.CVE!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Men.class Verwijderd Exploit.Java.CVE!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb8c8a9-7a8d58c4/Inc.class Verwijderd Exploit.Java.CVE-2011-3544!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Efira$a.class Verwijderd Exploit.Java.CVE-2011-3544!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Efira$b.class Verwijderd Exploit.Java.CVE-2011-3544!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Efira$df.class Verwijderd Exploit.Java.CVE-2011-3544!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Efira$s.class Verwijderd Exploit.Java.CVE-2011-3544!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Ou.class Verwijderd Exploit.Java.CVE-2011-3544!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Pol.class Verwijderd Exploit.Java.CVE-2011-3544!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3435d049-4933be6c/fgsh.class Verwijderd Exploit.Java.CVE-2011-3544!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3435d049-4933be6c/gggsd.class Verwijderd Exploit.Java.CVE-2011-3544!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb8c8a9-7a8d58c4/Field.class Verwijderd JAVA.Agent!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3435d049-4933be6c/Loo$1.class Verwijderd JAVA.Agent!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4fefe015-40d48188/json\Option.class Verwijderd Exploit.Java.Blacole!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4fefe015-40d48188/json\SP.class Verwijderd Exploit.Java.Blacole!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4fefe015-40d48188/json\XML.class Verwijderd Exploit.Java.Blacole!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\64f580c6-73cff73d/json\ThreadParser.class Verwijderd Exploit.Java.Blacole!IK C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@zedo[1].txt Verwijderd Trace.TrackingCookie.zedo!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@tribalfusion[1].txt Verwijderd Trace.TrackingCookie.tribalfusion!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@tradedoubler[2].txt Verwijderd Trace.TrackingCookie.tradedoubler!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@statse.webtrendslive[1].txt Verwijderd Trace.TrackingCookie.statse.webtrendslive!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@statcounter[1].txt Verwijderd Trace.TrackingCookie.statcounter!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@stat.onestat[2].txt Verwijderd Trace.TrackingCookie.stat.onestat!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@specificclick[1].txt Verwijderd Trace.TrackingCookie.specificclick!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@smartadserver[2].txt Verwijderd Trace.TrackingCookie.smartadserver!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@realmedia[1].txt Verwijderd Trace.TrackingCookie.realmedia!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@metriweb[1].txt Verwijderd Trace.TrackingCookie.metriweb!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@mediaplex[1].txt Verwijderd Trace.TrackingCookie.mediaplex!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@fl01.ct2.comclick[1].txt Verwijderd Trace.TrackingCookie.fl01.ct2.comclick!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@fastclick[1].txt Verwijderd Trace.TrackingCookie.fastclick!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@com[1].txt Verwijderd Trace.TrackingCookie.com!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@clickbank[1].txt Verwijderd Trace.TrackingCookie.clickbank!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@casalemedia[2].txt Verwijderd Trace.TrackingCookie.casalemedia!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@burstnet[2].txt Verwijderd Trace.TrackingCookie.burstnet!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@adviva[2].txt Verwijderd Trace.TrackingCookie.adviva!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@advertising[2].txt Verwijderd Trace.TrackingCookie.advertising!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@adtech[1].txt Verwijderd Trace.TrackingCookie.adtech!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@about[2].txt Verwijderd Trace.TrackingCookie.about!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@2o7[2].txt Verwijderd Trace.TrackingCookie.2o7!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@247realmedia[1].txt Verwijderd Trace.TrackingCookie.247realmedia!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@weborama[1].txt Verwijderd Trace.TrackingCookie.weborama!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@weborama[2].txt Verwijderd Trace.TrackingCookie.weborama!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@serving-sys[2].txt Verwijderd Trace.TrackingCookie.serving-sys!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@serving-sys[2].txt Verwijderd Trace.TrackingCookie.serving-sys!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@ru4[1].txt Verwijderd Trace.TrackingCookie.ru4!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@ru4[2].txt Verwijderd Trace.TrackingCookie.ru4!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@doubleclick[2].txt Verwijderd Trace.TrackingCookie.doubleclick!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@doubleclick[1].txt Verwijderd Trace.TrackingCookie.doubleclick!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@bs.serving-sys[2].txt Verwijderd Trace.TrackingCookie.bs.serving-sys!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@bs.serving-sys[1].txt Verwijderd Trace.TrackingCookie.bs.serving-sys!A2 [3300] C:\ProgramData\VUOyWqOYGdRXu.exe Verwijderd Trojan.Win32.FakeAV!IK C:\ProgramData\VUOyWqOYGdRXu.exe Verwijderd Trojan.Win32.FakeAV!IK C:\Users\All Users\VUOyWqOYGdRXu.exe Verwijderd Trojan.Win32.FakeAV!IK Verwijderd Bestanden: 22 Sporen: 0 Cookies: 33 Dit is de log van mbam Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Databaseversie: v2012.04.19.02 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 5736z-453g32mnkk :: 5736Z-453G32MNK [administrator] 19-4-2012 19:18:50 mbam-log-2012-04-19 (19-18-50).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 195101 Verstreken tijd: 6 minuut/minuten, 7 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Slecht: (0) Goed: (1) -> Succesvol in quarantaine geplaatst en gerepareerd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Slecht: (0) Goed: (1) -> Succesvol in quarantaine geplaatst en gerepareerd. Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 1 C:\ProgramData\7NvWDE3vssCkMv.exe (Trojan.Agent.WQ) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) groetjes
  • Hallo Demy - ik heb ook nog niks beloofd. Gebruik overigens onder geen geding schoonmaakprogramma's. Het terughalen van je dokumenten heeft pas zin, indien de malware verwijderd is. We gaan dus door met scantools. [color=#FF0000:6ab4f36b7a][b:6ab4f36b7a]Stap •1•[/b:6ab4f36b7a][/color:6ab4f36b7a] [b:6ab4f36b7a]Welk programma[/b:6ab4f36b7a]: [b:6ab4f36b7a]TDSSStarter.exe[/b:6ab4f36b7a] [b:6ab4f36b7a]Waarvoor/waarom[/b:6ab4f36b7a]: Rootkitscanner [b:6ab4f36b7a]Moeilijkheidsgraad[/b:6ab4f36b7a]: geen Download [b:6ab4f36b7a][url=http://home.kpn.nl/stefsmeenk/tools/TDSSKStarter.exe]TDSSStarter[/url][/b:6ab4f36b7a] naar het bureaublad. [b:6ab4f36b7a]"TDSSSStarter.exe" gebruiken[/b:6ab4f36b7a]: [list:6ab4f36b7a][*:6ab4f36b7a] [b:6ab4f36b7a][color=#0000FF:6ab4f36b7a]Sluit nu eerst alle nog openstaande programmavensters![/color:6ab4f36b7a][/b:6ab4f36b7a] [list:6ab4f36b7a][*:6ab4f36b7a][b:6ab4f36b7a][color=#0000FF:6ab4f36b7a]Windows 2000[/color:6ab4f36b7a][/b:6ab4f36b7a] en [color=#0000FF:6ab4f36b7a][b:6ab4f36b7a]Windows XP[/b:6ab4f36b7a][/color:6ab4f36b7a]: start het tool middels dubbelklik op "[i:6ab4f36b7a] TDSSStarter .exe[/i:6ab4f36b7a]". [*:6ab4f36b7a][color=#0000FF:6ab4f36b7a][b:6ab4f36b7a]Windows Vista[/b:6ab4f36b7a][/color:6ab4f36b7a] en [color=#0000FF:6ab4f36b7a][b:6ab4f36b7a]Windows 7[/b:6ab4f36b7a][/color:6ab4f36b7a]: start het tool middels rechtsklik op "[i:6ab4f36b7a]TDSSStarter.exe[/i:6ab4f36b7a]" en dan kiezen voor [i:6ab4f36b7a][b:6ab4f36b7a]Als Administrator uitvoeren[/b:6ab4f36b7a][/i:6ab4f36b7a].[/list:u:6ab4f36b7a] [*:6ab4f36b7a]Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten. [*:6ab4f36b7a]Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.[/list:u:6ab4f36b7a] [color=#FF0000:6ab4f36b7a][b:6ab4f36b7a]Stap •2•[/b:6ab4f36b7a][/color:6ab4f36b7a] [b:6ab4f36b7a]Welk programma[/b:6ab4f36b7a]: ComboFix [b:6ab4f36b7a]Waarvoor/waarom[/b:6ab4f36b7a]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:6ab4f36b7a]Moeilijkheidsgraad[/b:6ab4f36b7a]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:6ab4f36b7a]Downloadlokatie[/b:6ab4f36b7a]: Dit programma absoluut naar het bureaublad downloaden! [b:6ab4f36b7a]Download ComboFix via één van deze locaties[/b:6ab4f36b7a]: [list:6ab4f36b7a][*:6ab4f36b7a][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:6ab4f36b7a]Bleepingcomputer[/b:6ab4f36b7a][/url] [*:6ab4f36b7a][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:6ab4f36b7a]ForoSpyware[/b:6ab4f36b7a][/url] [*:6ab4f36b7a][url=http://subs.geekstogo.com/ComboFix.exe][b:6ab4f36b7a]Geekstogo[/b:6ab4f36b7a][/url][/list:u:6ab4f36b7a] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:6ab4f36b7a]Hier[/b:6ab4f36b7a][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:6ab4f36b7a]Hier[/b:6ab4f36b7a][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:6ab4f36b7a]hier[/b:6ab4f36b7a][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:6ab4f36b7a]Voor alle duidelijkheid nogmaals[/b:6ab4f36b7a]: ComboFix dient vanaf het bureaublad gestart te worden. [b:6ab4f36b7a]Opmerkingen[/b:6ab4f36b7a]: [list:6ab4f36b7a][*:6ab4f36b7a] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).[/list:u:6ab4f36b7a] [b:6ab4f36b7a]ComboFix opstarten[/b:6ab4f36b7a]: [list:6ab4f36b7a][*:6ab4f36b7a] [b:6ab4f36b7a][color=#0000FF:6ab4f36b7a]Sluit nu eerst alle nog openstaande programmavensters![/color:6ab4f36b7a][/b:6ab4f36b7a] [list:6ab4f36b7a][*:6ab4f36b7a][b:6ab4f36b7a][color=#0000FF:6ab4f36b7a]Windows 2000[/color:6ab4f36b7a][/b:6ab4f36b7a] en [color=#0000FF:6ab4f36b7a][b:6ab4f36b7a]Windows XP[/b:6ab4f36b7a][/color:6ab4f36b7a]: start ComboFix.exe middels dubbelklik op ComboFix.exe. [*:6ab4f36b7a][color=#0000FF:6ab4f36b7a][b:6ab4f36b7a]Windows Vista[/b:6ab4f36b7a][/color:6ab4f36b7a] en [color=#0000FF:6ab4f36b7a][b:6ab4f36b7a]Windows 7[/b:6ab4f36b7a][/color:6ab4f36b7a]: start ComboFix.exe via rechtsklik op ComboFix.exe en kies dan voor [i:6ab4f36b7a][b:6ab4f36b7a]Als Administrator uitvoeren[/b:6ab4f36b7a][/i:6ab4f36b7a].[/list:u:6ab4f36b7a][/list:u:6ab4f36b7a] [b:6ab4f36b7a]ComboFix is opgestart[/b:6ab4f36b7a]: [list:6ab4f36b7a][*:6ab4f36b7a]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:6ab4f36b7a]Combofix sluit tijdens de scan de internet verbinding; probeer deze tussentijds niet te herstellen! [*:6ab4f36b7a]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:6ab4f36b7a]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:6ab4f36b7a]Post de inhoud van dit logbestand in je volgende bericht. [*:6ab4f36b7a]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:6ab4f36b7a] [b:6ab4f36b7a]Belangrijke opmerking[/b:6ab4f36b7a]: [list:6ab4f36b7a][*:6ab4f36b7a][b:6ab4f36b7a][color=Red:6ab4f36b7a]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:6ab4f36b7a][/b:6ab4f36b7a] [*:6ab4f36b7a][b:6ab4f36b7a][color=blue:6ab4f36b7a]Illegal operation attempted on a registery key that has been marked for deletion.[/color:6ab4f36b7a][/b:6ab4f36b7a] [*:6ab4f36b7a][b:6ab4f36b7a][color=Red:6ab4f36b7a]Start dan de computer opnieuw op.[/color:6ab4f36b7a][/b:6ab4f36b7a][/list:u:6ab4f36b7a] [color=#FF0000:6ab4f36b7a][b:6ab4f36b7a]Stap •3•[/b:6ab4f36b7a][/color:6ab4f36b7a] [b:6ab4f36b7a]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:6ab4f36b7a] [list:6ab4f36b7a][*:6ab4f36b7a] TDSSKStarter-log [*:6ab4f36b7a] ComboFix.txt-log [/list:u:6ab4f36b7a]
  • beste Abraham, het lijkt erop dat mijn laptop weer de oude is ik heb gelukkig mijn bestanden etc terug. 17:13:54.0886 4204 TDSS rootkit removing tool 2.7.30.0 Apr 19 2012 15:10:31 17:13:54.0886 4204 ============================================================ 17:13:54.0886 4204 Current date / time: 2012/04/20 17:13:54.0886 17:13:54.0886 4204 SystemInfo: 17:13:54.0886 4204 17:13:54.0886 4204 OS Version: 6.1.7600 ServicePack: 0.0 17:13:54.0886 4204 Product type: Workstation 17:13:54.0886 4204 ComputerName: 5736Z-453G32MNK 17:13:54.0886 4204 UserName: 5736z-453g32mnkk 17:13:54.0886 4204 Windows directory: C:\Windows 17:13:54.0886 4204 System windows directory: C:\Windows 17:13:54.0886 4204 Running under WOW64 17:13:54.0886 4204 Processor architecture: Intel x64 17:13:54.0886 4204 Number of processors: 2 17:13:54.0886 4204 Page size: 0x1000 17:13:54.0886 4204 Boot type: Normal boot 17:13:54.0886 4204 ============================================================ 17:13:55.0806 4204 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:13:55.0806 4204 \Device\Harddisk0\DR0: 17:13:55.0806 4204 MBR partitions: 17:13:55.0806 4204 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000 17:13:55.0806 4204 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800 17:13:55.0884 4204 C: <-> \Device\Harddisk0\DR0\Partition1 17:13:55.0884 4204 Initialize success 17:13:55.0884 4204 ============================================================ 17:13:56.0040 4452 ============================================================ 17:13:56.0040 4452 Scan started 17:13:56.0040 4452 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent; 17:13:56.0040 4452 ============================================================ 17:13:57.0210 4452 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 17:13:57.0444 4452 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 17:13:57.0506 4452 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 17:13:57.0725 4452 Ad-Aware Service (fb182ad520910442abf146bb325de79b) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe 17:13:57.0818 4452 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 17:13:57.0928 4452 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 17:13:57.0974 4452 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 17:13:58.0084 4452 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 17:13:58.0255 4452 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys 17:13:58.0411 4452 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 17:13:58.0474 4452 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 17:13:58.0614 4452 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 17:13:58.0661 4452 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 17:13:58.0708 4452 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 17:13:58.0786 4452 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 17:13:58.0848 4452 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys 17:13:58.0895 4452 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 17:13:58.0957 4452 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys 17:13:59.0051 4452 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 17:13:59.0144 4452 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 17:13:59.0316 4452 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 17:13:59.0550 4452 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 17:13:59.0612 4452 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 17:13:59.0644 4452 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 17:13:59.0706 4452 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys 17:13:59.0940 4452 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys 17:14:00.0034 4452 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys 17:14:00.0127 4452 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys 17:14:00.0205 4452 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys 17:14:00.0268 4452 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys 17:14:00.0314 4452 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 17:14:00.0486 4452 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 17:14:00.0751 4452 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys 17:14:00.0876 4452 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 17:14:01.0016 4452 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 17:14:01.0126 4452 avast\Program Files\AVAST Software\Avast\AvastSvc.exe 17:14:01.0172 4452 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 17:14:01.0328 4452 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 17:14:01.0422 4452 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 17:14:01.0609 4452 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 17:14:01.0734 4452 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 17:14:01.0843 4452 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll 17:14:02.0046 4452 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll 17:14:02.0264 4452 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 17:14:02.0452 4452 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 17:14:02.0514 4452 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys 17:14:02.0592 4452 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 17:14:02.0717 4452 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 17:14:02.0826 4452 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 17:14:02.0966 4452 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 17:14:03.0044 4452 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 17:14:03.0107 4452 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 17:14:03.0200 4452 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 17:14:03.0247 4452 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 17:14:03.0278 4452 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 17:14:03.0403 4452 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 17:14:03.0668 4452 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 17:14:03.0778 4452 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 17:14:03.0918 4452 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 17:14:04.0058 4452 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 17:14:04.0152 4452 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 17:14:04.0292 4452 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:14:04.0448 4452 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:14:04.0573 4452 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 17:14:04.0636 4452 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 17:14:04.0714 4452 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 17:14:04.0792 4452 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 17:14:04.0838 4452 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 17:14:04.0901 4452 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 17:14:04.0979 4452 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll 17:14:05.0135 4452 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 17:14:05.0228 4452 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 17:14:05.0353 4452 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys 17:14:05.0478 4452 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 17:14:05.0634 4452 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 17:14:05.0774 4452 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 17:14:05.0868 4452 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll 17:14:05.0977 4452 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 17:14:06.0149 4452 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 17:14:06.0274 4452 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 17:14:06.0461 4452 DsiWMIService (1fca854cedfc2ccd0c22e46ea4ea18f1) C:\Program Files (x86)\Launch Manager\dsiwmis.exe 17:14:06.0570 4452 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys 17:14:06.0648 4452 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 17:14:07.0132 4452 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 17:14:07.0256 4452 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe 17:14:07.0397 4452 ehRecvr (3d69fae60ede442e004611a4ee4db44c) C:\Windows\ehome\ehRecvr.exe 17:14:07.0568 4452 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 17:14:07.0678 4452 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 17:14:07.0880 4452 ePowerSvc (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe 17:14:07.0927 4452 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 17:14:08.0036 4452 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 17:14:08.0270 4452 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 17:14:08.0380 4452 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 17:14:08.0520 4452 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 17:14:08.0629 4452 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 17:14:08.0692 4452 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 17:14:08.0785 4452 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 17:14:08.0879 4452 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 17:14:08.0926 4452 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 17:14:09.0097 4452 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 17:14:09.0160 4452 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 17:14:09.0222 4452 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 17:14:09.0316 4452 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll 17:14:09.0518 4452 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:14:09.0581 4452 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 17:14:09.0659 4452 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 17:14:09.0799 4452 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys 17:14:09.0877 4452 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 17:14:09.0924 4452 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 17:14:10.0096 4452 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 17:14:10.0267 4452 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 17:14:10.0470 4452 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 17:14:10.0688 4452 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 17:14:10.0766 4452 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 17:14:10.0876 4452 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 17:14:10.0985 4452 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 17:14:11.0032 4452 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 17:14:11.0110 4452 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 17:14:11.0188 4452 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 17:14:11.0281 4452 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 17:14:11.0406 4452 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 17:14:11.0453 4452 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 17:14:11.0531 4452 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 17:14:11.0640 4452 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 17:14:11.0718 4452 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 17:14:11.0812 4452 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys 17:14:11.0983 4452 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 17:14:12.0077 4452 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys 17:14:12.0233 4452 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:14:12.0638 4452 igfx (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys 17:14:12.0950 4452 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 17:14:13.0044 4452 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 17:14:13.0247 4452 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys 17:14:13.0325 4452 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 17:14:13.0387 4452 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 17:14:13.0434 4452 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 17:14:13.0559 4452 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:14:13.0699 4452 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll 17:14:13.0840 4452 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 17:14:13.0902 4452 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 17:14:14.0167 4452 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe 17:14:14.0245 4452 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 17:14:14.0323 4452 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 17:14:14.0370 4452 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 17:14:14.0448 4452 k57nd60a (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys 17:14:14.0510 4452 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 17:14:14.0542 4452 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 17:14:14.0620 4452 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 17:14:14.0744 4452 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 17:14:14.0807 4452 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 17:14:14.0885 4452 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 17:14:15.0041 4452 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 17:14:15.0212 4452 LanmanServer (c926920b8978de6acfe9e15c709e9b57) C:\Windows\System32\srvsvc.dll 17:14:15.0306 4452 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 17:14:15.0415 4452 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 17:14:15.0540 4452 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 17:14:15.0649 4452 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 17:14:15.0727 4452 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 17:14:15.0774 4452 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 17:14:15.0805 4452 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 17:14:15.0836 4452 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 17:14:15.0899 4452 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 17:14:15.0992 4452 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 17:14:16.0086 4452 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 17:14:16.0164 4452 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 17:14:16.0242 4452 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 17:14:16.0351 4452 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 17:14:16.0445 4452 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 17:14:16.0523 4452 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 17:14:16.0570 4452 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 17:14:16.0726 4452 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 17:14:16.0772 4452 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 17:14:16.0835 4452 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 17:14:17.0022 4452 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll 17:14:17.0116 4452 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 17:14:17.0194 4452 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys 17:14:17.0256 4452 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:14:17.0318 4452 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:14:17.0396 4452 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 17:14:17.0443 4452 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 17:14:17.0521 4452 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 17:14:17.0662 4452 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 17:14:17.0740 4452 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 17:14:17.0896 4452 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 17:14:17.0958 4452 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 17:14:18.0083 4452 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 17:14:18.0223 4452 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 17:14:18.0301 4452 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 17:14:18.0395 4452 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 17:14:18.0488 4452 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 17:14:18.0535 4452 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 17:14:18.0613 4452 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 17:14:18.0738 4452 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 17:14:18.0847 4452 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 17:14:19.0097 4452 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 17:14:19.0315 4452 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 17:14:19.0502 4452 MWLService (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe 17:14:19.0799 4452 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 17:14:20.0048 4452 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 17:14:20.0251 4452 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 17:14:20.0329 4452 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 17:14:20.0516 4452 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 17:14:20.0641 4452 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 17:14:20.0735 4452 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 17:14:20.0938 4452 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 17:14:21.0109 4452 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 17:14:21.0328 4452 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 17:14:21.0515 4452 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 17:14:21.0608 4452 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 17:14:21.0686 4452 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 17:14:22.0108 4452 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 17:14:22.0201 4452 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 17:14:22.0310 4452 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 17:14:22.0482 4452 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 17:14:22.0638 4452 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 17:14:22.0732 4452 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 17:14:22.0919 4452 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys 17:14:23.0621 4452 NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe 17:14:24.0260 4452 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys 17:14:24.0557 4452 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 17:14:24.0728 4452 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys 17:14:24.0775 4452 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys 17:14:24.0822 4452 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 17:14:25.0056 4452 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 17:14:25.0150 4452 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 17:14:25.0290 4452 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:14:25.0384 4452 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 17:14:25.0493 4452 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 17:14:25.0555 4452 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 17:14:25.0602 4452 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 17:14:25.0649 4452 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 17:14:25.0758 4452 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 17:14:25.0852 4452 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 17:14:25.0945 4452 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 17:14:26.0008 4452 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 17:14:26.0070 4452 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 17:14:26.0210 4452 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 17:14:26.0725 4452 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 17:14:26.0897 4452 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll 17:14:27.0006 4452 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 17:14:27.0084 4452 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 17:14:27.0131 4452 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 17:14:27.0209 4452 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 17:14:27.0365 4452 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 17:14:27.0458 4452 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 17:14:27.0552 4452 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll 17:14:27.0708 4452 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 17:14:27.0817 4452 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 17:14:27.0973 4452 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 17:14:28.0067 4452 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 17:14:28.0145 4452 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 17:14:28.0254 4452 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 17:14:28.0379 4452 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 17:14:28.0519 4452 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 17:14:28.0753 4452 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 17:14:28.0847 4452 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 17:14:28.0940 4452 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 17:14:29.0284 4452 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 17:14:29.0393 4452 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 17:14:29.0471 4452 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 17:14:29.0564 4452 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 17:14:29.0642 4452 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 17:14:29.0705 4452 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 17:14:29.0767 4452 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 17:14:29.0876 4452 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 17:14:29.0954 4452 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 17:14:30.0001 4452 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 17:14:30.0095 4452 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 17:14:30.0188 4452 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 17:14:30.0282 4452 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 17:14:30.0391 4452 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 17:14:30.0500 4452 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 17:14:30.0641 4452 RSUSBSTOR (44ed82612403021e36998e1ecb1198f1) C:\Windows\System32\Drivers\RtsUStor.sys 17:14:30.0703 4452 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 17:14:31.0670 4452 SBAMSvc (c7d53053541a448febb1373abbaf79ef) C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe 17:14:31.0920 4452 sbapifs (db7f9394b2f2d446df14d46c61b0e94b) C:\Windows\system32\DRIVERS\sbapifs.sys 17:14:32.0029 4452 SbFw (cdb954c736d51dc5fa712c039af4f683) C:\Windows\system32\drivers\SbFw.sys 17:14:32.0201 4452 SBFWIMCL (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\sbfwim.sys 17:14:32.0248 4452 SBFWIMCLMP (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\SBFWIM.sys 17:14:32.0294 4452 sbhips (a5bc45f8c2f30350e7566799c86b2f5d) C:\Windows\system32\drivers\sbhips.sys 17:14:32.0372 4452 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 17:14:32.0435 4452 SBRE (fd833bee2fd9befdc0afd1941a306d9e) C:\Windows\system32\drivers\SBREdrv.sys 17:14:32.0528 4452 SbTis (f9955774a6bf0a5ca696f591c7b80a79) C:\Windows\system32\drivers\sbtis.sys 17:14:32.0591 4452 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 17:14:32.0903 4452 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 17:14:33.0308 4452 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll 17:14:33.0542 4452 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 17:14:33.0667 4452 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 17:14:33.0808 4452 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 17:14:33.0948 4452 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 17:14:34.0057 4452 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 17:14:34.0135 4452 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 17:14:34.0276 4452 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 17:14:34.0369 4452 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 17:14:34.0432 4452 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 17:14:34.0510 4452 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 17:14:34.0619 4452 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 17:14:34.0681 4452 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 17:14:34.0728 4452 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys 17:14:34.0759 4452 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 17:14:34.0837 4452 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 17:14:34.0915 4452 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 17:14:35.0040 4452 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 17:14:35.0071 4452 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 17:14:35.0102 4452 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 17:14:35.0227 4452 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 17:14:35.0321 4452 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 17:14:35.0383 4452 Spooler (89e8550c5862999fcf482ea562b0e98e) C:\Windows\System32\spoolsv.exe 17:14:35.0680 4452 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 17:14:36.0101 4452 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 17:14:36.0366 4452 srv (37c3abc2338010e110d2a6a3930f3149) C:\Windows\system32\DRIVERS\srv.sys 17:14:37.0037 4452 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys 17:14:37.0364 4452 srvnet (cce32bb223e9ff55d241099a858fa889) C:\Windows\system32\DRIVERS\srvnet.sys 17:14:37.0552 4452 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 17:14:37.0692 4452 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 17:14:37.0817 4452 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 17:14:37.0926 4452 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 17:14:38.0051 4452 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 17:14:38.0176 4452 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 17:14:38.0347 4452 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys 17:14:38.0519 4452 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 17:14:38.0612 4452 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 17:14:38.0659 4452 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 17:14:38.0784 4452 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 17:14:39.0205 4452 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys 17:14:39.0314 4452 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys 17:14:39.0408 4452 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 17:14:39.0533 4452 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 17:14:39.0595 4452 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 17:14:39.0689 4452 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 17:14:39.0782 4452 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 17:14:39.0923 4452 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 17:14:40.0063 4452 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 17:14:40.0204 4452 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 17:14:40.0438 4452 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys 17:14:40.0516 4452 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 17:14:40.0703 4452 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 17:14:40.0812 4452 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 17:14:40.0968 4452 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 17:14:41.0062 4452 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 17:14:41.0140 4452 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys 17:14:41.0249 4452 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 17:14:41.0358 4452 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 17:14:41.0467 4452 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 17:14:41.0561 4452 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 17:14:41.0670 4452 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 17:14:41.0748 4452 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe 17:14:41.0888 4452 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 17:14:42.0029 4452 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 17:14:42.0185 4452 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys 17:14:42.0294 4452 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 17:14:42.0419 4452 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 17:14:42.0544 4452 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys 17:14:42.0622 4452 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys 17:14:42.0668 4452 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 17:14:42.0715 4452 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 17:14:42.0809 4452 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:14:42.0949 4452 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 17:14:43.0058 4452 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys 17:14:43.0136 4452 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 17:14:43.0277 4452 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 17:14:43.0370 4452 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 17:14:43.0542 4452 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 17:14:43.0651 4452 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 17:14:43.0714 4452 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 17:14:43.0807 4452 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 17:14:43.0854 4452 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 17:14:43.0901 4452 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 17:14:43.0963 4452 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 17:14:44.0026 4452 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 17:14:44.0135 4452 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 17:14:44.0228 4452 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 17:14:44.0338 4452 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 17:14:44.0494 4452 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 17:14:44.0634 4452 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 17:14:44.0712 4452 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 17:14:44.0837 4452 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 17:14:44.0915 4452 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 17:14:44.0993 4452 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 17:14:45.0352 4452 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 17:14:45.0492 4452 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 17:14:45.0586 4452 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll 17:14:45.0664 4452 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 17:14:45.0882 4452 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 17:14:45.0991 4452 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 17:14:46.0069 4452 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 17:14:46.0132 4452 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 17:14:46.0225 4452 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll 17:14:46.0334 4452 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 17:14:46.0506 4452 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 17:14:46.0631 4452 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 17:14:46.0849 4452 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 17:14:46.0958 4452 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 17:14:47.0208 4452 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 17:14:47.0489 4452 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 17:14:47.0692 4452 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys 17:14:47.0832 4452 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 17:14:47.0972 4452 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 17:14:48.0066 4452 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 17:14:48.0238 4452 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 17:14:48.0331 4452 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 17:14:48.0425 4452 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 17:14:48.0596 4452 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 17:14:48.0799 4452 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll 17:14:48.0955 4452 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 17:14:49.0064 4452 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 17:14:49.0142 4452 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll 17:14:49.0252 4452 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 17:14:49.0439 4452 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo\SoftwareUpdate\YahooAUService.exe 17:14:49.0517 4452 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 17:14:50.0312 4452 Boot (0x1200) (4c2f59815e7f8086f61d538a183d76ef) \Device\Harddisk0\DR0\Partition0 17:14:50.0359 4452 Boot (0x1200) (f43b81d264358ad5f427c2e3138fd5c6) \Device\Harddisk0\DR0\Partition1 17:14:50.0359 4452 ============================================================ 17:14:50.0359 4452 Scan finished 17:14:50.0359 4452 ============================================================ 17:14:50.0921 4488 Deinitialize success . ============================================== System Restore Point Check: . TDSSKiller Starter Restore Point Created Succesfully ============================================== Registry Export . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] ============================================== EOF en deze is van de combofix ComboFix 12-04-18.02 - 5736z-453g32mnkk 20-04-2012 17:25:07.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.3002.1963 [GMT 2:00] Gestart vanuit: c:\users\5736z-453g32mnkk\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81} FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))) . . 2012-04-20 15:29 . 2012-04-20 15:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-20 15:13 . 2012-04-20 15:14 -------- d-----w- C:\TDSSStarter 2012-04-19 17:16 . 2012-04-19 17:16 -------- d-----w- c:\users\5736z-453g32mnkk\AppData\Roaming\Malwarebytes 2012-04-19 17:16 . 2012-04-19 17:16 -------- d-----w- c:\programdata\Malwarebytes 2012-04-19 17:16 . 2012-04-19 17:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-04-19 17:16 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-18 18:52 . 2012-04-18 18:52 -------- d--h--w- c:\users\5736z-453g32mnkk\AppData\Local\adaware 2012-04-18 18:52 . 2011-05-17 16:36 45904 ----a-w- c:\windows\system32\sbbd.exe 2012-04-18 18:52 . 2011-04-29 12:15 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2012-04-18 18:52 . 2011-04-05 15:35 94296 ----a-w- c:\windows\system32\drivers\sbtis.sys 2012-04-18 18:52 . 2011-04-05 15:35 60504 ----a-w- c:\windows\system32\drivers\sbhips.sys 2012-04-18 18:52 . 2011-04-05 15:35 253528 ----a-w- c:\windows\system32\drivers\SbFw.sys 2012-04-18 18:52 . 2011-02-08 07:14 84568 ----a-w- c:\windows\system32\drivers\SbFwIm.sys 2012-04-18 18:52 . 2012-04-18 18:52 -------- d--h--w- c:\programdata\Lavasoft 2012-04-18 18:52 . 2012-04-18 18:52 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus 2012-04-18 18:52 . 2012-04-18 18:52 -------- d--h--w- c:\programdata\Ad-Aware Browsing Protection 2012-04-18 18:52 . 2012-04-18 18:52 -------- d-----w- c:\program files (x86)\Toolbar Cleaner 2012-04-18 18:52 . 2012-04-18 18:52 -------- d-----w- c:\program files (x86)\adawaretb 2012-04-18 18:51 . 2012-04-19 15:15 -------- d--h--w- c:\users\5736z-453g32mnkk\AppData\Roaming\Ad-Aware Antivirus 2012-04-12 20:38 . 2012-04-12 20:38 -------- d--h--w- c:\users\5736z-453g32mnkk\AppData\Roaming\Password Generator Professional 2012-04-12 20:37 . 2012-04-12 20:37 -------- d-----w- c:\program files (x86)\Kristanix . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] 2012-03-06 19:16 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-03-06 87440] . [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-27 02:40 120176 ---ha-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\5736z-453g32mnkk\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-19 137536] "WebCallDirect"="c:\program files (x86)\WebCallDirect.com\WebCallDirect\webcalldirect.exe" [2012-03-30 17947528] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-01-04 6497592] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584] "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-12 421736] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/nl.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA&inst=NwA2AC0AOQAzADgAMgA3ADkAMQA3ADMALQBEADMAOAAxAEwAKwA1AC0AVgBPAFAAOQArADEALQBEAEQAVAArADAALQBJADkAMAArADEA&prod=54&ver=9.0.914" [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x] R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x] S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 55384] S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744] S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-17 2804280] S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x] S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2012-04-19 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job - c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 10:44] . 2012-04-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2811958681-2021223505-3934072247-1000Core.job - c:\users\5736z-453g32mnkk\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-19 18:23] . 2012-04-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2811958681-2021223505-3934072247-1000UA.job - c:\users\5736z-453g32mnkk\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-19 18:23] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-27 02:42 137584 ---ha-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-14 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-14 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-14 365592] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.yahoo.com/?ilc=8 mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Zoek op het web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-PSP Video 9 - c:\users\5736z-453g32mnkk\Desktop\Video Converter App\uninstaller.exe AddRemove-SpeakyChat - c:\users\5736z-453g32mnkk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SpeakyChat\uninstall.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\progra~2\AD-AWA~1\AdAware.exe c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe c:\program files (x86)\Launch Manager\LMworker.exe . ************************************************************************** . Voltooingstijd: 2012-04-20 17:41:12 - machine werd herstart ComboFix-quarantined-files.txt 2012-04-20 15:41 . Pre-Run: 248.126.357.504 bytes beschikbaar Post-Run: 247.735.386.112 bytes beschikbaar . - - End Of File - - 625625AE66A799F17CAD0C38B7F2B7FE moet ik nog andere stappen nemen of is mijn laptop nu weer clean en veilig?
  • Hoi Demi, fijn dat je de mappen weer terug hebt. Nee jouw Windows is niet veilig. Dat komt mede doordat er twee antivirusprogramma's in Windows draaien. Daar is Avast niet blij mee en jouw Windows zal ook heel blij zijn als [b:5cf44cd8fe]Lavasoft AdAware[/b:5cf44cd8fe] verwijderd is. Dus doe dat dan ook via [b:5cf44cd8fe]Configuratiescherm\[color=#0000FF:5cf44cd8fe]Programma's en onderdelen[/color:5cf44cd8fe][/b:5cf44cd8fe] Na het verwijderen dien je de PC opnieuw op testarten. [b:5cf44cd8fe]Welk programma[/b:5cf44cd8fe]: [color=#008000:5cf44cd8fe][b:5cf44cd8fe]Emsisoft Emergency Kit 1.0[/b:5cf44cd8fe][/color:5cf44cd8fe] [b:5cf44cd8fe]Waarvoor/waarom[/b:5cf44cd8fe]: Detecteert en verwijdert malware [b:5cf44cd8fe]Moeilijkheidsgraad[/b:5cf44cd8fe]: geen. Download: [b:5cf44cd8fe][url=http://download11.emsisoft.com/EmsisoftEmergencyKit.zip][color=#FF0000:5cf44cd8fe]Emsisoft Emergency Kit[/color:5cf44cd8fe][/url][/b:5cf44cd8fe] [b:5cf44cd8fe]Opmerkingen[/b:5cf44cd8fe]:[list:5cf44cd8fe][*:5cf44cd8fe]de download is gecomprimeerd, pak EmsisoftEmergencyKit.zip uit en plaats de nieuwe map op het bureaublad. [*:5cf44cd8fe]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:5cf44cd8fe] [b:5cf44cd8fe]Emsisoft Emergency Kit opstarten[/b:5cf44cd8fe] door de map "[b:5cf44cd8fe]EmsisoftEmergencyKit[/b:5cf44cd8fe]" te openen [list:5cf44cd8fe][list:5cf44cd8fe][*:5cf44cd8fe][b:5cf44cd8fe][color=#0000FF:5cf44cd8fe]Windows 2000[/color:5cf44cd8fe][/b:5cf44cd8fe] en [color=#0000FF:5cf44cd8fe][b:5cf44cd8fe]Windows XP[/b:5cf44cd8fe][/color:5cf44cd8fe]: dubbelklik op "Start.exe". [*:5cf44cd8fe][color=#0000FF:5cf44cd8fe][b:5cf44cd8fe]Windows Vista[/b:5cf44cd8fe][/color:5cf44cd8fe] en [color=#0000FF:5cf44cd8fe][b:5cf44cd8fe]Windows 7[/b:5cf44cd8fe][/color:5cf44cd8fe]: via rechtsklik op "Start.exe" en kies voor "Als Administrator uitvoeren".[/list:u:5cf44cd8fe][/list:u:5cf44cd8fe] [b:5cf44cd8fe]Scannen[/b:5cf44cd8fe]: [list:5cf44cd8fe][*:5cf44cd8fe] Klik nu in het keuzescherm op "[b:5cf44cd8fe]Emergency Kit Scanner[/b:5cf44cd8fe]" waarbij vervolgens de melding komt dat het is aanbevolen om eerst te updaten. [img:5cf44cd8fe]http://www.imgdumper.nl/uploads5/4f8d1a3bd534a/4f8d1a3bd3fbd-EmsisoftEK11.jpg[/img:5cf44cd8fe] [*:5cf44cd8fe]Doe dit dan ook door te klikken op "[b:5cf44cd8fe]Ja[/b:5cf44cd8fe]" [*:5cf44cd8fe]Wanneer het updaten gereed is volgt de melding "[b:5cf44cd8fe]Update proces is succesvol afgerond[/b:5cf44cd8fe]" [*:5cf44cd8fe]Klik nu op"[b:5cf44cd8fe]Menu[/b:5cf44cd8fe]" en dan op "[b:5cf44cd8fe]Scan PC[/b:5cf44cd8fe]" [*:5cf44cd8fe] Selecteer de optie "[b:5cf44cd8fe]Diep[/b:5cf44cd8fe]" als deze niet standaard al zo is ingesteld. [*:5cf44cd8fe] Klik aansluitend op de knop "[b:5cf44cd8fe]Scan[/b:5cf44cd8fe]" [list:5cf44cd8fe][*:5cf44cd8fe]Wees geduldig en doe verder niets met de computer gedurende de scan, daar de scan een geruime tijd kan duren.[/list:u:5cf44cd8fe] [*:5cf44cd8fe] Het venster met de waarschuwing over een verhoogd risico kan gesloten worden, wanneer de scan gereed is. [*:5cf44cd8fe] Zorg ervoor dat alle gevonden items zijn aangevinkt en klik dan op de knop "[b:5cf44cd8fe]Verwijder geselecteerde[/b:5cf44cd8fe]" - dan zal de volgende melding komen: [img:5cf44cd8fe]http://www.imgdumper.nl/uploads5/4f8d1a4d63784/4f8d1a4d61ffa-EmsisoftEK2.jpg[/img:5cf44cd8fe] [*:5cf44cd8fe]Klik aansluitend dus op "[b:5cf44cd8fe]Ja[/b:5cf44cd8fe]" [*:5cf44cd8fe] Wanneer het verwijderen klaar is, klik dan op de knop "[b:5cf44cd8fe]View report[/b:5cf44cd8fe]" en selecteer het tekstbestand van deze scan met de naam zoals: [b:5cf44cd8fe]a2scan_110730-111615.txt[/b:5cf44cd8fe] [*:5cf44cd8fe] Plaats de inhoud van dat LOG bestand straks in het nieuwe bericht. [*:5cf44cd8fe][color=#008000:5cf44cd8fe][b:5cf44cd8fe]Notabene:[/b:5cf44cd8fe][/color:5cf44cd8fe] Herstart nu de computer.[/list:u:5cf44cd8fe]
  • beste Abraham dit is dan de log van emergency kit Emsisoft Emergency Kit - Versie 1.0 Laatste Update: 4/21/2012 11:56:20 AM Scaninstellingen: Scantype: Diepe Scan Objecten: Geheugen, Sporen, Cookies, C:\ Scan archieven: Aan Heuristieken: Uit ADS Scan: Aan Scan gestart: 4/21/2012 11:56:36 AM C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@doubleclick[2].txt Ontdekt: Trace.TrackingCookie.doubleclick!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@serving-sys[2].txt Ontdekt: Trace.TrackingCookie.serving-sys!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@stat.onestat[2].txt Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@weborama[1].txt Ontdekt: Trace.TrackingCookie.weborama!A2 C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\68f10917-50c08d24/mbcuk\lgsaujulwmwuljgqvjnhwcm.class Ontdekt: JAVA.Agent!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\68f10917-50c08d24/mbcuk\qqpqgkljqvysvdved.class Ontdekt: Java.CVE!IK Gescand Bestanden: 176228 Sporen: 407359 Cookies: 873 Processen: 67 Gevonden Bestanden: 2 Sporen: 0 Cookies: 4 Processen: 0 Registersleutels: 0 Scan Geëindigd: 4/21/2012 1:29:42 PM Scantijd: 1:33:06 C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\68f10917-50c08d24/mbcuk\qqpqgkljqvysvdved.class Verwijderd Java.CVE!IK C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\68f10917-50c08d24/mbcuk\lgsaujulwmwuljgqvjnhwcm.class Verwijderd JAVA.Agent!IK C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@weborama[1].txt Verwijderd Trace.TrackingCookie.weborama!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@stat.onestat[2].txt Verwijderd Trace.TrackingCookie.stat.onestat!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@serving-sys[2].txt Verwijderd Trace.TrackingCookie.serving-sys!A2 C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@doubleclick[2].txt Verwijderd Trace.TrackingCookie.doubleclick!A2 Verwijderd Bestanden: 2 Sporen: 0 Cookies: 4 groetjess
  • [b:9326e53b5b]Welk programma[/b:9326e53b5b]: [color=#008000:9326e53b5b][b:9326e53b5b]OTL.com[/b:9326e53b5b][/color:9326e53b5b] [b:9326e53b5b]Waarvoor/waarom[/b:9326e53b5b]: multifunktioneel tool - analyse en fix [b:9326e53b5b]Moeilijkheidsgraad[/b:9326e53b5b]: geen. [b:9326e53b5b]Download[/b:9326e53b5b]: [url=http://oldtimer.geekstogo.com/OTL.com][b:9326e53b5b][color=red:9326e53b5b]OTL[/color:9326e53b5b][/b:9326e53b5b][/url] en plaats het bestand op het bureaublad. [b:9326e53b5b][color=#008000:9326e53b5b]OTL.com[/color:9326e53b5b] gebruiken[/b:9326e53b5b]: [list:9326e53b5b][*:9326e53b5b] [b:9326e53b5b][color=#0000FF:9326e53b5b]Sluit nu eerst alle nog openstaande programmavensters![/color:9326e53b5b][/b:9326e53b5b] [list:9326e53b5b][*:9326e53b5b]Dubblklik op [img:9326e53b5b]http://www.imgdumper.nl/uploads5/4f91108799372/4f91108798ba0-OTL-1.png[/img:9326e53b5b] [/list:u:9326e53b5b][/list:u:9326e53b5b] [list:9326e53b5b][*:9326e53b5b]Zet een vinkje bij [color=#0000FF:9326e53b5b][b:9326e53b5b]Scan All Users[/b:9326e53b5b][/color:9326e53b5b]. [*:9326e53b5b]Klik op [img:9326e53b5b]http://www.imgdumper.nl/uploads5/4f9112fd1172c/4f9112fd11340-OTL-3.png[/img:9326e53b5b]. [*:9326e53b5b]Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef. [*:9326e53b5b]De scan zal niet heel erg lang duren. [list:9326e53b5b][*:9326e53b5b]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: [b:9326e53b5b]OTL.Txt[/b:9326e53b5b] en [b:9326e53b5b]Extras.txt[/b:9326e53b5b]. [*:9326e53b5b]Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.[/list:u:9326e53b5b][/list:u:9326e53b5b]
  • beste abraham, hierbij de volgende logs. OTL Extras logfile created on: 4/21/2012 2:57:42 PM - Run 1 OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\5736z-453g32mnkk\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 2.93 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 65.60% Memory free 5.86 Gb Paging File | 4.70 Gb Available in Paging File | 80.15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284.99 Gb Total Space | 230.49 Gb Free Space | 80.88% Space Free | Partition Type: NTFS Computer Name: 5736Z-453G32MNK | User Name: 5736z-453g32mnkk | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717:82c71b026c]========== Extra Registry (SafeList) ==========[/color:82c71b026c] [color=#E56717:82c71b026c]========== File Associations ==========[/color:82c71b026c] [b:82c71b026c]64bit:[/b:82c71b026c] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [color=#E56717:82c71b026c]========== Shell Spawning ==========[/color:82c71b026c] [b:82c71b026c]64bit:[/b:82c71b026c] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717:82c71b026c]========== Security Center Settings ==========[/color:82c71b026c] [b:82c71b026c]64bit:[/b:82c71b026c] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [b:82c71b026c]64bit:[/b:82c71b026c] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b:82c71b026c]64bit:[/b:82c71b026c] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b:82c71b026c]64bit:[/b:82c71b026c] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717:82c71b026c]========== System Restore Settings ==========[/color:82c71b026c] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717:82c71b026c]========== Firewall Settings ==========[/color:82c71b026c] [b:82c71b026c]64bit:[/b:82c71b026c] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [b:82c71b026c]64bit:[/b:82c71b026c] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [b:82c71b026c]64bit:[/b:82c71b026c] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717:82c71b026c]========== Authorized Applications List ==========[/color:82c71b026c] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717:82c71b026c]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color:82c71b026c] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "CCleaner" = CCleaner "EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) "HDMI" = Intel(R) Graphics Media Accelerator Driver "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27 "{2869F5EA-93C3-48E5-80DF-DB696BC84A91}" = Windows Live Mail "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64) "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{32061277-9F45-4C3B-8299-D106D5A502ED}" = Windows Live Movie Maker "{35CA031C-D3CD-4A28-8D9B-C71466C4F045}" = Windows Live Writer "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{6FEC9863-5EF2-4A07-9D0B-CA81B47E3F59}" = Windows Live Photo Gallery "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007 "{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007 "{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007 "{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007 "{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007 "{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007 "{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007 "{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007 "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6 "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B9934B1B-CA61-4971-8CC2-F3E00FF4FABC}" = SuperVoip "{C20C2630-B3A7-44BA-BDD0-31E256AE490E}" = Windows Live Call "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{CC38A00D-7EED-46CE-9281-D1D97B81F22A}" = Windows Live Messenger "{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "{E34F703A-1C9D-4B1F-ABBE-D7E8800B860D}" = Windows Live Sync "{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}" = Windows Live Essentials "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "Aangifte inkomstenbelasting 2010" = Aangifte inkomstenbelasting 2010 "Aangifte inkomstenbelasting 2011" = Aangifte inkomstenbelasting 2011 "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection "Adobe AIR" = Adobe AIR "avast" = avast! Free Antivirus "AviSynth" = AviSynth 2.5 "FastVoip" = FastVoip "Identity Card" = Identity Card "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.61.0.1400 "PokerStars" = PokerStars "PROPLUS" = Microsoft Office Professional Plus 2007 "PSP Video 9" = PSP Video 9 6 "SpeakyChat" = SpeakyChat-VoiceChat "Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812 "WebCallDirect_is1" = WebCallDirect "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.00 (32-bit) "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update [color=#E56717:82c71b026c]========== HKEY_USERS Uninstall List ==========[/color:82c71b026c] [HKEY_USERS\S-1-5-21-2811958681-2021223505-3934072247-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8 [color=#E56717:82c71b026c]========== Last 10 Event Log Errors ==========[/color:82c71b026c] Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > OTL logfile created on: 4/21/2012 2:57:42 PM - Run 1 OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\5736z-453g32mnkk\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 2.93 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 65.60% Memory free 5.86 Gb Paging File | 4.70 Gb Available in Paging File | 80.15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284.99 Gb Total Space | 230.49 Gb Free Space | 80.88% Space Free | Partition Type: NTFS Computer Name: 5736Z-453G32MNK | User Name: 5736z-453g32mnkk | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717:82c71b026c]========== Processes (SafeList) ==========[/color:82c71b026c] PRC - [2012/04/21 14:55:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\5736z-453g32mnkk\Desktop\OTL.com PRC - [2011/09/06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2010/06/29 00:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2010/06/22 08:34:48 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010/06/22 08:34:46 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010/06/10 03:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2010/05/27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe PRC - [2010/04/13 18:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010/03/11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010/03/11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2009/01/08 16:36:42 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe [color=#E56717:82c71b026c]========== Modules (No Company Name) ==========[/color:82c71b026c] MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/08/22 00:26:49 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/08/22 00:26:44 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_nl_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010/07/16 11:09:29 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ebcd8fe5503fb048a4b46004b2eef386\IAStorUtil.ni.dll MOD - [2010/06/29 00:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2010/06/10 03:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2009/07/14 06:56:03 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll MOD - [2009/07/14 06:55:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll MOD - [2009/07/14 06:55:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll MOD - [2009/07/14 06:55:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll MOD - [2009/07/14 06:55:14 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll MOD - [2009/07/14 06:55:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll MOD - [2009/07/14 06:55:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll MOD - [2009/07/14 06:55:05 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll MOD - [2009/07/14 06:55:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll MOD - [2009/05/20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll [color=#E56717:82c71b026c]========== Win32 Services (SafeList) ==========[/color:82c71b026c] SRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2011/09/06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2010/06/11 23:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2010/07/16 11:31:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/06/29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010/06/22 08:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010/05/27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010/04/13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) [color=#E56717:82c71b026c]========== Driver Services (SafeList) ==========[/color:82c71b026c] DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2011/09/06 22:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2011/09/06 22:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2011/09/06 22:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2011/09/06 22:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2011/09/06 22:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2011/09/06 22:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2011/04/05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2011/04/05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2011/04/05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2010/07/09 05:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2010/05/24 09:46:36 | 000,246,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2010/05/14 23:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2010/05/11 12:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2010/04/20 04:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2010/04/13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2009/12/10 20:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2009/09/03 17:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2009/09/02 05:54:18 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2009/07/14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2009/07/10 00:45:10 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2009/06/03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2009/06/03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2009/06/03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:[b:82c71b026c]64bit:[/b:82c71b026c] - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717:82c71b026c]========== Standard Registry (SafeList) ==========[/color:82c71b026c] [color=#E56717:82c71b026c]========== Internet Explorer ==========[/color:82c71b026c] IE:[b:82c71b026c]64bit:[/b:82c71b026c] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_5736z&r=27361110f055l0454z1h5v47n2445q IE:[b:82c71b026c]64bit:[/b:82c71b026c] - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:[b:82c71b026c]64bit:[/b:82c71b026c] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:[b:82c71b026c]64bit:[/b:82c71b026c] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2811958681-2021223505-3934072247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ IE - HKU\S-1-5-21-2811958681-2021223505-3934072247-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-2811958681-2021223505-3934072247-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2811958681-2021223505-3934072247-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_nlNL406 IE - HKU\S-1-5-21-2811958681-2021223505-3934072247-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2811958681-2021223505-3934072247-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028 IE - HKU\S-1-5-21-2811958681-2021223505-3934072247-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717:82c71b026c]========== FireFox ==========[/color:82c71b026c] FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\5736z-453g32mnkk\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\5736z-453g32mnkk\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) O1 HOSTS File: ([2012/04/20 17:30:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:[b:82c71b026c]64bit:[/b:82c71b026c] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:[b:82c71b026c]64bit:[/b:82c71b026c] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2811958681-2021223505-3934072247-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-2811958681-2021223505-3934072247-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4:[b:82c71b026c]64bit:[/b:82c71b026c] - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:[b:82c71b026c]64bit:[/b:82c71b026c] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b:82c71b026c]64bit:[/b:82c71b026c] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b:82c71b026c]64bit:[/b:82c71b026c] - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:[b:82c71b026c]64bit:[/b:82c71b026c] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b:82c71b026c]64bit:[/b:82c71b026c] - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKU\S-1-5-21-2811958681-2021223505-3934072247-1000..\Run: [Facebook Update] C:\Users\5736z-453g32mnkk\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2811958681-2021223505-3934072247-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\S-1-5-21-2811958681-2021223505-3934072247-1000..\Run: [WebCallDirect] C:\Program Files (x86)\WebCallDirect.com\WebCallDirect\webcalldirect.exe (WebCallDirect) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\##aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2811958681-2021223505-3934072247-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2811958681-2021223505-3934072247-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:[b:82c71b026c]64bit:[/b:82c71b026c] - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found O8:[b:82c71b026c]64bit:[/b:82c71b026c] - Extra context menu item: Zoek op het web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found O8 - Extra context menu item: Zoek op het web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O10:[b:82c71b026c]64bit:[/b:82c71b026c] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7E54EE5-FE98-4C88-A5DF-7DE27548865F}: DhcpNameServer = 212.54.40.25 212.54.35.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8564E8A-68BF-43CE-B79E-B2C136EBA58A}: DhcpNameServer = 212.54.40.25 212.54.35.25 O18:[b:82c71b026c]64bit:[/b:82c71b026c] - Protocol\Handler\livecall - No CLSID value found O18:[b:82c71b026c]64bit:[/b:82c71b026c] - Protocol\Handler\ms-help - No CLSID value found O18:[b:82c71b026c]64bit:[/b:82c71b026c] - Protocol\Handler\msnim - No CLSID value found O18:[b:82c71b026c]64bit:[/b:82c71b026c] - Protocol\Handler\wlmailhtml - No CLSID value found O20:[b:82c71b026c]64bit:[/b:82c71b026c] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b:82c71b026c]64bit:[/b:82c71b026c] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b:82c71b026c]64bit:[/b:82c71b026c] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b:82c71b026c]64bit:[/b:82c71b026c] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:[b:82c71b026c]64bit:[/b:82c71b026c] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b:82c71b026c]64bit:[/b:82c71b026c] - HKLM\..comfile [open] -- "%1" %* O35:[b:82c71b026c]64bit:[/b:82c71b026c] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b:82c71b026c]64bit:[/b:82c71b026c] - HKLM\...com [@ = ComFile] -- "%1" %* O37:[b:82c71b026c]64bit:[/b:82c71b026c] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717:82c71b026c]========== Files/Folders - Created Within 30 Days ==========[/color:82c71b026c] [2012/04/21 14:55:47 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\5736z-453g32mnkk\Desktop\OTL.com [2012/04/21 11:52:08 | 001,585,560 | ---- | C] (Emsi Software GmbH) -- C:\Users\5736z-453g32mnkk\Desktop\start.exe [2012/04/21 11:52:04 | 000,000,000 | ---D | C] -- C:\Users\5736z-453g32mnkk\Desktop\Run [2012/04/21 11:52:04 | 000,000,000 | ---D | C] -- C:\Users\5736z-453g32mnkk\Desktop\Languages [2012/04/20 17:41:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/04/20 17:13:40 | 000,000,000 | ---D | C] -- C:\TDSSStarter [2012/04/19 19:16:28 | 000,000,000 | ---D | C] -- C:\Users\5736z-453g32mnkk\AppData\Roaming\Malwarebytes [2012/04/19 19:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/04/19 19:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/04/19 19:16:04 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/04/19 19:16:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/04/19 19:15:13 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\5736z-453g32mnkk\Desktop\mbam-setup-1.61.0.1400.exe [2012/04/18 21:15:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\5736z-453g32mnkk\Desktop\HijackThis.exe [2012/04/18 20:52:40 | 000,094,296 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbtis.sys [2012/04/18 20:52:40 | 000,060,504 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbhips.sys [2012/04/18 20:52:35 | 000,253,528 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFw.sys [2012/04/18 20:52:35 | 000,084,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFwIm.sys [2012/04/18 20:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2012/04/18 20:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus [2012/04/18 20:52:14 | 000,000,000 | ---D | C] -- C:\Users\5736z-453g32mnkk\AppData\Local\adawarebp [2012/04/18 20:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2012/04/18 20:51:30 | 000,000,000 | ---D | C] -- C:\Users\5736z-453g32mnkk\AppData\Roaming\Ad-Aware Antivirus [2012/04/18 20:50:45 | 006,243,960 | ---- | C] (Lavasoft Limited) -- C:\Users\5736z-453g32mnkk\Desktop\Adaware_Installer.exe [2012/04/18 20:28:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/04/18 20:28:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/04/18 20:28:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/04/18 20:28:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/04/18 20:27:38 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/04/18 20:25:56 | 004,467,856 | R--- | C] (Swearware) -- C:\Users\5736z-453g32mnkk\Desktop\ComboFix.exe [2012/04/18 20:06:17 | 000,000,000 | ---D | C] -- C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD [2012/04/12 22:38:04 | 000,000,000 | ---D | C] -- C:\Users\5736z-453g32mnkk\AppData\Roaming\Password Generator Professional [2012/04/12 22:37:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kristanix [2 C:\Users\5736z-453g32mnkk\Desktop\*.tmp files -> C:\Users\5736z-453g32mnkk\Desktop\*.tmp -> ] [color=#E56717:82c71b026c]========== Files - Modified Within 30 Days ==========[/color:82c71b026c] [2012/04/21 14:55:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\5736z-453g32mnkk\Desktop\OTL.com [2012/04/21 13:43:54 | 000,009,696 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/21 13:43:54 | 000,009,696 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/21 13:36:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/21 13:36:21 | 2360,844,288 | -HS- | M] () -- C:\hiberfil.sys [2012/04/21 13:28:02 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2811958681-2021223505-3934072247-1000UA.job [2012/04/20 17:30:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/04/20 17:12:15 | 000,093,184 | ---- | M] () -- C:\Users\5736z-453g32mnkk\Desktop\TDSSKStarter.exe [2012/04/19 19:33:34 | 001,523,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/04/19 19:33:34 | 000,691,728 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2012/04/19 19:33:34 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/04/19 19:33:34 | 000,130,232 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2012/04/19 19:33:34 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/04/19 19:28:02 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2811958681-2021223505-3934072247-1000Core.job [2012/04/19 19:16:07 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/19 19:15:18 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\5736z-453g32mnkk\Desktop\mbam-setup-1.61.0.1400.exe [2012/04/19 17:13:32 | 129,584,518 | ---- | M] () -- C:\Users\5736z-453g32mnkk\Desktop\EmsisoftEmergencyKit.zip [2012/04/19 17:06:20 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job [2012/04/19 11:12:50 | 000,000,112 | ---- | M] () -- C:\Users\5736z-453g32mnkk\Desktop\autorun.inf [2012/04/19 11:12:48 | 001,585,560 | ---- | M] (Emsi Software GmbH) -- C:\Users\5736z-453g32mnkk\Desktop\start.exe [2012/04/19 11:12:38 | 000,000,060 | ---- | M] () -- C:\Users\5736z-453g32mnkk\Desktop\CommandlineScanner.bat [2012/04/19 11:12:38 | 000,000,056 | ---- | M] () -- C:\Users\5736z-453g32mnkk\Desktop\EmergencyKitScanner.bat [2012/04/18 21:15:04 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\5736z-453g32mnkk\Desktop\HijackThis.exe [2012/04/18 20:50:57 | 006,243,960 | ---- | M] (Lavasoft Limited) -- C:\Users\5736z-453g32mnkk\Desktop\Adaware_Installer.exe [2012/04/18 20:26:06 | 004,467,856 | R--- | M] (Swearware) -- C:\Users\5736z-453g32mnkk\Desktop\ComboFix.exe [2012/04/18 20:13:18 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2012/04/18 20:06:35 | 000,000,000 | ---- | M] () -- C:\ProgramData\-7NvWDE3vssCkMv [2012/04/18 20:06:17 | 000,000,675 | ---- | M] () -- C:\Users\5736z-453g32mnkk\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2 C:\Users\5736z-453g32mnkk\Desktop\*.tmp files -> C:\Users\5736z-453g32mnkk\Desktop\*.tmp -> ] [color=#E56717:82c71b026c]========== Files Created - No Company Name ==========[/color:82c71b026c] [2012/04/21 11:52:08 | 000,000,112 | ---- | C] () -- C:\Users\5736z-453g32mnkk\Desktop\autorun.inf [2012/04/21 11:52:06 | 000,000,056 | ---- | C] () -- C:\Users\5736z-453g32mnkk\Desktop\EmergencyKitScanner.bat [2012/04/21 11:52:05 | 000,000,060 | ---- | C] () -- C:\Users\5736z-453g32mnkk\Desktop\CommandlineScanner.bat [2012/04/20 17:12:11 | 000,093,184 | ---- | C] () -- C:\Users\5736z-453g32mnkk\Desktop\TDSSKStarter.exe [2012/04/19 19:16:07 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/19 17:13:30 | 129,584,518 | ---- | C] () -- C:\Users\5736z-453g32mnkk\Desktop\EmsisoftEmergencyKit.zip [2012/04/18 20:55:14 | 000,000,966 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job [2012/04/18 20:28:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/04/18 20:28:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/04/18 20:28:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/04/18 20:28:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/04/18 20:28:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/04/18 20:13:18 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2012/04/18 20:06:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\-7NvWDE3vssCkMv [2012/04/18 20:06:17 | 000,000,675 | ---- | C] () -- C:\Users\5736z-453g32mnkk\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk [2012/02/05 00:00:49 | 000,000,230 | ---- | C] () -- C:\Windows\wininit.ini [2011/11/20 23:32:59 | 000,010,240 | ---- | C] () -- C:\Users\5736z-453g32mnkk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/10/12 00:26:57 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010/08/21 23:44:43 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe [2010/08/21 23:44:43 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe [2010/08/21 23:44:43 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini [2010/08/21 23:44:43 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini [2010/07/16 11:41:17 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2010/07/16 11:41:17 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2010/07/16 11:41:17 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2010/07/16 11:41:16 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [color=#E56717:82c71b026c]========== LOP Check ==========[/color:82c71b026c] [2012/04/19 17:15:51 | 000,000,000 | ---D | M] -- C:\Users\5736z-453g32mnkk\AppData\Roaming\Ad-Aware Antivirus [2011/10/04 18:21:54 | 000,000,000 | ---D | M] -- C:\Users\5736z-453g32mnkk\AppData\Roaming\AVG9 [2012/03/12 10:28:25 | 000,000,000 | ---D | M] -- C:\Users\5736z-453g32mnkk\AppData\Roaming\Belastingdienst [2012/04/12 22:38:04 | 000,000,000 | ---D | M] -- C:\Users\5736z-453g32mnkk\AppData\Roaming\Password Generator Professional [2012/03/25 00:17:23 | 000,000,000 | ---D | M] -- C:\Users\5736z-453g32mnkk\AppData\Roaming\WebCallDirect [2012/04/19 17:06:20 | 000,000,966 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job [2012/04/19 19:28:02 | 000,000,950 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2811958681-2021223505-3934072247-1000Core.job [2012/04/21 13:28:02 | 000,000,972 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2811958681-2021223505-3934072247-1000UA.job [2012/03/09 20:53:54 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717:82c71b026c]========== Purity Check ==========[/color:82c71b026c] [color=#E56717:82c71b026c]========== Alternate Data Streams ==========[/color:82c71b026c] @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1A60DE96 < End of report > groetjess
  • Hallo Demi, ga naar [b:4003d2f3de]Configuratiescherm\[color=#0000FF:4003d2f3de]Programma's en onderdelen[/color:4003d2f3de][/b:4003d2f3de] en verwijder daar Lavasoft AdAware. Want twee antivirusprogramma's in Windows is één teveel. Bovendien zal jouw Windows ook blij zijn als Lavasoft weg is. Daarnaast gebruik je een verouderde Java. Download daarom nu eerst [url=http://javadl.sun.com/webapps/download/AutoDL?BundleId=60336][b:4003d2f3de]Java 6 Update 31 (x86) voor Windows 7/XP/Vista/2000/2003/2008 Offline[/b:4003d2f3de][/url] naar jouw bureaublad. [b:4003d2f3de]Echter nog niet de nieuwe versie installeren![/b:4003d2f3de] Je gaat daarna eerst naar Configuratiescherm [list:4003d2f3de][*:4003d2f3de][b:4003d2f3de]Software[/b:4003d2f3de] - Windows 2000/Windows XP [*:4003d2f3de][b:4003d2f3de]Programma's en onderdelen[/b:4003d2f3de] - Windows Vista en Windows 7[/list:u:4003d2f3de] en je verwijdert daar [b:4003d2f3de]Java(TM) 6 Update 27[/b:4003d2f3de] Vervolgens start jij je PC opnieuw op. Dan mag je daarna de nieuwste Java versie installeren. Heb je bovenstaande gedaan, ga je ver met wat hieronder staat. [b:4003d2f3de]Sluit voordat [color=#008000:4003d2f3de]OTL[/color:4003d2f3de] de fix gaat doen, eerst alle andere openstaande vensters![/b:4003d2f3de] [list:4003d2f3de][*:4003d2f3de]Dubblklik op [img:4003d2f3de]http://www.imgdumper.nl/uploads5/4f91108799372/4f91108798ba0-OTL-1.png[/img:4003d2f3de] [*:4003d2f3de]Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het kader onder [img:4003d2f3de]http://www.imgdumper.nl/uploads5/4f9111a6d2e57/4f9111a6d2a6c-OTL-2.png[/img:4003d2f3de] [b:4003d2f3de][color=#0000FF:4003d2f3de] :OTL O8:64bit: - Extra context menu item: Zoek op het web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found [2011/10/04 18:21:54 | 000,000,000 | ---D | M] -- C:\Users\5736z-453g32mnkk\AppData\Roaming\AVG9 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1A60DE96 :Services :Reg :Files ipconfig /flushdns /c :Commands [purity] [emptytemp] [resethosts] [emptyjava] [emptyflash] [createrestorepoint] [reboot][/color:4003d2f3de][/b:4003d2f3de] [*:4003d2f3de]Klik daarna bovenaan op [img:4003d2f3de]http://www.imgdumper.nl/uploads5/4f911cee9de47/4f911cee9da59-OTL-4.png[/img:4003d2f3de] [*:4003d2f3de]Laat het programma ongestoord zijn werk doen. [*:4003d2f3de][color=#FF0000:4003d2f3de][b:4003d2f3de]OTL zal na de scan melden dat de PC opnieuw opgestart gaat worden. Sta dat dus toe.[/b:4003d2f3de][/color:4003d2f3de] [*:4003d2f3de]Klik op [b:4003d2f3de]OK[/b:4003d2f3de] [*:4003d2f3de]Na het opnieuw opstarten wordt enkel een nieuw log geopend.[/list:u:4003d2f3de]

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.