Vraag & Antwoord

Beveiliging & privacy

meerdere trojan op comp

15 antwoorden
  • hoi ik heb heel veel rotzooi gekregen en krijg het er niet af iemand een idee het gaar om deze dingen Adware.Win32.WinadW32.Yaha.B@mmMagic DVD RipperTrojan-PSW.Win32.LdPinch.abmTrojan virtumondeTrojan.Fakealert.355Trojan.Qoologic - Key LoggerAdware.Win32.Look2me.abTrojan Horse IRC/Backdoor.SdBot4.FRVWin32/Hoax.Renos.HXnoise.datemptyregdb.datmpr.dllieakui.dllSET3.tmpcountry.sysahui.exepopcinfo.datdsdmo.dllActive Setup Log.txt alvast bedankt
  • Hallo Sanneke, met wat jij gepost heb kan ik nog niks aanvangen. [b:adfa164420]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:adfa164420] [color=#0000FF:adfa164420][list:adfa164420][*:adfa164420]Lees telkens elke instruktie eerst goed door. [*:adfa164420]De gegeven instrukties gelden alleen jouw Windows. [*:adfa164420]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat mogelijk serieuze problemen in Windows veroorzaken. [*:adfa164420][b:adfa164420]Installeer geen nieuwe programma's, updates of nieuwe hardware terwijl we met de fix bezig zijn. [*:adfa164420]Gebruik ook geen andere programma's of tools dan diegenen waartoe ik opdracht geef.[/b:adfa164420] [*:adfa164420] Emoticons (smileys) a.u.b. uitzetten, wanneer je een log post. [*:adfa164420]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken. [*:adfa164420]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht. [*:adfa164420]Ook indien je iets niet begrijpt, meldt dat dan. [*:adfa164420]De fix, eenmaal gestart, dient afgewerkt te worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:adfa164420][/color:adfa164420] [b:adfa164420]Welk programma[/b:adfa164420]: [color=#008000:adfa164420][b:adfa164420]OTL.com[/b:adfa164420][/color:adfa164420] [b:adfa164420]Waarvoor/waarom[/b:adfa164420]: multifunktioneel tool - analyse en fix [b:adfa164420]Moeilijkheidsgraad[/b:adfa164420]: geen. [b:adfa164420]Download[/b:adfa164420]: [url=http://oldtimer.geekstogo.com/OTL.com][b:adfa164420][color=red:adfa164420]OTL[/color:adfa164420][/b:adfa164420][/url] en plaats het bestand op het bureaublad. [b:adfa164420][color=#008000:adfa164420]OTL.com[/color:adfa164420] gebruiken[/b:adfa164420]: [list:adfa164420][*:adfa164420] [b:adfa164420][color=#0000FF:adfa164420]Sluit nu eerst alle nog openstaande programmavensters![/color:adfa164420][/b:adfa164420] [list:adfa164420][*:adfa164420]Dubblklik op [img:adfa164420]http://www.imgdumper.nl/uploads5/4f91108799372/4f91108798ba0-OTL-1.png[/img:adfa164420] [/list:u:adfa164420][/list:u:adfa164420] [list:adfa164420][*:adfa164420]Zet een vinkje bij [color=#0000FF:adfa164420][b:adfa164420]Scan All Users[/b:adfa164420][/color:adfa164420]. [*:adfa164420]Klik op [img:adfa164420]http://www.imgdumper.nl/uploads5/4f9112fd1172c/4f9112fd11340-OTL-3.png[/img:adfa164420]. [*:adfa164420]Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef. [*:adfa164420]De scan zal niet heel erg lang duren. [list:adfa164420][*:adfa164420]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: [b:adfa164420]OTL.Txt[/b:adfa164420] en [b:adfa164420]Extras.txt[/b:adfa164420]. [*:adfa164420]Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.[/list:u:adfa164420] [*:adfa164420][color=#008000:adfa164420][b:adfa164420]Notabene:[/b:adfa164420][/color:adfa164420] indien het log niet in één bericht past, spreidt het dan over twee of meer berichten.[/list:u:adfa164420]
  • OTL Extras logfile created on: 27-4-2012 16:21:14 - Run 1 OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\rovo\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19222) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 3,50 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 68,81% Memory free 7,21 Gb Paging File | 5,27 Gb Available in Paging File | 73,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,03 Gb Total Space | 102,74 Gb Free Space | 35,67% Space Free | Partition Type: NTFS Drive D: | 298,09 Gb Total Space | 286,79 Gb Free Space | 96,21% Space Free | Partition Type: NTFS Drive E: | 10,00 Gb Total Space | 5,76 Gb Free Space | 57,61% Space Free | Partition Type: NTFS Drive M: | 232,83 Gb Total Space | 29,67 Gb Free Space | 12,74% Space Free | Partition Type: FAT32 Computer Name: PC_VAN_ROVO | User Name: rovo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717:53969fc904]========== Extra Registry (SafeList) ==========[/color:53969fc904] [color=#E56717:53969fc904]========== File Associations ==========[/color:53969fc904] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [color=#E56717:53969fc904]========== Shell Spawning ==========[/color:53969fc904] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717:53969fc904]========== Security Center Settings ==========[/color:53969fc904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717:53969fc904]========== Firewall Settings ==========[/color:53969fc904] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717:53969fc904]========== Authorized Applications List ==========[/color:53969fc904] [color=#E56717:53969fc904]========== Vista Active Open Ports Exception List ==========[/color:53969fc904] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{80ECAD16-43FF-4801-858A-13392117A8C1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{92835399-D38C-48C4-A53C-A214E9778B47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{B4097843-37D3-4F4A-A289-39B057290C18}" = lport=2869 | protocol=6 | dir=in | app=system | "{B83896A8-796A-4296-9FB4-A425B578B0D1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | [color=#E56717:53969fc904]========== Vista Active Application Exception List ==========[/color:53969fc904] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{295C0FB7-00CC-46E7-86DD-D4F4B25B8179}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe | "{5F6A16C3-AF02-46AE-BFF4-4531B11B722F}" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{78BFAD1B-02DB-4BAF-8E54-ABEF91DAB061}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{87AEAB5F-04C9-43ED-9F1E-2A610A3BC5F2}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{BE86A660-1CE5-4D10-9893-C1A7B18DBF94}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{CA2201EF-00CB-40E5-BBF1-008A1B7FC79A}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe | "{D243FE42-23F1-4D6B-8C78-7D552F46DBBE}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe | "{D3613F22-06BB-4534-9CEF-BC140F7E794E}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "{E0074CBA-D232-48E1-9803-ADA2A1D5EF35}" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{E29305F4-4659-4713-9AC9-DADF904E1285}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "{E9964816-37FC-43C5-A10B-29D5B4D6715A}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{EE7AD643-E0BE-444A-BDA6-5FB987884E0F}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe | "TCP Query User{11BFB718-7E93-46D0-B54A-A4C435708431}D:\program files\ea games\mohaa\mohaa.exe" = protocol=6 | dir=in | app=d:\program files\ea games\mohaa\mohaa.exe | "TCP Query User{25ACD757-7304-4902-94A4-D3EA0A66ABFF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{571755C9-DFB9-40A8-A517-C32787093D1B}D:\program files\lego media\constructive\lego loco\exe\loco.exe" = protocol=6 | dir=in | app=d:\program files\lego media\constructive\lego loco\exe\loco.exe | "TCP Query User{7E991C62-BEA1-4356-8EAA-A6F3C44C67BF}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "TCP Query User{D734E9C7-257C-43BA-B2ED-8926DE746CA5}D:\program files\ravenshield\system\ravenshield.exe" = protocol=6 | dir=in | app=d:\program files\ravenshield\system\ravenshield.exe | "UDP Query User{02B2FC71-516E-43AF-9D9C-1A49F621865C}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{07F8785E-620A-485D-ABA1-1115EEF3ABB1}D:\program files\lego media\constructive\lego loco\exe\loco.exe" = protocol=17 | dir=in | app=d:\program files\lego media\constructive\lego loco\exe\loco.exe | "UDP Query User{667EF503-39AF-4E63-8376-4465A4E7481F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{6CA1BD44-3368-4DFE-8F9A-3C76BA45E1A8}D:\program files\ravenshield\system\ravenshield.exe" = protocol=17 | dir=in | app=d:\program files\ravenshield\system\ravenshield.exe | "UDP Query User{9BE47348-7ABF-4AE5-8EF8-2FE5AA3FDB47}D:\program files\ea games\mohaa\mohaa.exe" = protocol=17 | dir=in | app=d:\program files\ea games\mohaa\mohaa.exe | [color=#E56717:53969fc904]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color:53969fc904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00010413-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4300 "{045DB95B-F123-B440-D999-AD083AA55196}" = CCC Help German "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{072B53D7-DAAD-4562-8764-B528D0ADA7C4}" = Windows Live Family Safety "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault "{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers "{11CB6E0D-FFB2-7FAE-17FC-CA92BEE8F24A}" = Catalyst Control Center Localization Japanese "{1400192B-D969-6FD4-8044-E2D07C5ADE3A}" = Catalyst Control Center Localization German "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{14BD87BE-02AA-8E04-602C-B20A43267F5B}" = CCC Help Japanese "{1662D4E1-B469-D6A3-085B-0B5350BF7CA5}" = Catalyst Control Center Localization Italian "{168879EE-A348-BFB7-3622-3651449C629F}" = CCC Help Italian "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{184A0FAD-8D80-4ADA-AF98-D94843D53A1E}" = Photo Viewer "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1A8E3C5D-B772-CB4A-1117-751B5D79787B}" = Catalyst Control Center Graphics Light "{1B2E11A4-8566-B8C7-3FB6-0D2A6F8D2139}" = CCC Help Portuguese "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack "{266156C9-F681-A84B-083C-D2052A461583}" = Catalyst Control Center Graphics Full New "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2A6FFA23-9188-E796-4AFF-196A2004AA39}" = ccc-utility "{2C086D06-187A-4050-ADD4-2F9D033651B4}" = Aan de slag met Dell "{2EE437A9-75E3-10D1-3633-D4E8D6043503}" = CCC Help Spanish "{2F3BCA05-4FD4-9418-1976-32F783E43DF4}" = Catalyst Control Center Graphics Full Existing "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6 "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CE8C77E-8703-B62E-8F7C-31F7AA97F2A7}" = Catalyst Control Center Localization French "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{4524E7FD-A547-C564-CD8F-A872F7C39029}" = CCC Help French "{4557F7B2-3177-4D09-B2AE-1452EB634ADB}" = Dora Verloren Stad "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5158F1F5-FA1B-4D49-B546-55A5004B89BD}" = Microsoft Works "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{533A9692-E8EA-4ED9-9EF3-2111F14FE8E8}" = GeldManager "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM) "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{6E4FC36F-A7B5-EE38-2FE4-7D0D94D230F5}" = Catalyst Control Center Localization Portuguese "{6EF2AFEF-2044-4A85-ED1F-E70A568D7ED9}" = Catalyst Control Center Localization Turkish "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{75E43994-2C6D-4412-AC3F-7C41EB79FAD7}_is1" = Wordfeud versie 1.0.0 "{75F8E142-7720-156D-C74C-80AA0974B993}" = CCC Help Polish "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7727DA6C-A845-890D-2B48-7863A93F167C}" = Catalyst Control Center Localization Korean "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites voor Windows Live Toolbar "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7BC2118A-FF8C-4692-B25E-D5A5C14FB470}" = ESET NOD32 Antivirus "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{87CA11B3-C4CE-D989-42C7-C6197B266EFD}" = CCC Help Chinese Standard "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0020-0413-0000-0000000FF1CE}" = Compatibiliteitspakket voor het 2007 Microsoft Office system "{91897B2C-B407-48C2-A76C-E6AC47A9B6A0}" = Extensie voor Windows Live Toolbar (Windows Live Toolbar) "{91F2493D-8A65-7BF3-5684-9D6397F8847D}" = Catalyst Control Center Core Implementation "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{95120000-00AF-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Dutch) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9794B30C-0FCB-3658-B44F-33BDDC788C2D}" = CCC Help English "{994FCE98-1379-2A33-24BC-F092466CC5C4}" = Catalyst Control Center Localization Thai "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.30" = MioMore Desktop 7.30 "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1043-7B44-A95000000001}" = Adobe Reader 9.5.0 - Nederlands "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AC7C7307-6324-D891-1E53-77B00E4F0961}" = CCC Help Turkish "{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com "{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3: Raven Shield "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{B6EECBB7-BDA4-4E52-2BD6-69D70215AC48}" = Catalyst Control Center Localization Polish "{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C279E4B3-9FCD-9D82-7A83-B773C2D4E526}" = Catalyst Control Center Localization Hungarian "{C2D192BE-5E2C-92CF-56A0-28C7D9D67B96}" = CCC Help Hungarian "{C2F3DB53-EF8E-4885-36C4-34C4911FEAE0}" = ccc-core-static "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{C486C7E9-5591-8777-CEB5-FA373AFE6711}" = Catalyst Control Center Localization Spanish "{C57606D6-7A44-4A99-D6D0-BA07FD3ACCEA}" = Catalyst Control Center Localization Chinese Traditional "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C7B19C32-356F-4563-A71A-7A5A87E27F5B}" = AmbraSoft Familiepakket 1112 Demo "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D379100F-65A2-4B54-D568-CD2BE238C6A3}" = Catalyst Control Center Graphics Previews Vista "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{D973AE1D-ACB1-2C54-92FE-A29E2A7482C0}" = CCC Help Thai "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{DC54F2F8-C26F-4D22-B92D-7075BC626106}" = Smart Menu's (Windows Live Toolbar) "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0EFA6E0-2A18-A83B-34EA-8435EFEE1285}" = CCC Help Korean "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10 "{E24EDDF0-93A0-95CC-509A-1C012180F8CB}" = Skins "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{E34F703A-1C9D-4B1F-ABBE-D7E8800B860D}" = Windows Live Sync "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center "{E53C563F-1157-20B2-1276-755A22E814D2}" = Catalyst Control Center Localization Chinese Standard "{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}" = The Matrix - Path of Neo "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10 "{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM) "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{F6B8797E-923E-4902-9698-62937FE80FAB}" = CCC Help Chinese Traditional "{FBF1268D-3323-545E-4DD0-F45AD313E37E}" = Catalyst Control Center Graphics Previews Common "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "76322c23820ae7473cdebbff3eceb262" = Cars "Aangifte inkomstenbelasting 2011" = Aangifte inkomstenbelasting 2011 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "Any DVD Shrink_is1" = Any DVD Shrink 1.2.9 "AVI to DVD Converter" = AVI to DVD Converter "BitComet" = BitComet 1.25 "C62C7F8B4DBDBBC3DA11788634DAE156425CCA10" = Windows Driver Package - OEM (mr7911) Image (05/27/2008 1.0.0.0) "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "DivX Setup" = DivX Setup "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "Gebruikersregistratie voor Canon MP550 series" = Gebruikersregistratie voor Canon MP550 series "Google Desktop" = Google Desktop "GoToAssist" = GoToAssist 8.0.0.514 "Huur- en zorgtoeslag 2011" = Huur- en zorgtoeslag 2011 "InstallShield_{533A9692-E8EA-4ED9-9EF3-2111F14FE8E8}" = GeldManager "InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic "Kinderopvangtoeslag 2011" = Kinderopvangtoeslag 2011 "Kindgebonden budget 2011" = Kindgebonden budget 2011 "LEGO Creator" = LEGO Creator "LEGO LOCO" = LEGO LOCO "LEGOLANDDeInstKey" = LEGOLAND "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.61.0.1400 "Media Player - Codec Pack" = Media Player Codec Pack 3.9.5 "Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD "Mijn Dierenkliniek in Afrika_is1" = Mijn Dierenkliniek in Afrika "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0 "New LEGO Digital Designer" = LEGO Digital Designer "Noddy - Veilig in het verkeer" = Noddy - Veilig in het verkeer "NVIDIA Drivers" = NVIDIA Drivers "PHPNukeDU Toolbar" = PHPNukeDU Toolbar "RealPlayer 15.0" = RealPlayer "TomTom HOME" = TomTom HOME 2.8.3.2499 "UnityWebPlayer" = Unity Web Player (All users) "WinAVI All in One Converter" = WinAVI All in One Converter "WinLiveSuite" = Windows Live Essentials "Zynga Toolbar" = Zynga Toolbar [color=#E56717:53969fc904]========== HKEY_USERS Uninstall List ==========[/color:53969fc904] [HKEY_USERS\S-1-5-21-2002451365-2551685908-1787832852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "Google Chrome" = Google Chrome [color=#E56717:53969fc904]========== HKEY_USERS Uninstall List ==========[/color:53969fc904] [HKEY_USERS\S-1-5-21-2002451365-2551685908-1787832852-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater [color=#E56717:53969fc904]========== Last 10 Event Log Errors ==========[/color:53969fc904] [ Application Events ] Error - 31-3-2012 2:09:12 | Computer Name = PC_van_rovo | Source = Application Hang | ID = 1002 Description = Programma NODDY.exe, versie 0.0.0.0 reageert niet meer op Windows en is afgesloten. Als u wilt zien of meer informatie over het probleem beschikbaar is, kunt u de probleemgeschiedenis in onderdeel Probleemrapporten en -oplossingen in het Configuratiescherm controleren. Proces-id: 2a8 Starttijd: 01cd0f041c6fa8d0 Eindtijd: 17 Error - 1-4-2012 3:47:49 | Computer Name = PC_van_rovo | Source = Application Hang | ID = 1002 Description = Programma NODDY.exe, versie 0.0.0.0 reageert niet meer op Windows en is afgesloten. Als u wilt zien of meer informatie over het probleem beschikbaar is, kunt u de probleemgeschiedenis in onderdeel Probleemrapporten en -oplossingen in het Configuratiescherm controleren. Proces-id: 15e0 Starttijd: 01cd0fdba4937ca0 Eindtijd: 19 Error - 1-4-2012 3:55:12 | Computer Name = PC_van_rovo | Source = Application Hang | ID = 1002 Description = Programma NODDY.exe, versie 0.0.0.0 reageert niet meer op Windows en is afgesloten. Als u wilt zien of meer informatie over het probleem beschikbaar is, kunt u de probleemgeschiedenis in onderdeel Probleemrapporten en -oplossingen in het Configuratiescherm controleren. Proces-id: f7c Starttijd: 01cd0fdc8abaeba0 Eindtijd: 9 Error - 1-4-2012 3:56:53 | Computer Name = PC_van_rovo | Source = MsiInstaller | ID = 1013 Description = Error - 1-4-2012 3:59:14 | Computer Name = PC_van_rovo | Source = Application Hang | ID = 1002 Description = Programma NODDY.exe, versie 0.0.0.0 reageert niet meer op Windows en is afgesloten. Als u wilt zien of meer informatie over het probleem beschikbaar is, kunt u de probleemgeschiedenis in onderdeel Probleemrapporten en -oplossingen in het Configuratiescherm controleren. Proces-id: 173c Starttijd: 01cd0fdd03121c40 Eindtijd: 35 Error - 1-4-2012 4:01:55 | Computer Name = PC_van_rovo | Source = Application Hang | ID = 1002 Description = Programma NODDY.exe, versie 0.0.0.0 reageert niet meer op Windows en is afgesloten. Als u wilt zien of meer informatie over het probleem beschikbaar is, kunt u de probleemgeschiedenis in onderdeel Probleemrapporten en -oplossingen in het Configuratiescherm controleren. Proces-id: 15a8 Starttijd: 01cd0fdd9adb6900 Eindtijd: 72 Error - 1-4-2012 4:04:35 | Computer Name = PC_van_rovo | Source = Application Hang | ID = 1002 Description = Programma NODDY.exe, versie 0.0.0.0 reageert niet meer op Windows en is afgesloten. Als u wilt zien of meer informatie over het probleem beschikbaar is, kunt u de probleemgeschiedenis in onderdeel Probleemrapporten en -oplossingen in het Configuratiescherm controleren. Proces-id: 1418 Starttijd: 01cd0fddf368dfd0 Eindtijd: 27 Error - 1-4-2012 4:09:01 | Computer Name = PC_van_rovo | Source = Application Hang | ID = 1002 Description = Programma NODDY.exe, versie 0.0.0.0 reageert niet meer op Windows en is afgesloten. Als u wilt zien of meer informatie over het probleem beschikbaar is, kunt u de probleemgeschiedenis in onderdeel Probleemrapporten en -oplossingen in het Configuratiescherm controleren. Proces-id: d6c Starttijd: 01cd0fde895e8da0 Eindtijd: 16 Error - 1-4-2012 4:58:44 | Computer Name = PC_van_rovo | Source = Application Hang | ID = 1002 Description = Programma Explorer.EXE, versie 6.0.6002.18005 reageert niet meer op Windows en is afgesloten. Als u wilt zien of meer informatie over het probleem beschikbaar is, kunt u de probleemgeschiedenis in onderdeel Probleemrapporten en -oplossingen in het Configuratiescherm controleren. Proces-id: 798 Starttijd: 01cd0dba500db5e0 Eindtijd: 47 Error - 1-4-2012 10:05:22 | Computer Name = PC_van_rovo | Source = Application Error | ID = 1000 Description = Toepassing met fout iexplore.exe, versie 8.0.6001.19190, tijdstempel 0x4ee97b78, module met fout unknown, versie 0.0.0.0, tijdstempel 0x00000000, uitzonderingscode 0xc0000005, foutmarge 0x023d0e90, proces-id 0xbc4, starttijd van toepassing 0x01cd100fc675ef40. [ Media Center Events ] Error - 24-3-2011 11:42:46 | Computer Name = PC_van_rovo | Source = ehRecvr | ID = 3 Description = Error - 24-3-2011 11:43:49 | Computer Name = PC_van_rovo | Source = ehRecvr | ID = 3 Description = Error - 24-3-2011 11:45:55 | Computer Name = PC_van_rovo | Source = ehRecvr | ID = 3 Description = Error - 24-3-2011 11:46:58 | Computer Name = PC_van_rovo | Source = ehRecvr | ID = 3 Description = Error - 23-6-2011 0:32:01 | Computer Name = PC_van_rovo | Source = ehRecvr | ID = 3 Description = [ System Events ] Error - 25-4-2012 11:41:20 | Computer Name = PC_van_rovo | Source = atikmdag | ID = 43034 Description = Unknown EDID version Error - 25-4-2012 11:41:21 | Computer Name = PC_van_rovo | Source = atikmdag | ID = 43034 Description = Unknown EDID version Error - 25-4-2012 15:03:09 | Computer Name = PC_van_rovo | Source = atikmdag | ID = 43034 Description = Unknown EDID version Error - 26-4-2012 8:34:29 | Computer Name = PC_van_rovo | Source = atikmdag | ID = 43034 Description = Unknown EDID version Error - 26-4-2012 8:34:30 | Computer Name = PC_van_rovo | Source = atikmdag | ID = 43034 Description = Unknown EDID version Error - 26-4-2012 8:34:31 | Computer Name = PC_van_rovo | Source = atikmdag | ID = 43034 Description = Unknown EDID version Error - 26-4-2012 13:34:48 | Computer Name = PC_van_rovo | Source = atikmdag | ID = 43034 Description = Unknown EDID version Error - 27-4-2012 8:07:32 | Computer Name = PC_van_rovo | Source = DCOM | ID = 10010 Description = Error - 27-4-2012 10:03:50 | Computer Name = PC_van_rovo | Source = atikmdag | ID = 43034 Description = Unknown EDID version Error - 27-4-2012 10:03:50 | Computer Name = PC_van_rovo | Source = atikmdag | ID = 43034 Description = Unknown EDID version < End of report >
  • OTL logfile created on: 27-4-2012 16:21:14 - Run 1 OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\rovo\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19222) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 3,50 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 68,81% Memory free 7,21 Gb Paging File | 5,27 Gb Available in Paging File | 73,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,03 Gb Total Space | 102,74 Gb Free Space | 35,67% Space Free | Partition Type: NTFS Drive D: | 298,09 Gb Total Space | 286,79 Gb Free Space | 96,21% Space Free | Partition Type: NTFS Drive E: | 10,00 Gb Total Space | 5,76 Gb Free Space | 57,61% Space Free | Partition Type: NTFS Drive M: | 232,83 Gb Total Space | 29,67 Gb Free Space | 12,74% Space Free | Partition Type: FAT32 Computer Name: PC_VAN_ROVO | User Name: rovo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717:75056eacb3]========== Processes (SafeList) ==========[/color:75056eacb3] PRC - [2012-04-27 16:19:11 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\rovo\Desktop\OTL.com PRC - [2012-04-09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2012-02-29 15:47:51 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2012-01-23 06:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2012-01-23 06:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011-12-24 14:46:57 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2011-07-29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2011-02-25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2011-01-12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2011-01-12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2010-12-08 14:42:32 | 010,811,696 | ---- | M] (www.BitComet.com) -- C:\Program Files\BitComet\BitComet.exe PRC - [2010-03-26 11:52:24 | 001,234,216 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe PRC - [2010-03-25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2009-07-27 04:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-04-11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008-01-19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007-09-24 11:41:02 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007-02-13 12:43:38 | 000,715,568 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007-02-13 12:43:36 | 001,600,304 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2006-11-02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe [color=#E56717:75056eacb3]========== Modules (No Company Name) ==========[/color:75056eacb3] MOD - [2012-04-11 19:19:57 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\48302596a8c8f2ab396b3be518dbd800\System.Web.ni.dll MOD - [2012-04-11 19:14:56 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll MOD - [2012-04-11 19:14:48 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll MOD - [2012-02-15 17:48:58 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll MOD - [2012-02-15 17:47:40 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll MOD - [2012-02-15 17:47:11 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll MOD - [2012-02-15 17:45:46 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll MOD - [2012-02-15 17:44:34 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll MOD - [2011-10-12 18:32:24 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2011-07-29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011-07-29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2010-08-31 16:17:13 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll MOD - [2009-03-31 20:04:19 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_nl_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009-03-31 20:04:19 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_nl_b77a5c561934e089\System.resources.dll MOD - [2009-03-31 20:04:18 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll MOD - [2008-05-27 03:24:59 | 001,675,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2768.38511__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2008-05-27 03:24:59 | 000,684,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2768.38708__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll MOD - [2008-05-27 03:24:59 | 000,360,448 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2768.38737__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2008-05-27 03:24:59 | 000,237,568 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2768.38469__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008-05-27 03:24:59 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2768.38524__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008-05-27 03:24:59 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2768.38729__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008-05-27 03:24:59 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2768.38688__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008-05-27 03:24:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2768.38502__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008-05-27 03:24:59 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2768.38625__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2008-05-27 03:24:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2768.38488__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2008-05-27 03:24:58 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2768.38767__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008-05-27 03:24:48 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.2768.38810__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll MOD - [2008-05-27 03:24:48 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2768.38696__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008-05-27 03:24:48 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2768.38773__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008-05-27 03:24:48 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2768.38701__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008-05-27 03:24:48 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2768.38482__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008-05-27 03:24:48 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.2768.38810__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2008-05-27 03:24:48 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2768.38695__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008-05-27 03:24:48 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2768.38760__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008-05-27 03:24:47 | 000,897,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2768.38730__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2008-05-27 03:24:47 | 000,790,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2768.38633__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008-05-27 03:24:47 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2768.38689__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll MOD - [2008-05-27 03:24:47 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2768.38536__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2008-05-27 03:24:47 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2768.38626__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008-05-27 03:24:47 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2768.38489__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2008-05-27 03:24:47 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2768.38715__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008-05-27 03:24:47 | 000,327,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2768.38619__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2008-05-27 03:24:47 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2768.38530__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008-05-27 03:24:47 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2768.38654__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2008-05-27 03:24:47 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2768.38632__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008-05-27 03:24:47 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2768.38625__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008-05-27 03:24:47 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2768.38542__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2008-05-27 03:24:47 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2768.38632__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008-05-27 03:24:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2768.38653__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2008-05-27 03:24:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2768.38674__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008-05-27 03:24:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2729.30202__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008-05-27 03:24:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2729.30197__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008-05-27 03:24:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2729.30224__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008-05-27 03:24:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2729.30212__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008-05-27 03:24:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2729.30222__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008-05-27 03:24:47 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008-05-27 03:24:46 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2729.30231__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008-05-27 03:24:46 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.2729.30255__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2008-05-27 03:24:46 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2729.30219__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll MOD - [2008-05-27 03:24:46 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2729.30226__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008-05-27 03:24:46 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2729.30178__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008-05-27 03:24:46 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2729.30199__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008-05-27 03:24:46 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2729.30231__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008-05-27 03:24:46 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008-05-27 03:24:46 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2729.30227__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008-05-27 03:24:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2729.30264__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008-05-27 03:24:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2729.30225__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008-05-27 03:24:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2729.30230__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008-05-27 03:24:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2729.30174__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008-05-27 03:24:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2729.30213__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008-05-27 03:24:46 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2729.30313__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008-05-27 03:24:46 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2729.30219__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2008-05-27 03:24:46 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2729.30259__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008-05-27 03:24:46 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2729.30184__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008-05-27 03:24:46 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2729.30262__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008-05-27 03:24:46 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2729.30228__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2008-05-27 03:24:46 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2729.30212__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008-05-27 03:24:46 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2729.30176__90ba9c70f846762e\AEM.Foundation.dll MOD - [2008-05-27 03:24:46 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008-05-27 03:24:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2729.30259__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008-05-27 03:24:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2729.30211__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008-05-27 03:24:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2729.30199__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008-05-27 03:24:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2729.30185__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008-05-27 03:24:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2729.30216__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2008-05-27 03:24:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2729.30208__90ba9c70f846762e\APM.Foundation.dll MOD - [2008-05-27 03:24:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2729.30207__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008-05-27 03:24:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2729.30242__90ba9c70f846762e\DEM.OS.dll MOD - [2008-05-27 03:24:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2729.30256__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008-05-27 03:24:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008-05-27 03:24:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2729.30203__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008-05-27 03:24:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2729.30216__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008-05-27 03:24:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2729.30241__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008-05-27 03:24:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2729.30201__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008-05-27 03:24:43 | 000,471,040 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2768.38497__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008-05-27 03:24:43 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2768.38752__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008-05-27 03:24:43 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2768.38460__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008-05-27 03:24:43 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2768.38750__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008-05-27 03:24:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2729.30193__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008-05-27 03:24:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2729.30209__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008-05-27 03:24:43 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2768.38796__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008-05-27 03:24:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2729.30188__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008-05-27 03:24:43 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2729.30258__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008-05-27 03:24:43 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2729.30211__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008-05-27 03:24:43 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2768.38458__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008-05-27 03:24:42 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2768.38477__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008-05-27 03:24:42 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2768.38461__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008-05-27 03:24:42 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2768.38460__90ba9c70f846762e\APM.Server.dll MOD - [2008-05-27 03:24:42 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2729.30205__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008-05-27 03:24:42 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2768.38751__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008-05-27 03:24:42 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008-05-27 03:24:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2729.30214__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008-05-27 03:24:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2729.30243__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2008-05-27 03:24:41 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2768.38458__90ba9c70f846762e\AEM.Server.dll MOD - [2007-08-20 07:29:44 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2007-03-02 12:44:34 | 000,073,728 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll MOD - [2007-02-13 12:33:58 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2007-02-13 12:14:18 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll [color=#E56717:75056eacb3]========== Win32 Services (SafeList) ==========[/color:75056eacb3] SRV - [2012-04-11 23:08:39 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-01-23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011-02-28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011-02-25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011-01-12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2011-01-12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2010-03-25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2008-05-27 03:35:17 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2008-01-19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717:75056eacb3]========== Driver Services (SafeList) ==========[/color:75056eacb3] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012-04-26 20:56:52 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2010-12-21 15:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm) DRV - [2010-12-21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2010-12-21 13:47:38 | 000,095,384 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr) DRV - [2008-05-04 12:22:40 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32) DRV - [2008-05-04 12:22:40 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007-10-29 11:40:28 | 001,062,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007-08-20 07:29:44 | 002,930,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2007-08-20 07:29:44 | 002,930,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2006-12-01 02:14:58 | 000,147,456 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerTun.sys -- (AVMNgTunM779) DRV - [2006-12-01 02:14:56 | 000,219,520 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerCap.sys -- (AVMNgCapM779) DRV - [2006-12-01 02:14:56 | 000,049,152 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerBas.sys -- (AVMNgBasM779) DRV - [2006-11-02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Stuurprogramma voor Intel(R) [color=#E56717:75056eacb3]========== Standard Registry (SafeList) ==========[/color:75056eacb3] [color=#E56717:75056eacb3]========== Internet Explorer ==========[/color:75056eacb3] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ${URL_STARTPAGE} IE - HKLM\..\URLSearchHook: {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DANL IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 47 8D B2 C3 3B CB 01 [binary data] IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\..\URLSearchHook: {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\..\SearchScopes\{562C79F0-9B48-4D97-9F44-7E9CEE154F35}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=nl_NL&apn_ptnrs=U3&apn_dtid=OSJ000YYNL&apn_uid=E38C041D-DC7B-4BAE-8BD8-12E0FA987816&apn_sauid=15ACF779-2668-4125-84FB-EA50A5AFC39A IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_nl&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=Oy-UmVaG4Wl8YNh4hVsGx_B2shc?q={searchTerms} IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727 IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=6080527 IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nickelodeon.nl/kanalen/18 IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1001\..\SearchScopes\{0A71213F-08C1-45D5-B5F4-008B3EEBAE5E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=nl_NL&apn_ptnrs=U3&apn_dtid=OSJ000YYNL&apn_uid=E38C041D-DC7B-4BAE-8BD8-12E0FA987816&apn_sauid=15ACF779-2668-4125-84FB-EA50A5AFC39A IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_nl&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1001\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=48J4eJtMNDzCT7JG9Efe8W0JA9E?q={searchTerms} IE - HKU\S-1-5-21-2002451365-2551685908-1787832852-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717:75056eacb3]========== FireFox ==========[/color:75056eacb3] FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1 FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\rovo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\rovo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-12-24 14:47:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-06 21:04:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-08-20 17:32:55 | 000,000,000 | ---D | M] [2011-08-11 11:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rovo\AppData\Roaming\mozilla\Extensions [2011-08-11 11:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rovo\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012-03-17 23:34:36 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM [color=#E56717:75056eacb3]========== Chrome ==========[/color:75056eacb3] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\rovo\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\rovo\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\rovo\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\rovo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Switch Proxy Plugin (Enabled) = C:\Users\rovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\1.0.11208.1_0\plugin/blackfishietab.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = D:\PFiles\Plugins\np-mswmp.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\rovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Zoeken = C:\Users\rovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: IE Tab = C:\Users\rovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\1.0.11208.1_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\rovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\rovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = C:\Users\rovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet) O2 - BHO: (PHPNukeDU Toolbar) - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll (Conduit Ltd.) O2 - BHO: (no name) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No CLSID value found. O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (PHPNukeDU Toolbar) - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\..\Toolbar\WebBrowser: (PHPNukeDU Toolbar) - {46735DEE-F862-49D1-876D-6382794DC625} - C:\Program Files\PHPNukeDU\tbPHPN.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-2002451365-2551685908-1787832852-1001\..\Toolbar\WebBrowser: (PHPNukeDU Toolbar) - {46735DEE-F862-49D1-876D-6382794DC625} - C:\Program Files\PHPNukeDU\tbPHPN.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2002451365-2551685908-1787832852-1001\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2002451365-2551685908-1787832852-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\System32\HCIMNTR.DLL (Logitech Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-21-2002451365-2551685908-1787832852-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-2002451365-2551685908-1787832852-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe (Adobe Systems Incorporated) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\S-1-5-21-2002451365-2551685908-1787832852-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2002451365-2551685908-1787832852-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2002451365-2551685908-1787832852-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: &D&ownload &met BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &D&ownload alles met BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-2002451365-2551685908-1787832852-1000\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKU\S-1-5-21-2002451365-2551685908-1787832852-1001\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-2002451365-2551685908-1787832852-1001\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C004F457-0FDE-484B-8327-860051AEB611}: DhcpNameServer = 212.54.40.25 212.54.35.25 O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\Users\rovo\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\rovo\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717:75056eacb3]========== Files/Folders - Created Within 30 Days ==========[/color:75056eacb3] [2012-04-27 16:19:10 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\rovo\Desktop\OTL.com [2012-04-27 14:07:25 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{C5DD41BA-A4C3-400E-9547-6B3F66CD2BBD} [2012-04-27 14:07:14 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{5CCEA419-8DBB-45BC-AE17-9C29AFA31E5A} [2012-04-26 20:56:19 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012-04-26 20:56:18 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Roaming\Malwarebytes [2012-04-26 20:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-04-26 20:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-04-26 20:55:33 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012-04-26 20:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012-04-26 19:35:33 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{481889AB-F072-4A53-B856-92028EDE439F} [2012-04-26 19:35:22 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{AFD78F6B-5DAF-47B2-9608-8238F6B7541C} [2012-04-26 14:38:58 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{F5A59FD7-D977-4B8C-93EE-5ABE1491CB89} [2012-04-26 14:38:48 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{01E17623-E9C6-471F-B5B1-21D0411CDDC9} [2012-04-26 14:34:59 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{741B4B5A-8266-4B94-9DA3-1C360114A06C} [2012-04-26 14:34:46 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{439C0958-EDFA-4186-9EB7-0B282F976AD7} [2012-04-25 21:44:47 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{42AC57FC-8D72-486E-AE44-A85472CF96AE} [2012-04-25 21:44:26 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{F25D1757-BF21-43CD-ADB6-846F4529DB15} [2012-04-24 20:33:06 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{EFA6CCBD-CF06-4C97-998C-CADD9B23B8F0} [2012-04-24 20:32:45 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{3DB06CE4-0EF3-4157-A11E-5BC6C843FAF6} [2012-04-24 20:31:59 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{635CDAC6-20F5-4D76-A3AE-56A49631AD21} [2012-04-24 20:31:37 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{D15695B2-77DB-4634-9BA9-106993E41B20} [2012-04-24 20:03:17 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{BC2FF2E9-6888-4651-B534-366409A74474} [2012-04-24 20:02:55 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{9F448D87-95D2-481C-8AC5-69A33D5B2C29} [2012-04-24 13:58:56 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{5F026E96-CF17-4E09-A77C-490D73F2C65D} [2012-04-24 13:58:47 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{C8CE7693-FCF9-4CC3-B27B-52CF9289EABA} [2012-04-24 13:58:26 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{5C40CAD4-9BDB-4D5A-98C6-077EAE5973A0} [2012-04-24 13:58:12 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{1C0ABA1E-0CED-41B4-A708-79DF55041CCB} [2012-04-24 09:24:04 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{CDFCC35A-E3EE-410A-8C88-634E5B31DF33} [2012-04-24 09:23:31 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{70305E8F-EF8D-47E4-BB59-AEF6530E8E71} [2012-04-23 20:38:41 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{DA0D8311-C7A9-4866-B476-2289B2B53C9C} [2012-04-23 20:28:50 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{5A5EED0A-803A-4FD4-BD6B-CF80AC86A695} [2012-04-23 20:28:28 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{CDC9EB72-9061-4207-BDC4-2F21DA397815} [2012-04-23 20:13:09 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{FAA6E3B8-80EE-4565-A1A8-0D93C685742A} [2012-04-23 20:12:48 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{222CC28C-9B93-482A-B513-8C5AC83700FF} [2012-04-23 16:12:52 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{536BECA0-2F63-4788-A02A-07267C32AA91} [2012-04-23 16:12:41 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{6C4A1BD9-4AF1-4BC3-9B89-E68D0308C88E} [2012-04-22 20:07:16 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{0FCA1ADF-7745-4438-A9FE-88C32FA591AC} [2012-04-22 20:07:06 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{C9A7410C-394B-4F53-8EBD-6070794C0D38} [2012-04-22 20:01:23 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{0A09529B-72FD-4559-8A34-66DDEF3C0B05} [2012-04-22 20:01:07 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{5888273F-23D3-4C89-BB35-753A28F6A31F} [2012-04-22 08:26:14 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{F4346912-8207-4E3E-80E8-4176DA82BEAB} [2012-04-22 08:26:03 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{0A75D40C-EBBD-4C86-B97A-FA7EB56669DC} [2012-04-21 21:40:18 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{FF30DCFA-19D3-47CD-B76F-D9BABDF3EDD5} [2012-04-21 21:40:08 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{80477308-8CF8-4EA9-A5DE-D7CBA2E1B191} [2012-04-21 19:42:44 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{039D2DD7-57EE-4273-97FD-9763347D6839} [2012-04-21 19:42:22 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{77952108-09C3-496F-938F-926B7C3033DF} [2012-04-21 08:36:37 | 000,000,000 | ---D | C] -- C:\Users\rovo\Documents\Mijn Dierenkliniek in Afrika [2012-04-21 08:36:27 | 000,108,144 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2012-04-21 08:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Braingame [2012-04-21 08:24:24 | 000,000,000 | ---D | C] -- C:\Program Files\Braingame [2012-04-21 07:42:43 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{E8CA59D7-0520-477B-B6E5-9A05B546E5B5} [2012-04-21 07:42:30 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{42C5E242-75EF-40A7-8464-DD746465DFD3} [2012-04-20 13:10:48 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{4B7FA70E-BB16-4F07-85FA-66AD8BB72876} [2012-04-19 16:08:59 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{56A87FDA-22DB-456C-9E74-A30ED21893B1} [2012-04-19 16:08:45 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{DB7AF46C-C98F-446E-9533-7797A82841DD} [2012-04-18 15:41:05 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{E649B5E8-CBCE-489F-A9D1-01A7076AF762} [2012-04-18 15:40:44 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{DA79FEA2-64F8-447D-A34D-42B3E6861692} [2012-04-18 03:41:06 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{FB1F75EB-237A-486B-9905-02CC91C9CD24} [2012-04-18 03:40:44 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{CDA9EBAB-2221-472A-B686-53D7BC44D934} [2012-04-17 15:40:51 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{C33ABD6E-3668-4D84-AFFB-8DD4D160F28B} [2012-04-16 20:39:59 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{A925F0F1-7A3A-43C1-88A4-03F3EED53DBB} [2012-04-16 20:39:39 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{A3647217-ADA0-4253-ADFF-E418DC682BFC} [2012-04-16 20:39:17 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{99C6B2A2-34F8-42E7-93CF-E993F862E8AF} [2012-04-16 20:38:53 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{754DE413-5500-4DF4-B906-82DA0BA7F331} [2012-04-16 09:15:22 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{5890DE25-9064-4612-9E8E-1B27DEE5BC02} [2012-04-16 09:15:11 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{79B49FAB-8FCB-4B2C-8FDB-FAF063A1E4F4} [2012-04-15 20:44:28 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{E8392B3D-2132-4148-BCE0-419D73045704} [2012-04-15 20:44:18 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{41735A9D-C846-4287-A1D4-CD24E7375A8B} [2012-04-15 13:45:21 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{A9F08262-30D2-4295-ADFA-BFB65E3D93DD} [2012-04-15 13:45:11 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{EE59EC4C-9760-4656-86D0-2E6D31EFCC7F} [2012-04-14 20:04:49 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{BC1BB1CA-9984-46FE-A7F0-2BDEACA198B9} [2012-04-14 20:04:38 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData\Local\{3F405EBF-B857-47D1-8F23-C6BDCA7D7B35} [2012-04-14 07:58:24 | 000,000,000 | ---D | C] -- C:\Users\rovo\AppData
  • Doe nu het volgende: [b:ffc3113caf]Welk programma[/b:ffc3113caf]: ComboFix [b:ffc3113caf]Waarvoor/waarom[/b:ffc3113caf]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:ffc3113caf]Moeilijkheidsgraad[/b:ffc3113caf]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:ffc3113caf]Downloadlokatie[/b:ffc3113caf]: Dit programma absoluut naar het bureaublad downloaden! [b:ffc3113caf]Download ComboFix via één van deze locaties[/b:ffc3113caf]: [list:ffc3113caf][*:ffc3113caf][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:ffc3113caf]Bleepingcomputer[/b:ffc3113caf][/url] [*:ffc3113caf][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:ffc3113caf]ForoSpyware[/b:ffc3113caf][/url] [*:ffc3113caf][url=http://subs.geekstogo.com/ComboFix.exe][b:ffc3113caf]Geekstogo[/b:ffc3113caf][/url][/list:u:ffc3113caf] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:ffc3113caf]Hier[/b:ffc3113caf][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:ffc3113caf]Hier[/b:ffc3113caf][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:ffc3113caf]hier[/b:ffc3113caf][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:ffc3113caf]Voor alle duidelijkheid nogmaals[/b:ffc3113caf]: ComboFix dient vanaf het bureaublad gestart te worden. [b:ffc3113caf]Opmerkingen[/b:ffc3113caf]: [list:ffc3113caf][*:ffc3113caf] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:ffc3113caf]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:ffc3113caf]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:ffc3113caf] [b:ffc3113caf]ComboFix is opgestart[/b:ffc3113caf]: [list:ffc3113caf][*:ffc3113caf]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:ffc3113caf]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:ffc3113caf]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:ffc3113caf]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:ffc3113caf]Post de inhoud van dit logbestand in je volgende bericht. [*:ffc3113caf]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:ffc3113caf] [b:ffc3113caf]Belangrijke opmerking[/b:ffc3113caf]: [list:ffc3113caf][*:ffc3113caf][b:ffc3113caf][color=Red:ffc3113caf]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:ffc3113caf][/b:ffc3113caf] [*:ffc3113caf][b:ffc3113caf][color=blue:ffc3113caf]Illegal operation attempted on a registery key that has been marked for deletion.[/color:ffc3113caf][/b:ffc3113caf] [*:ffc3113caf][b:ffc3113caf][color=Red:ffc3113caf]Start dan de computer opnieuw op.[/color:ffc3113caf][/b:ffc3113caf][/list:u:ffc3113caf]
  • na het downloaden van combofix ging mijn computer op zwart hij stond nog wel aan alleen het beeldscherm was zwart na een tijdje zo te laten heb hem weer op gestart en was er een log bestand op mijn desktop geplaatst desktop.ini [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769 IconResource=%SystemRoot%\system32\imageres.dll,-183
  • Desktop.ini heeft niks met ComboFix te maken. Dat is een Windows bestand, dat nu even zichtbaar is vanwege instellingen door ComboFix gedaan. Niet verwijderen dus. Kijk zoals in de handleiding al staat aangegeven naar C:\Combofix.txt. Post de inhoud daarvan!
  • ComboFix 12-04-28.01 - rovo 28-04-2012 10:22:12.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3582.2157 [GMT 2:00] Gestart vanuit: c:\users\rovo\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\rovo\Documents\~WRL0016.tmp c:\users\rovo\Documents\~WRL0220.tmp c:\users\rovo\Documents\~WRL0454.tmp c:\users\rovo\Documents\~WRL0619.tmp c:\users\rovo\Documents\~WRL1092.tmp c:\users\rovo\Documents\~WRL1428.tmp c:\users\rovo\Documents\~WRL1755.tmp c:\users\rovo\Documents\~WRL1898.tmp c:\users\rovo\Documents\~WRL2041.tmp c:\users\rovo\Documents\~WRL2415.tmp c:\users\rovo\Documents\~WRL2822.tmp c:\users\rovo\Documents\~WRL2857.tmp c:\users\rovo\Documents\~WRL2911.tmp c:\users\rovo\Documents\~WRL3084.tmp c:\users\rovo\Documents\~WRL3218.tmp c:\users\rovo\Documents\~WRL3509.tmp c:\users\rovo\Documents\~WRL3640.tmp c:\users\rovo\Documents\~WRL3676.tmp c:\users\rovo\Documents\~WRL3929.tmp c:\windows\IsUn0413.exe c:\windows\system32\aac_parser.ax c:\windows\system32\ac3file.ax c:\windows\system32\ac3filter.ax c:\windows\system32\AVerCP.ax c:\windows\system32\avi2ac3filter.ax c:\windows\system32\bdaplgin.ax c:\windows\system32\cdxareader.ax c:\windows\system32\cero.rs c:\windows\system32\CoreAAC.ax c:\windows\system32\CoreVorbis.ax c:\windows\system32\DCBassSource.ax c:\windows\system32\DivXDecH264.ax c:\windows\system32\dtsac3source.ax c:\windows\system32\esrb.rs c:\windows\system32\ffdshow.ax c:\windows\system32\FLVSplitter.ax c:\windows\system32\g711codc.ax c:\windows\system32\grb.rs c:\windows\system32\iac25_32.ax c:\windows\system32\ir41_32.ax c:\windows\system32\ivfsrc.ax c:\windows\system32\Ivinav.ax c:\windows\system32\IVIVIDEO.ax c:\windows\system32\ksproxy.ax c:\windows\system32\kstvtune.ax c:\windows\system32\Kswdmcap.ax c:\windows\system32\ksxbar.ax c:\windows\system32\Mpeg2Data.ax c:\windows\system32\mpg2splt.ax c:\windows\system32\MSDvbNP.ax c:\windows\system32\MSNP.ax c:\windows\system32\oflc.rs c:\windows\system32\OggSplitter.ax c:\windows\system32\pegi-fi.rs c:\windows\system32\pegi-pt.rs c:\windows\system32\pegi.rs c:\windows\system32\pegibbfc.rs c:\windows\system32\psisrndr.ax c:\windows\system32\RealMediaSplitter.ax c:\windows\system32\RLOFRDec.ax c:\windows\system32\SCLAudio.ax c:\windows\system32\SCLVideo.ax c:\windows\system32\SPCC1011.ocx c:\windows\system32\splitter.ax c:\windows\system32\tm20dec.ax c:\windows\system32\usk.rs c:\windows\system32\VBICodec.ax c:\windows\system32\vbisurf.ax c:\windows\system32\vidcap.ax c:\windows\system32\vp6dec.ax c:\windows\system32\vp7dec.ax c:\windows\system32\WEB.rs c:\windows\system32\WSTPager.ax c:\windows\unin0413.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-03-28 to 2012-04-28 )))))))))))))))))))))))))))))) . . 2012-04-28 08:28 . 2012-04-28 08:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-28 08:28 . 2012-04-28 08:28 -------- d-----w- c:\users\dave\AppData\Local\temp 2012-04-28 08:28 . 2012-04-28 08:28 -------- d-----w- c:\users\dave.PC_van_rovo\AppData\Local\temp 2012-04-27 12:13 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{115B4132-084D-48F3-9F9D-887EB5697BE9}\mpengine.dll 2012-04-26 18:56 . 2012-04-26 18:56 -------- d-----w- c:\users\rovo\AppData\Roaming\Malwarebytes 2012-04-26 18:55 . 2012-04-26 18:55 -------- d-----w- c:\programdata\Malwarebytes 2012-04-26 18:55 . 2012-04-26 18:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-26 18:55 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-21 06:36 . 2012-04-21 06:36 108144 ----a-w- c:\windows\system32\CmdLineExt.dll 2012-04-21 06:24 . 2012-04-21 06:24 -------- d-----w- c:\program files\Braingame 2012-04-11 21:08 . 2012-04-11 21:08 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-11 17:18 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-11 17:18 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll 2012-04-11 17:18 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-11 17:18 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-11 17:18 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 17:18 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-31 06:01 . 2012-03-31 06:01 -------- d-----w- c:\program files\Mindscape 2012-03-29 15:12 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-11 21:08 . 2011-06-07 16:34 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-23 08:18 . 2010-07-21 14:38 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-14 15:45 . 2012-03-14 16:40 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-02-14 15:45 . 2012-03-14 16:40 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-02-13 14:12 . 2012-03-14 16:40 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-02-13 13:47 . 2012-03-14 16:40 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-02-13 13:44 . 2012-03-14 16:40 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-02-02 15:16 . 2012-03-14 16:40 2044416 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272] "{46735dee-f862-49d1-876d-6382794dc625}"= "c:\program files\PHPNukeDU\tbPHPN.dll" [2010-06-13 2734688] "{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-06-13 2734688] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}] . [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46735dee-f862-49d1-876d-6382794dc625}] 2010-06-13 17:10 2734688 ----a-w- c:\program files\PHPNukeDU\tbPHPN.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}] 2010-06-13 17:10 2734688 ----a-w- c:\program files\Zynga\tbZyng.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-04-09 15:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{46735dee-f862-49d1-876d-6382794dc625}"= "c:\program files\PHPNukeDU\tbPHPN.dll" [2010-06-13 2734688] "{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-06-13 2734688] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272] . [HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}] . [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{46735DEE-F862-49D1-876D-6382794DC625}"= "c:\program files\PHPNukeDU\tbPHPN.dll" [2010-06-13 2734688] "{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-06-13 2734688] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272] . [HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}] . [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-27 68856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-24 4452352] "Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-31 30192] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2011-05-13 884584] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312] "NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184] "TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-12-24 296056] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-04-09 1557160] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-3-29 113664] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-05-27 01:35 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 253600] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 21:08] . 2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 14:12] . 2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 14:12] . 2012-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002451365-2551685908-1787832852-1000Core.job - c:\users\rovo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-05 17:17] . 2012-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002451365-2551685908-1787832852-1000UA.job - c:\users\rovo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-05 17:17] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.startpagina.nl/ mStart Page = ${URL_STARTPAGE} IE: &D&ownload &met BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload alles met BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\windows\system32\wpclsp.dll TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-LEGO Creator - c:\windows\IsUn0413.exe AddRemove-LEGO LOCO - c:\windows\IsUn0413.exe AddRemove-LEGOLANDDeInstKey - c:\windows\unin0413.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-28 10:52 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(5504) c:\windows\system32\btmmhook.dll c:\windows\system32\btncopy.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe c:\program files\Windows Live\Family Safety\fsssvc.exe c:\program files\Nero\Update\NASvc.exe c:\program files\Microsoft\BingBar\SeaPort.EXE c:\program files\TomTom HOME 2\TomTomHOMEService.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\WUDFHost.exe c:\windows\ehome\ehsched.exe c:\windows\ehome\ehRecvr.exe c:\windows\system32\conime.exe c:\windows\RtHDVCpl.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE c:\windows\ehome\ehmsas.exe c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Voltooingstijd: 2012-04-28 10:56:45 - machine werd herstart ComboFix-quarantined-files.txt 2012-04-28 08:56 . Pre-Run: 109.971.521.536 bytes beschikbaar Post-Run: 119.792.578.560 bytes beschikbaar . - - End Of File - - F04D1215CA9BD4FF0D21D32CF64BFF7E
  • Hallo Sanneke, ik heb het idee, dat er een of ander vreemd codec pack door jou of de andere gebruiker was geïnstalleerd. We gaan Combofix via script gebruiken. Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:a8e29dc413]Kladblok (of Notepad)[/b:a8e29dc413]". Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:a8e29dc413][color=#0000FF:a8e29dc413]ClearJavaCache:: File:: c:\program files\Windows Live\Family Safety\fsssvc.exe Folder:: c:\program files\Ask.com c:\program files\PHPNukeDU c:\program files\Zynga[/color:a8e29dc413][/b:a8e29dc413] Sla dit kladblokbestand op je bureaublad op als [b:a8e29dc413]CFScript.txt[/b:a8e29dc413]. [b:a8e29dc413][color=#FF0000:a8e29dc413]Nu eerst de antivirus en eventuele spywarescanners deaktiveren![/color:a8e29dc413][/b:a8e29dc413] [color=#008000:a8e29dc413][b:a8e29dc413]Zorg ook ervoor dat alle andere openstaande vensters gesloten zijn, ook de webbrowser.[/b:a8e29dc413][/color:a8e29dc413] Sleep CFScript.txt in ComboFix.exe [img:a8e29dc413]http://crew.nucia.eu/smeenk/CFScript.gif[/img:a8e29dc413] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix-log dat na het opnieuw starten wordt getoond. Ingeval Combofix je computer opnieuw heeft opgestart (of jij dat hebt gedaan), vindt je het log ook in [b:a8e29dc413]C:\Combofix.txt[/b:a8e29dc413] [b:a8e29dc413]Belangrijke opmerking[/b:a8e29dc413]: [list:a8e29dc413][*:a8e29dc413][b:a8e29dc413][color=#FF0000:a8e29dc413]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:a8e29dc413][/b:a8e29dc413] [*:a8e29dc413][b:a8e29dc413][color=#0000FF:a8e29dc413]Illegal operation attempted on a registery key that has been marked for deletion.[/color:a8e29dc413][/b:a8e29dc413] [*:a8e29dc413][b:a8e29dc413][color=#FF0000:a8e29dc413]Start dan de computer opnieuw op.[/color:a8e29dc413][/b:a8e29dc413][/list:u:a8e29dc413]
  • ComboFix 12-04-28.01 - rovo 28-04-2012 14:05:36.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3582.2231 [GMT 2:00] Gestart vanuit: c:\users\rovo\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\rovo\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\program files\Windows Live\Family Safety\fsssvc.exe" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Ask.com c:\program files\Ask.com\assets\oobe\b.png c:\program files\Ask.com\assets\oobe\bl.png c:\program files\Ask.com\assets\oobe\br.png c:\program files\Ask.com\assets\oobe\l.png c:\program files\Ask.com\assets\oobe\pointer.png c:\program files\Ask.com\assets\oobe\r.png c:\program files\Ask.com\assets\oobe\t.png c:\program files\Ask.com\assets\oobe\tl.png c:\program files\Ask.com\assets\oobe\tr.png c:\program files\Ask.com\cobrand.ico c:\program files\Ask.com\config.xml c:\program files\Ask.com\favicon.ico c:\program files\Ask.com\GenericAskToolbar.dll c:\program files\Ask.com\mupcfg.xml c:\program files\Ask.com\precache.exe c:\program files\Ask.com\SaUpdate.exe c:\program files\Ask.com\Updater\config.xml c:\program files\Ask.com\Updater\Updater.exe c:\program files\Ask.com\UpdateTask.exe c:\program files\PHPNukeDU c:\program files\PHPNukeDU\INSTALL.LOG c:\program files\PHPNukeDU\PHPNukeDUToolbarHelper.exe c:\program files\PHPNukeDU\tbPHPN.dll c:\program files\PHPNukeDU\toolbar.cfg c:\program files\PHPNukeDU\UNWISE.EXE c:\program files\Windows Live\Family Safety\fsssvc.exe c:\program files\Zynga c:\program files\Zynga\INSTALL.LOG c:\program files\Zynga\tbZyng.dll c:\program files\Zynga\toolbar.cfg c:\program files\Zynga\UNWISE.EXE c:\program files\Zynga\ZyngaToolbarHelper.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_fsssvc . . (((((((((((((((((((( Bestanden Gemaakt van 2012-03-28 to 2012-04-28 )))))))))))))))))))))))))))))) . . 2012-04-28 12:10 . 2012-04-28 12:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-28 12:10 . 2012-04-28 12:10 -------- d-----w- c:\users\dave\AppData\Local\temp 2012-04-28 12:10 . 2012-04-28 12:10 -------- d-----w- c:\users\dave.PC_van_rovo\AppData\Local\temp 2012-04-27 12:13 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{115B4132-084D-48F3-9F9D-887EB5697BE9}\mpengine.dll 2012-04-26 18:56 . 2012-04-26 18:56 -------- d-----w- c:\users\rovo\AppData\Roaming\Malwarebytes 2012-04-26 18:55 . 2012-04-26 18:55 -------- d-----w- c:\programdata\Malwarebytes 2012-04-26 18:55 . 2012-04-26 18:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-26 18:55 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-21 06:36 . 2012-04-21 06:36 108144 ----a-w- c:\windows\system32\CmdLineExt.dll 2012-04-21 06:24 . 2012-04-21 06:24 -------- d-----w- c:\program files\Braingame 2012-04-11 21:08 . 2012-04-11 21:08 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-11 17:18 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-11 17:18 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-31 06:01 . 2012-03-31 06:01 -------- d-----w- c:\program files\Mindscape 2012-03-29 15:12 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-11 21:08 . 2011-06-07 16:34 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-06 06:39 . 2012-04-11 17:18 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-06 06:39 . 2012-04-11 17:18 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-02-29 15:11 . 2012-04-11 17:18 5120 ----a-w- c:\windows\system32\wmi.dll 2012-02-29 15:11 . 2012-04-11 17:18 172032 ----a-w- c:\windows\system32\wintrust.dll 2012-02-28 11:30 . 2012-04-11 17:12 916992 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 08:08 . 2012-04-11 17:12 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-23 08:18 . 2010-07-21 14:38 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-14 15:45 . 2012-03-14 16:40 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-02-14 15:45 . 2012-03-14 16:40 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-02-13 14:12 . 2012-03-14 16:40 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-02-13 13:47 . 2012-03-14 16:40 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-02-13 13:44 . 2012-03-14 16:40 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-02-02 15:16 . 2012-03-14 16:40 2044416 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-27 68856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-24 4452352] "Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-31 30192] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2011-05-13 884584] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312] "NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184] "TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-12-24 296056] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-3-29 113664] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-05-27 01:35 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 253600] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 21:08] . 2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 14:12] . 2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 14:12] . 2012-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002451365-2551685908-1787832852-1000Core.job - c:\users\rovo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-05 17:17] . 2012-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002451365-2551685908-1787832852-1000UA.job - c:\users\rovo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-05 17:17] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.startpagina.nl/ mStart Page = ${URL_STARTPAGE} IE: &D&ownload &met BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload alles met BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\windows\system32\wpclsp.dll TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 . - - - - ORPHANS VERWIJDERD - - - - . URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll URLSearchHooks-{46735dee-f862-49d1-876d-6382794dc625} - c:\program files\PHPNukeDU\tbPHPN.dll URLSearchHooks-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\Zynga\tbZyng.dll BHO-{46735dee-f862-49d1-876d-6382794dc625} - c:\program files\PHPNukeDU\tbPHPN.dll BHO-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\Zynga\tbZyng.dll BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll Toolbar-{46735dee-f862-49d1-876d-6382794dc625} - c:\program files\PHPNukeDU\tbPHPN.dll Toolbar-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\Zynga\tbZyng.dll Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll WebBrowser-{46735DEE-F862-49D1-876D-6382794DC625} - c:\program files\PHPNukeDU\tbPHPN.dll WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - c:\program files\Zynga\tbZyng.dll WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe AddRemove-PHPNukeDU Toolbar - c:\progra~1\PHPNUK~1\UNWISE.EXE AddRemove-Zynga Toolbar - c:\progra~1\Zynga\UNWISE.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-28 14:15 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(3664) c:\windows\system32\btmmhook.dll c:\windows\system32\btncopy.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe c:\program files\Nero\Update\NASvc.exe c:\program files\Microsoft\BingBar\SeaPort.EXE c:\program files\TomTom HOME 2\TomTomHOMEService.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conime.exe c:\windows\RtHDVCpl.exe c:\windows\system32\msiexec.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE c:\windows\ehome\ehmsas.exe c:\windows\ehome\ehsched.exe c:\windows\ehome\ehRecvr.exe c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\Windows Live\Family Safety\fsssvc.exe . ************************************************************************** . Voltooingstijd: 2012-04-28 14:23:48 - machine werd herstart ComboFix-quarantined-files.txt 2012-04-28 12:23 ComboFix2.txt 2012-04-28 08:56 . Pre-Run: 119.821.709.312 bytes beschikbaar Post-Run: 119.619.514.368 bytes beschikbaar . - - End Of File - - 827A8D91514BA1796AFAC7539156548D
  • Hoi Sanneke, vertel hoe het nu gaat.
  • hoi abraham aan mijn computer is niets te zien hij doet wat hij moet doen en wat ik wil maar wat ik niet snap waarom mijn computer een melding gaf dat er trojans en adware op stonden maar uit de dingen die ik van jou moest doen was daar niets van te zien volgens mij of zie ik het verkeerd en waren die dingen meteen verwijderd want ik hoorde jou er ook niets over
  • sorry ik was vergeten te zeggen dat dit alles was na het openen van een mail
  • Lol. Waarom denk je nu dat ik je al een paar dingen vroeg en als antwoord nu een vraag krijg. Eerstens, ik heb eerder een vermoeden uitgesproken over een gebruikt codex-pack. Klopt dat? Zoja, weet je nog welk pakket dat was? En ben je ondertussen nu de meldingen over malware kwijt. Want ComboFix heeft ondertussen wel het een en ander uit jouw Windows verwijderd.
  • ik heb wel een codex-pack gedownload maar weet niet meer welke en ik heb geen meldingen meer bedankt voor je inzet ben er blij mee

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.