Vraag & Antwoord

Beveiliging & privacy

log na combofix (na TDSS ivm MEbroot.A)

31 antwoorden
  • Hoi Allemaal, Door een melding bij Avira antivirus en het niet verwijdert krijgen van het probleem ben ik op deze site terecht gekomen en een topic gevonden waarin hetzelfde verhaal speelde. Om dat topic niet te vervuilen ben ik een nieuw topic gestart. Mijn naam is Angelique en werk dagelijks op mijn werk als CAD-tekenaar. Maar tot zover reikt dan ook mijn computerkennis. Via Google al een boel zaken opgelost gekregen, maar dit lijkt me toch een vrij hardnekkig iets. Als tip in het andere topic en de daar voorgestelde stappen heb ik bovengenoemde programma' s (zoals genoemd in het onderwerp)laten lopen. Wat ieder geval al opvalt is, dat de window start en afsluitgeluidjes weer aanwezig zijn. Deze heb ik maanden niet meer gehoord. Er zijn echter niet maanden problemen geweest. In feite waren er (met internet en outlook) pas de laatste paar dagen problemen. na de combofix is dit de logfile; Kan iemand mij vertellen of er nog iets dreigends op mijn pc zit? Alvast bedankt ComboFix 12-05-23.05 - Angelique 23-05-2012 18:42:55.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1505 [GMT 2:00] Gestart vanuit: c:\documents and settings\Angelique\Bureaublad\ComboFix.exe AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\h8srtmainqt.dll c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Marc\ntuser.tmp c:\documents and settings\Marc\WINDOWS c:\recycle.bin\B6232F3AE5B.exe c:\windows\system32\dllcache\dlimport.exe c:\windows\system32\SET4F.tmp c:\windows\system32\SET5B.tmp c:\windows\system32\UNWISE.EXE . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_xcpip . . (((((((((((((((((((( Bestanden Gemaakt van 2012-04-23 to 2012-05-23 )))))))))))))))))))))))))))))) . . 2012-05-23 16:49 . 2012-05-23 16:49 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2012-05-23 16:27 . 2012-05-23 16:27 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-23 06:06 . 2012-05-23 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\REPORTS 2012-05-23 06:06 . 2012-05-23 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\LOGFILES 2012-05-23 06:06 . 2012-05-23 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\INFECTED 2012-05-23 05:38 . 2012-05-23 05:38 -------- d-----w- c:\documents and settings\Angelique\Application Data\Avira 2012-05-23 05:32 . 2012-02-03 13:28 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-05-23 05:32 . 2012-02-03 13:28 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-05-23 05:24 . 2012-05-23 05:24 -------- d-----w- c:\windows\system32\Adobe 2012-05-23 05:23 . 2012-05-23 05:23 -------- d-----w- c:\program files\Avira 2012-05-23 05:23 . 2012-05-23 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2012-05-23 05:19 . 2012-05-23 05:22 -------- d-----w- c:\documents and settings\Angelique\Local Settings\Application Data\Babylon 2012-05-23 05:15 . 2012-05-23 05:15 -------- d-----w- c:\documents and settings\Angelique\Local Settings\Application Data\LogMeIn 2012-05-23 05:15 . 2012-05-23 05:47 -------- d-----w- c:\documents and settings\Angelique\Local Settings\Application Data\AskToolbar 2012-05-23 05:15 . 2012-05-23 16:47 -------- d-----w- c:\documents and settings\Angelique\Application Data\Babylon . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-11 13:55 . 2004-08-03 23:58 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:55 . 2004-09-13 12:52 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:55 . 2004-09-13 12:52 1862400 ----a-w- c:\windows\system32\win32k.sys 2012-03-01 11:00 . 2004-09-13 12:52 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:00 . 2004-09-13 12:52 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 11:00 . 2004-09-13 12:52 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 2004-09-13 12:52 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2004-09-13 12:52 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17 . 2004-09-13 12:52 385024 ------w- c:\windows\system32\html.iec 2010-03-31 08:09 . 2010-03-31 08:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll 2010-04-08 10:36 . 2010-04-08 10:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll 2012-03-02 22:53 . 2011-09-09 17:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-03 15:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-13 8523776] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-11-28 1036288] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-11 63048] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272] "Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2012-01-03 3184240] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-02-03 258512] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2011-07-06 14:32 87424 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Papyrus\\NASCAR Racing 2003 Season\\NR2003.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"= "c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Opera\\opera.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1947:TCP"= 1947:TCP:HASP SRM "1947:UDP"= 1947:UDP:HASP SRM "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R?2 AntiVirSchedulerService;Avira Planner;c:\program files\Avira\AntiVir Desktop\sched.exe [23-5-2012 7:32 86224] R?2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27-1-2010 19:33 64288] R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [23-5-2012 7:32 36000] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [20-6-2007 15:30 79168] R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21-10-2011 16:23 196176] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13-10-2011 18:21 249648] R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [6-7-2011 16:32 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11-1-2011 19:04 12856] R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [27-4-2007 1:00 316992] R2 TrueSwordSchedulerService;True Sword 5 Scheduler;c:\program files\True Sword 5\TrueSwordSchedule.exe [15-8-2011 19:48 828416] S?2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 7:58 135664] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [5-7-2010 22:59 16512] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 7:58 135664] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28-1-2010 8:26 22216] S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [25-3-2009 19:02 34760] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504] S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28-1-2010 8:26 366152] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . Inhoud van de 'Gedeelde Taken' map . 2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 05:58] . 2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 05:58] . 2012-05-19 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20] . 2012-04-05 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20] . 2012-05-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2012-01-03 15:31] . 2012-05-23 c:\windows\Tasks\User_Feed_Synchronization-{E9AF3B0A-C52E-445B-845F-676F41AB08FF}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\documents and settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\ . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe HKCU-Run-4Y3Y0C3AUF7W0E6DHHTVE - c:\recycle.bin\B6232F3AE5B.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-23 18:52 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¤–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(752) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'explorer.exe'(3324) c:\docume~1\ANGELI~1\LOCALS~1\Temp\catchme.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\hasplms.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\wscntfy.exe c:\windows\system32\imapi.exe c:\program files\Babylon\Babylon-Pro\TC\BabylonTC.exe . ************************************************************************** . Voltooingstijd: 2012-05-23 18:53:08 - machine werd herstart ComboFix-quarantined-files.txt 2012-05-23 16:52 . Pre-Run: 102.380.843.008 bytes beschikbaar Post-Run: 103.763.951.616 bytes beschikbaar . WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 5844918FFC6920616484C4A5C4CBC699 [i:df90b591c3][/i:df90b591c3]
  • Hallo Angelique, ik zie dat jij TDSSKiller ook gebruikt hebt. Het gebruik zonder aanwijzingen van dit soort sterke tools is af te raden. Kijk nu of jij een op dit [b:c534974da3]C:\TDSSKiller.2.5.12.0_23.05.2012_10.45.13_log.txt[/b:c534974da3] lijkend bestand vindt. Zoja dan graag de inhoud van dat log in je volgende bericht posten.
  • oh... :o Ik zag dat wel staan bij de combofix in de (in de link te vinden) handleiding, maar niet bij de tdsskiller. En omdat in de combofix een herstelpunt werd aangemaakt leek het mij niet zo heel veek kwaad te kunnen. Aangezien het exact hetzelfde probleem leek te zijn, dacht ik dat het geen kwaad kon. Wil zo min mogelijk zelfde vragen stellen, vandaar............ Maar de volgende keer toch maar direct een post starten, of beter nog..............voorkomen dat het nog eens voorkomt :D Bijgaand de gevraagde log 18:25:56.0265 2244 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30 18:25:56.0656 2244 ============================================================ 18:25:56.0656 2244 Current date / time: 2012/05/23 18:25:56.0656 18:25:56.0656 2244 SystemInfo: 18:25:56.0656 2244 18:25:56.0656 2244 OS Version: 5.1.2600 ServicePack: 3.0 18:25:56.0656 2244 Product type: Workstation 18:25:56.0656 2244 ComputerName: CP-597526-A 18:25:56.0656 2244 UserName: Angelique 18:25:56.0656 2244 Windows directory: C:\WINDOWS 18:25:56.0656 2244 System windows directory: C:\WINDOWS 18:25:56.0656 2244 Processor architecture: Intel x86 18:25:56.0656 2244 Number of processors: 2 18:25:56.0656 2244 Page size: 0x1000 18:25:56.0656 2244 Boot type: Normal boot 18:25:56.0656 2244 ============================================================ 18:25:57.0328 2244 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 18:25:57.0375 2244 Drive \Device\Harddisk5\DR11 - Size: 0x1DD200000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 18:25:57.0375 2244 ============================================================ 18:25:57.0375 2244 \Device\Harddisk0\DR0: 18:25:57.0375 2244 MBR partitions: 18:25:57.0375 2244 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0x129D9EB1 18:25:57.0375 2244 \Device\Harddisk5\DR11: 18:25:57.0375 2244 MBR partitions: 18:25:57.0375 2244 \Device\Harddisk5\DR11\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEE7080 18:25:57.0375 2244 ============================================================ 18:25:57.0421 2244 C: <-> \Device\Harddisk0\DR0\Partition0 18:25:57.0421 2244 ============================================================ 18:25:57.0421 2244 Initialize success 18:25:57.0421 2244 ============================================================ 18:26:21.0515 3284 ============================================================ 18:26:21.0515 3284 Scan started 18:26:21.0515 3284 Mode: Manual; SigCheck; TDLFS; 18:26:21.0515 3284 ============================================================ 18:26:22.0046 3284 Abiosdsk - ok 18:26:22.0062 3284 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 18:26:22.0218 3284 abp480n5 - ok 18:26:22.0265 3284 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 18:26:22.0343 3284 ACPI - ok 18:26:22.0375 3284 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys 18:26:22.0468 3284 ACPIEC - ok 18:26:22.0515 3284 ADIHdAudAddService (0f0a69496989912351284bb1baa2ce57) C:\WINDOWS\system32\drivers\ADIHdAud.sys 18:26:22.0531 3284 ADIHdAudAddService - ok 18:26:22.0562 3284 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 18:26:22.0656 3284 adpu160m - ok 18:26:22.0703 3284 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 18:26:22.0781 3284 aec - ok 18:26:22.0828 3284 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 18:26:22.0906 3284 AFD - ok 18:26:22.0937 3284 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 18:26:23.0031 3284 agp440 - ok 18:26:23.0031 3284 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 18:26:23.0125 3284 agpCPQ - ok 18:26:23.0140 3284 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 18:26:23.0218 3284 Aha154x - ok 18:26:23.0218 3284 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 18:26:23.0312 3284 aic78u2 - ok 18:26:23.0312 3284 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 18:26:23.0406 3284 aic78xx - ok 18:26:23.0453 3284 aksfridge (cb5a5079744a0535416d3a5e462c5efe) C:\WINDOWS\system32\drivers\aksfridge.sys 18:26:23.0578 3284 aksfridge - ok 18:26:23.0640 3284 akshasp (1a27f5555448cc2d29d281b11f39177e) C:\WINDOWS\system32\DRIVERS\akshasp.sys 18:26:23.0656 3284 akshasp - ok 18:26:23.0671 3284 aksusb (b4ad9f5d78f27e0c6994e0cb05c60e21) C:\WINDOWS\system32\DRIVERS\aksusb.sys 18:26:23.0671 3284 aksusb - ok 18:26:23.0718 3284 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll 18:26:23.0796 3284 Alerter - ok 18:26:23.0828 3284 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe 18:26:23.0875 3284 ALG - ok 18:26:23.0906 3284 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 18:26:24.0015 3284 AliIde - ok 18:26:24.0031 3284 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 18:26:24.0109 3284 alim1541 - ok 18:26:24.0156 3284 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 18:26:24.0234 3284 amdagp - ok 18:26:24.0281 3284 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 18:26:24.0343 3284 amsint - ok 18:26:24.0546 3284 AntiVirSchedulerService (280c41d70b16dc6af4235ff7000e5cd3) C:\Program Files\Avira\AntiVir Desktop\sched.exe 18:26:24.0562 3284 AntiVirSchedulerService - ok 18:26:24.0578 3284 AntiVirService (e545beff703229a10b56026b83add8b4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 18:26:24.0593 3284 AntiVirService - ok 18:26:24.0625 3284 AppMgmt (434a70fa278eb3c42140e3755c2fa4f8) C:\WINDOWS\System32\appmgmts.dll 18:26:24.0671 3284 AppMgmt - ok 18:26:24.0718 3284 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 18:26:24.0796 3284 asc - ok 18:26:24.0812 3284 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 18:26:24.0859 3284 asc3350p - ok 18:26:24.0875 3284 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 18:26:25.0000 3284 asc3550 - ok 18:26:25.0046 3284 ASFIPmon (6295dd28d0ecbc4e6e450c279fef5ed9) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe 18:26:25.0046 3284 ASFIPmon - ok 18:26:25.0109 3284 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys 18:26:25.0125 3284 ASPI ( UnsignedFile.Multi.Generic ) - warning 18:26:25.0125 3284 ASPI - detected UnsignedFile.Multi.Generic (1) 18:26:25.0265 3284 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 18:26:25.0281 3284 aspnet_state - ok 18:26:25.0328 3284 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 18:26:25.0406 3284 AsyncMac - ok 18:26:25.0437 3284 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 18:26:25.0531 3284 atapi - ok 18:26:25.0546 3284 Atdisk - ok 18:26:25.0546 3284 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 18:26:25.0640 3284 Atmarpc - ok 18:26:25.0687 3284 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll 18:26:25.0781 3284 AudioSrv - ok 18:26:25.0828 3284 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 18:26:25.0906 3284 audstub - ok 18:26:25.0953 3284 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 18:26:26.0000 3284 avgntflt - ok 18:26:26.0031 3284 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys 18:26:26.0046 3284 avipbb - ok 18:26:26.0078 3284 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys 18:26:26.0078 3284 avkmgr - ok 18:26:26.0125 3284 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 18:26:26.0125 3284 b57w2k - ok 18:26:26.0187 3284 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys 18:26:26.0187 3284 BASFND ( UnsignedFile.Multi.Generic ) - warning 18:26:26.0187 3284 BASFND - detected UnsignedFile.Multi.Generic (1) 18:26:26.0296 3284 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE 18:26:26.0312 3284 BBSvc - ok 18:26:26.0375 3284 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE 18:26:26.0390 3284 BBUpdate - ok 18:26:26.0421 3284 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 18:26:26.0515 3284 Beep - ok 18:26:26.0578 3284 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll 18:26:26.0671 3284 BITS - ok 18:26:26.0718 3284 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll 18:26:26.0812 3284 Browser - ok 18:26:26.0843 3284 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 18:26:26.0937 3284 cbidf - ok 18:26:26.0937 3284 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 18:26:27.0015 3284 cbidf2k - ok 18:26:27.0031 3284 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 18:26:27.0109 3284 cd20xrnt - ok 18:26:27.0140 3284 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 18:26:27.0234 3284 Cdaudio - ok 18:26:27.0296 3284 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 18:26:27.0390 3284 Cdfs - ok 18:26:27.0406 3284 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 18:26:27.0484 3284 Cdrom - ok 18:26:27.0484 3284 Changer - ok 18:26:27.0546 3284 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe 18:26:27.0625 3284 CiSvc - ok 18:26:27.0656 3284 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe 18:26:27.0750 3284 ClipSrv - ok 18:26:27.0890 3284 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:26:27.0906 3284 clr_optimization_v2.0.50727_32 - ok 18:26:27.0984 3284 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:26:28.0000 3284 clr_optimization_v4.0.30319_32 - ok 18:26:28.0031 3284 CmdIde (026ba1f2d9c9f742ec3823d0214cd67c) C:\WINDOWS\system32\DRIVERS\cmdide.sys 18:26:28.0140 3284 CmdIde - ok 18:26:28.0140 3284 COMSysApp - ok 18:26:28.0171 3284 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 18:26:28.0281 3284 Cpqarray - ok 18:26:28.0328 3284 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll 18:26:28.0406 3284 CryptSvc - ok 18:26:28.0468 3284 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 18:26:28.0578 3284 dac2w2k - ok 18:26:28.0609 3284 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 18:26:28.0703 3284 dac960nt - ok 18:26:28.0765 3284 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll 18:26:28.0781 3284 DcomLaunch - ok 18:26:28.0843 3284 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll 18:26:28.0921 3284 Dhcp - ok 18:26:28.0953 3284 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 18:26:29.0031 3284 Disk - ok 18:26:29.0031 3284 dmadmin - ok 18:26:29.0093 3284 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys 18:26:29.0234 3284 dmboot - ok 18:26:29.0234 3284 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys 18:26:29.0328 3284 dmio - ok 18:26:29.0343 3284 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 18:26:29.0453 3284 dmload - ok 18:26:29.0500 3284 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll 18:26:29.0593 3284 dmserver - ok 18:26:29.0609 3284 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 18:26:29.0703 3284 DMusic - ok 18:26:29.0750 3284 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll 18:26:29.0765 3284 Dnscache - ok 18:26:29.0828 3284 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll 18:26:29.0906 3284 Dot3svc - ok 18:26:29.0953 3284 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 18:26:30.0031 3284 dpti2o - ok 18:26:30.0078 3284 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 18:26:30.0156 3284 drmkaud - ok 18:26:30.0218 3284 E100B (be27de641e52d8b295dea40b213318f7) C:\WINDOWS\system32\DRIVERS\e100b325.sys 18:26:30.0296 3284 E100B - ok 18:26:30.0359 3284 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll 18:26:30.0437 3284 EapHost - ok 18:26:30.0500 3284 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll 18:26:30.0593 3284 ERSvc - ok 18:26:30.0656 3284 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe 18:26:30.0656 3284 Eventlog - ok 18:26:30.0718 3284 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\system32\es.dll 18:26:30.0734 3284 EventSystem - ok 18:26:30.0750 3284 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 18:26:30.0828 3284 Fastfat - ok 18:26:30.0890 3284 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 18:26:30.0906 3284 FastUserSwitchingCompatibility - ok 18:26:30.0968 3284 Fax (4914736e61f561dad588af2aaa0df0f0) C:\WINDOWS\system32\fxssvc.exe 18:26:31.0062 3284 Fax - ok 18:26:31.0125 3284 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 18:26:31.0203 3284 Fdc - ok 18:26:31.0218 3284 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys 18:26:31.0328 3284 Fips - ok 18:26:31.0343 3284 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 18:26:31.0421 3284 Flpydisk - ok 18:26:31.0484 3284 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 18:26:31.0562 3284 FltMgr - ok 18:26:31.0718 3284 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 18:26:31.0734 3284 FontCache3.0.0.0 - ok 18:26:31.0781 3284 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 18:26:31.0796 3284 fssfltr - ok 18:26:32.0000 3284 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files\Windows Live\Family Safety\fsssvc.exe 18:26:32.0031 3284 fsssvc - ok 18:26:32.0078 3284 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 18:26:32.0171 3284 Fs_Rec - ok 18:26:32.0250 3284 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 18:26:32.0343 3284 Ftdisk - ok 18:26:32.0390 3284 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 18:26:32.0484 3284 Gpc - ok 18:26:32.0640 3284 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 18:26:32.0640 3284 gupdate - ok 18:26:32.0656 3284 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 18:26:32.0656 3284 gupdatem - ok 18:26:32.0734 3284 Hardlock (9de9a7a19195c57ef38b4ee25422f2d7) C:\WINDOWS\system32\drivers\hardlock.sys 18:26:32.0843 3284 Hardlock - ok 18:26:32.0843 3284 hasplms - ok 18:26:32.0906 3284 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 18:26:33.0000 3284 HDAudBus - ok 18:26:33.0109 3284 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 18:26:33.0187 3284 helpsvc - ok 18:26:33.0234 3284 HidServ (10003105aab8d5a7db51a9cb3d9f55a3) C:\WINDOWS\System32\hidserv.dll 18:26:33.0312 3284 HidServ - ok 18:26:33.0359 3284 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 18:26:33.0453 3284 HidUsb - ok 18:26:33.0515 3284 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll 18:26:33.0609 3284 hkmsvc - ok 18:26:33.0671 3284 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 18:26:33.0750 3284 hpn - ok 18:26:33.0812 3284 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 18:26:33.0828 3284 HTTP - ok 18:26:33.0890 3284 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll 18:26:33.0984 3284 HTTPFilter - ok 18:26:34.0046 3284 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 18:26:34.0140 3284 i2omgmt - ok 18:26:34.0156 3284 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 18:26:34.0265 3284 i2omp - ok 18:26:34.0281 3284 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 18:26:34.0375 3284 i8042prt - ok 18:26:34.0531 3284 IAANTMON (72b53e9c8924949dec8f3799bcba2251) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 18:26:34.0546 3284 IAANTMON - ok 18:26:34.0625 3284 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\drivers\iaStor.sys 18:26:34.0640 3284 iaStor - ok 18:26:34.0718 3284 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 18:26:34.0718 3284 IDriverT ( UnsignedFile.Multi.Generic ) - warning 18:26:34.0718 3284 IDriverT - detected UnsignedFile.Multi.Generic (1) 18:26:34.0906 3284 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 18:26:34.0937 3284 idsvc - ok 18:26:35.0046 3284 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 18:26:35.0140 3284 Imapi - ok 18:26:35.0203 3284 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe 18:26:35.0296 3284 ImapiService - ok 18:26:35.0343 3284 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 18:26:35.0453 3284 ini910u - ok 18:26:35.0500 3284 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys 18:26:35.0578 3284 IntelIde - ok 18:26:35.0640 3284 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys 18:26:35.0718 3284 intelppm - ok 18:26:35.0734 3284 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 18:26:35.0812 3284 Ip6Fw - ok 18:26:35.0875 3284 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 18:26:35.0953 3284 IpFilterDriver - ok 18:26:35.0968 3284 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 18:26:36.0046 3284 IpInIp - ok 18:26:36.0078 3284 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 18:26:36.0156 3284 IpNat - ok 18:26:36.0187 3284 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 18:26:36.0265 3284 IPSec - ok 18:26:36.0312 3284 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 18:26:36.0359 3284 IRENUM - ok 18:26:36.0421 3284 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys 18:26:36.0515 3284 isapnp - ok 18:26:36.0703 3284 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe 18:26:36.0718 3284 JavaQuickStarterService - ok 18:26:36.0734 3284 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 18:26:36.0812 3284 Kbdclass - ok 18:26:36.0843 3284 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 18:26:36.0921 3284 kbdhid - ok 18:26:36.0984 3284 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 18:26:37.0078 3284 kmixer - ok 18:26:37.0125 3284 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 18:26:37.0156 3284 KSecDD - ok 18:26:37.0203 3284 lanmanserver (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll 18:26:37.0218 3284 lanmanserver - ok 18:26:37.0265 3284 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll 18:26:37.0281 3284 lanmanworkstation - ok 18:26:37.0312 3284 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys 18:26:37.0328 3284 Lbd - ok 18:26:37.0328 3284 lbrtfdc - ok 18:26:37.0406 3284 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll 18:26:37.0484 3284 LmHosts - ok 18:26:37.0593 3284 LMIGuardianSvc (c6a4fa0beed6e4198ddd8b8ee136cf80) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe 18:26:37.0609 3284 LMIGuardianSvc - ok 18:26:37.0656 3284 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys 18:26:37.0671 3284 LMIInfo - ok 18:26:37.0718 3284 LMIMaint (6295a19e8a6486ff8a13a1b2f4e461e0) C:\Program Files\LogMeIn\x86\RaMaint.exe 18:26:37.0734 3284 LMIMaint - ok 18:26:37.0781 3284 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys 18:26:37.0781 3284 lmimirr - ok 18:26:37.0796 3284 LMIRfsClientNP - ok 18:26:37.0812 3284 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 18:26:37.0828 3284 LMIRfsDriver - ok 18:26:37.0890 3284 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe 18:26:37.0906 3284 LogMeIn - ok 18:26:37.0984 3284 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys 18:26:38.0000 3284 MBAMProtector - ok 18:26:38.0109 3284 MBAMService (94e920be59b9ab65d95e582dbaa136ac) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 18:26:38.0125 3284 MBAMService - ok 18:26:38.0187 3284 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll 18:26:38.0265 3284 Messenger - ok 18:26:38.0312 3284 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 18:26:38.0421 3284 mnmdd - ok 18:26:38.0468 3284 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe 18:26:38.0546 3284 mnmsrvc - ok 18:26:38.0578 3284 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys 18:26:38.0656 3284 Modem - ok 18:26:38.0687 3284 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys 18:26:38.0781 3284 Mouclass - ok 18:26:38.0828 3284 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys 18:26:38.0906 3284 mouhid - ok 18:26:38.0953 3284 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 18:26:39.0046 3284 MountMgr - ok 18:26:39.0078 3284 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 18:26:39.0171 3284 mraid35x - ok 18:26:39.0203 3284 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 18:26:39.0281 3284 MRxDAV - ok 18:26:39.0328 3284 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 18:26:39.0375 3284 MRxSmb - ok 18:26:39.0531 3284 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe 18:26:39.0531 3284 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning 18:26:39.0531 3284 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1) 18:26:39.0578 3284 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe 18:26:39.0671 3284 MSDTC - ok 18:26:39.0687 3284 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 18:26:39.0765 3284 Msfs - ok 18:26:39.0781 3284 MSIServer - ok 18:26:39.0812 3284 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 18:26:39.0921 3284 MSKSSRV - ok 18:26:39.0953 3284 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 18:26:40.0046 3284 MSPCLOCK - ok 18:26:40.0093 3284 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 18:26:40.0171 3284 MSPQM - ok 18:26:40.0234 3284 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 18:26:40.0312 3284 mssmbios - ok 18:26:40.0359 3284 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 18:26:40.0437 3284 Mup - ok 18:26:40.0515 3284 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll 18:26:40.0609 3284 napagent - ok 18:26:40.0671 3284 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 18:26:40.0750 3284 NDIS - ok 18:26:40.0796 3284 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 18:26:40.0828 3284 NdisTapi - ok 18:26:40.0875 3284 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 18:26:40.0953 3284 Ndisuio - ok 18:26:41.0000 3284 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 18:26:41.0078 3284 NdisWan - ok 18:26:41.0109 3284 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 18:26:41.0218 3284 NDProxy - ok 18:26:41.0265 3284 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 18:26:41.0359 3284 NetBIOS - ok 18:26:41.0406 3284 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 18:26:41.0484 3284 NetBT - ok 18:26:41.0546 3284 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe 18:26:41.0640 3284 NetDDE - ok 18:26:41.0640 3284 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe 18:26:41.0734 3284 NetDDEdsdm - ok 18:26:41.0765 3284 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 18:26:41.0843 3284 Netlogon - ok 18:26:41.0875 3284 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll 18:26:41.0968 3284 Netman - ok 18:26:42.0125 3284 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:26:42.0140 3284 NetTcpPortSharing - ok 18:26:42.0203 3284 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll 18:26:42.0218 3284 Nla - ok 18:26:42.0234 3284 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 18:26:42.0328 3284 Npfs - ok 18:26:42.0406 3284 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 18:26:42.0531 3284 Ntfs - ok 18:26:42.0546 3284 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 18:26:42.0640 3284 NtLmSsp - ok 18:26:42.0687 3284 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll 18:26:42.0781 3284 NtmsSvc - ok 18:26:42.0890 3284 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 18:26:42.0984 3284 Null - ok 18:26:43.0343 3284 nv (11d00ba58270a128354f3ea2262587cc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 18:26:43.0640 3284 nv - ok 18:26:43.0781 3284 NVSvc (6a5560227f7a7597829c8073b5dc704e) C:\WINDOWS\system32\nvsvc32.exe 18:26:43.0796 3284 NVSvc - ok 18:26:43.0843 3284 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 18:26:43.0921 3284 NwlnkFlt - ok 18:26:43.0937 3284 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 18:26:44.0031 3284 NwlnkFwd - ok 18:26:44.0125 3284 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:26:44.0125 3284 ose - ok 18:26:44.0234 3284 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe 18:26:44.0250 3284 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning 18:26:44.0250 3284 PACSPTISVR - detected UnsignedFile.Multi.Generic (1) 18:26:44.0296 3284 papycpu2 (f5cf06754ae54d9d3353fc9c59bc4e04) C:\WINDOWS\System32\DRIVERS\papycpu2.sys 18:26:44.0312 3284 papycpu2 ( UnsignedFile.Multi.Generic ) - warning 18:26:44.0312 3284 papycpu2 - detected UnsignedFile.Multi.Generic (1) 18:26:44.0312 3284 papyjoy (b09a71e8e1e127455f3a2fe83d38851f) C:\WINDOWS\System32\DRIVERS\papyjoy.sys 18:26:44.0328 3284 papyjoy ( UnsignedFile.Multi.Generic ) - warning 18:26:44.0328 3284 papyjoy - detected UnsignedFile.Multi.Generic (1) 18:26:44.0390 3284 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys 18:26:44.0468 3284 Parport - ok 18:26:44.0531 3284 Partizan (e228b03a922d46e29b88c4056861ee78) C:\WINDOWS\system32\drivers\Partizan.sys 18:26:44.0546 3284 Partizan - ok 18:26:44.0593 3284 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 18:26:44.0671 3284 PartMgr - ok 18:26:44.0718 3284 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys 18:26:44.0796 3284 ParVdm - ok 18:26:44.0812 3284 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys 18:26:44.0906 3284 PCI - ok 18:26:44.0921 3284 PCIDump - ok 18:26:44.0953 3284 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys 18:26:45.0062 3284 PCIIde - ok 18:26:45.0109 3284 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys 18:26:45.0187 3284 Pcmcia - ok 18:26:45.0203 3284 PDCOMP - ok 18:26:45.0218 3284 PDFRAME - ok 18:26:45.0218 3284 PDRELI - ok 18:26:45.0234 3284 PDRFRAME - ok 18:26:45.0265 3284 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 18:26:45.0359 3284 perc2 - ok 18:26:45.0375 3284 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 18:26:45.0500 3284 perc2hib - ok 18:26:45.0578 3284 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe 18:26:45.0593 3284 PlugPlay - ok 18:26:45.0609 3284 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 18:26:45.0687 3284 PolicyAgent - ok 18:26:45.0750 3284 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 18:26:45.0843 3284 PptpMiniport - ok 18:26:45.0843 3284 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 18:26:45.0937 3284 ProtectedStorage - ok 18:26:45.0937 3284 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 18:26:46.0046 3284 PSched - ok 18:26:46.0078 3284 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 18:26:46.0187 3284 Ptilink - ok 18:26:46.0234 3284 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 18:26:46.0250 3284 PxHelp20 - ok 18:26:46.0281 3284 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 18:26:46.0375 3284 ql1080 - ok 18:26:46.0375 3284 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 18:26:46.0500 3284 Ql10wnt - ok 18:26:46.0531 3284 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 18:26:46.0609 3284 ql12160 - ok 18:26:46.0656 3284 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 18:26:46.0750 3284 ql1240 - ok 18:26:46.0796 3284 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 18:26:46.0906 3284 ql1280 - ok 18:26:46.0953 3284 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 18:26:47.0031 3284 RasAcd - ok 18:26:47.0093 3284 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll 18:26:47.0171 3284 RasAuto - ok 18:26:47.0187 3284 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 18:26:47.0281 3284 Rasl2tp - ok 18:26:47.0343 3284 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll 18:26:47.0421 3284 RasMan - ok 18:26:47.0453 3284 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 18:26:47.0531 3284 RasPppoe - ok 18:26:47.0562 3284 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 18:26:47.0656 3284 Raspti - ok 18:26:47.0703 3284 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 18:26:47.0796 3284 Rdbss - ok 18:26:47.0812 3284 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 18:26:47.0890 3284 RDPCDD - ok 18:26:47.0953 3284 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 18:26:48.0031 3284 rdpdr - ok 18:26:48.0093 3284 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 18:26:48.0171 3284 RDPWD - ok 18:26:48.0203 3284 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe 18:26:48.0296 3284 RDSessMgr - ok 18:26:48.0328 3284 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys 18:26:48.0406 3284 redbook - ok 18:26:48.0468 3284 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll 18:26:48.0562 3284 RemoteAccess - ok 18:26:48.0609 3284 RemoteRegistry (2fd5b89bf9289c774c5c730dea96cd91) C:\WINDOWS\system32\regsvc.dll 18:26:48.0750 3284 RemoteRegistry - ok 18:26:48.0812 3284 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe 18:26:48.0890 3284 RpcLocator - ok 18:26:48.0953 3284 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll 18:26:48.0968 3284 RpcSs - ok 18:26:49.0046 3284 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe 18:26:49.0140 3284 RSVP - ok 18:26:49.0187 3284 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 18:26:49.0265 3284 SamSs - ok 18:26:49.0312 3284 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe 18:26:49.0406 3284 SCardSvr - ok 18:26:49.0453 3284 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll 18:26:49.0546 3284 Schedule - ok 18:26:49.0593 3284 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 18:26:49.0640 3284 Secdrv - ok 18:26:49.0687 3284 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll 18:26:49.0781 3284 seclogon - ok 18:26:49.0843 3284 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys 18:26:49.0859 3284 SenFiltService - ok 18:26:49.0921 3284 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll 18:26:50.0015 3284 SENS - ok 18:26:50.0062 3284 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\WINDOWS\System32\Drivers\SENTINEL.SYS 18:26:50.0078 3284 Sentinel - ok 18:26:50.0187 3284 SentinelKeysServer (731d9b3de4bc0a3e0830b9bf9dbce2a5) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe 18:26:50.0203 3284 SentinelKeysServer - ok 18:26:50.0218 3284 SentinelProtectionServer (925e88d7c5a51e25769d9ceb4f7f2e85) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe 18:26:50.0234 3284 SentinelProtectionServer - ok 18:26:50.0296 3284 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 18:26:50.0375 3284 serenum - ok 18:26:50.0375 3284 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys 18:26:50.0468 3284 Serial - ok 18:26:50.0515 3284 sermouse (e45e17f93a7692a040c7bcd63907d505) C:\WINDOWS\system32\DRIVERS\sermouse.sys 18:26:50.0609 3284 sermouse - ok 18:26:50.0687 3284 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 18:26:50.0781 3284 Sfloppy - ok 18:26:50.0843 3284 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll 18:26:50.0937 3284 SharedAccess - ok 18:26:51.0000 3284 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 18:26:51.0015 3284 ShellHWDetection - ok 18:26:51.0015 3284 Simbad - ok 18:26:51.0062 3284 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 18:26:51.0140 3284 sisagp - ok 18:26:51.0203 3284 SNTNLUSB (9de6e60ce7fd82b4985de5d9c22265ad) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS 18:26:51.0218 3284 SNTNLUSB - ok 18:26:51.0328 3284 SonicStage Back-End Service (977aaa4398d7d6fa65d973f5b3f54e40) C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe 18:26:51.0328 3284 SonicStage Back-End Service - ok 18:26:51.0375 3284 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 18:26:51.0453 3284 Sparrow - ok 18:26:51.0484 3284 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 18:26:51.0578 3284 splitter - ok 18:26:51.0625 3284 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 18:26:51.0656 3284 Spooler - ok 18:26:51.0703 3284 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe 18:26:51.0703 3284 SPTISRV ( UnsignedFile.Multi.Generic ) - warning 18:26:51.0703 3284 SPTISRV - detected UnsignedFile.Multi.Generic (1) 18:26:51.0765 3284 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys 18:26:51.0812 3284 sr - ok 18:26:51.0859 3284 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll 18:26:51.0906 3284 srservice - ok 18:26:51.0937 3284 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 18:26:51.0984 3284 Srv - ok 18:26:52.0000 3284 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll 18:26:52.0046 3284 SSDPSRV - ok 18:26:52.0093 3284 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 18:26:52.0109 3284 ssmdrv - ok 18:26:52.0140 3284 SSScsiSV (756e371b3b86a3d3039926d32eac0e8d) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe 18:26:52.0140 3284 SSScsiSV - ok 18:26:52.0187 3284 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll 18:26:52.0281 3284 stisvc - ok 18:26:52.0296 3284 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 18:26:52.0390 3284 swenum - ok 18:26:52.0437 3284 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 18:26:52.0531 3284 swmidi - ok 18:26:52.0546 3284 SwPrv - ok 18:26:52.0593 3284 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 18:26:52.0687 3284 symc810 - ok 18:26:52.0734 3284 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 18:26:52.0812 3284 symc8xx - ok 18:26:52.0828 3284 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 18:26:52.0953 3284 sym_hi - ok 18:26:52.0953 3284 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 18:26:53.0046 3284 sym_u3 - ok 18:26:53.0078 3284 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 18:26:53.0156 3284 sysaudio - ok 18:26:53.0187 3284 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe 18:26:53.0265 3284 SysmonLog - ok 18:26:53.0312 3284 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll 18:26:53.0406 3284 TapiSrv - ok 18:26:53.0468 3284 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 18:26:53.0500 3284 Tcpip - ok 18:26:53.0546 3284 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 18:26:53.0625 3284 TDPIPE - ok 18:26:53.0640 3284 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 18:26:53.0734 3284 TDTCP - ok 18:26:53.0781 3284 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 18:26:53.0875 3284 TermDD - ok 18:26:53.0937 3284 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll 18:26:54.0046 3284 TermService - ok 18:26:54.0109 3284 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 18:26:54.0125 3284 Themes - ok 18:26:54.0171 3284 TlntSvr (78a2fe13662a119875f10e9ffcb49a8f) C:\WINDOWS\system32\tlntsvr.exe 18:26:54.0218 3284 TlntSvr - ok 18:26:54.0250 3284 TosIde (5bc2144ab4f6090f12e49e9648b5a702) C:\WINDOWS\system32\DRIVERS\toside.sys 18:26:54.0359 3284 TosIde - ok 18:26:54.0421 3284 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll 18:26:54.0500 3284 TrkWks - ok 18:26:54.0640 3284 TrueSwordSchedulerService (29d085fdca4734c4dda1db5448c1ab6a) C:\Program Files\True Sword 5\TrueSwordSchedule.exe 18:26:54.0656 3284 TrueSwordSchedulerService ( UnsignedFile.Multi.Generic ) - warning 18:26:54.0656 3284 TrueSwordSchedulerService - detected UnsignedFile.Multi.Generic (1) 18:26:54.0718 3284 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 18:26:54.0812 3284 Udfs - ok 18:26:54.0859 3284 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 18:26:54.0921 3284 ultra - ok 18:26:54.0984 3284 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 18:26:55.0078 3284 Update - ok 18:26:55.0125 3284 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll 18:26:55.0171 3284 upnphost - ok 18:26:55.0218 3284 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe 18:26:55.0296 3284 UPS - ok 18:26:55.0343 3284 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys 18:26:55.0359 3284 usbbus - ok 18:26:55.0390 3284 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 18:26:55.0468 3284 usbccgp - ok 18:26:55.0515 3284 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys 18:26:55.0546 3284 UsbDiag - ok 18:26:55.0609 3284 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 18:26:55.0687 3284 usbehci - ok 18:26:55.0734 3284 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 18:26:55.0812 3284 usbhub - ok 18:26:55.0875 3284 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys 18:26:55.0890 3284 USBModem - ok 18:26:55.0937 3284 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 18:26:56.0031 3284 usbscan - ok 18:26:56.0078 3284 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 18:26:56.0156 3284 USBSTOR - ok 18:26:56.0187 3284 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 18:26:56.0281 3284 usbuhci - ok 18:26:56.0328 3284 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 18:26:56.0437 3284 VgaSave - ok 18:26:56.0453 3284 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 18:26:56.0531 3284 viaagp - ok 18:26:56.0562 3284 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 18:26:56.0671 3284 ViaIde - ok 18:26:56.0718 3284 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys 18:26:56.0796 3284 VolSnap - ok 18:26:56.0859 3284 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe 18:26:56.0906 3284 VSS - ok 18:26:56.0937 3284 w32time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll 18:26:57.0015 3284 w32time - ok 18:26:57.0046 3284 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 18:26:57.0125 3284 Wanarp - ok 18:26:57.0125 3284 WDICA - ok 18:26:57.0171 3284 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 18:26:57.0265 3284 wdmaud - ok 18:26:57.0312 3284 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll 18:26:57.0406 3284 WebClient - ok 18:26:57.0484 3284 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll 18:26:57.0578 3284 winmgmt - ok 18:26:57.0640 3284 WmBEnum (38932c4649f8baad6ce1000ac6503d5b) C:\WINDOWS\system32\drivers\WmBEnum.sys 18:26:57.0640 3284 WmBEnum - ok 18:26:57.0703 3284 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 18:26:57.0734 3284 WmdmPmSN - ok 18:26:57.0750 3284 WmFilter (58b3adab903fa1a78c86e6a42b80fe76) C:\WINDOWS\system32\drivers\WmFilter.sys 18:26:57.0750 3284 WmFilter - ok 18:26:57.0765 3284 WmHidLo (be1951c6919efb86e95f8ef331e39c50) C:\WINDOWS\system32\drivers\WmHidLo.sys 18:26:57.0781 3284 WmHidLo - ok 18:26:57.0843 3284 Wmi (93f8eb8c7cd4e325ec92edbfc545103d) C:\WINDOWS\System32\advapi32.dll 18:26:57.0875 3284 Wmi - ok 18:26:57.0921 3284 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe 18:26:58.0015 3284 WmiApSrv - ok 18:26:58.0187 3284 WMPNetworkSvc (79a01acd485687ee602411a06b63a9a5) C:\Program Files\Windows Media Player\WMPNetwk.exe 18:26:58.0203 3284 WMPNetworkSvc - ok 18:26:58.0296 3284 WmVirHid (e45f01f4014d7ab13b8a0c41ebf48a3d) C:\WINDOWS\system32\drivers\WmVirHid.sys 18:26:58.0312 3284 WmVirHid - ok 18:26:58.0359 3284 WmXlCore (0398265dd65aae2ece180fa9d1e7b5bb) C:\WINDOWS\system32\drivers\WmXlCore.sys 18:26:58.0359 3284 WmXlCore - ok 18:26:58.0593 3284 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 18:26:58.0625 3284 WPFFontCache_v0400 - ok 18:26:58.0671 3284 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll 18:26:58.0765 3284 wscsvc - ok 18:26:58.0781 3284 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll 18:26:58.0875 3284 wuauserv - ok 18:26:58.0937 3284 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 18:26:58.0968 3284 WudfPf - ok 18:26:58.0984 3284 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 18:26:59.0000 3284 WudfRd - ok 18:26:59.0015 3284 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 18:26:59.0031 3284 WudfSvc - ok 18:26:59.0093 3284 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll 18:26:59.0203 3284 WZCSVC - ok 18:26:59.0203 3284 xcpip - ok 18:26:59.0265 3284 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll 18:26:59.0359 3284 xmlprov - ok 18:26:59.0359 3284 xpsec - ok 18:26:59.0406 3284 MBR (0x1B8) (f381baacfc1778337c007982b0c32d82) \Device\Harddisk0\DR0 18:26:59.0406 3284 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected 18:26:59.0406 3284 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0) 18:26:59.0484 3284 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR11 18:26:59.0609 3284 \Device\Harddisk5\DR11 - ok 18:26:59.0640 3284 Boot (0x1200) (d7d68ccdd29528c210a18cbf741ba615) \Device\Harddisk0\DR0\Partition0 18:26:59.0640 3284 \Device\Harddisk0\DR0\Partition0 - ok 18:26:59.0640 3284 Boot (0x1200) (938abd51bca1b2f72e10815330436741) \Device\Harddisk5\DR11\Partition0 18:26:59.0640 3284 \Device\Harddisk5\DR11\Partition0 - ok 18:26:59.0640 3284 ============================================================ 18:26:59.0640 3284 Scan finished 18:26:59.0640 3284 ============================================================ 18:26:59.0765 3612 Detected object count: 10 18:26:59.0765 3612 Actual detected object count: 10 18:27:53.0203 3612 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:53.0203 3612 ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:53.0203 3612 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:53.0203 3612 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:53.0203 3612 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:53.0203 3612 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:53.0203 3612 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:53.0203 3612 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:53.0203 3612 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:53.0203 3612 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:53.0203 3612 papycpu2 ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:53.0203 3612 papycpu2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:53.0218 3612 papyjoy ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:53.0218 3612 papyjoy ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:53.0218 3612 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:53.0218 3612 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:53.0218 3612 TrueSwordSchedulerService ( UnsignedFile.Multi.Generic ) - skipped by user 18:27:53.0218 3612 TrueSwordSchedulerService ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:27:53.0750 3612 \Device\Harddisk0\DR0\# - copied to quarantine 18:27:53.0750 3612 \Device\Harddisk0\DR0 - copied to quarantine 18:27:53.0750 3612 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot 18:27:53.0765 3612 \Device\Harddisk0\DR0 - ok 18:27:53.0765 3612 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure 18:28:00.0968 3524 Deinitialize success
  • Eerst even dit, er is geen Windows die gelijk is aan een andere Windows! Daarom alleen al is het verstandiger je probleem in een eigen topic te posten! Hoe lang is het geleden dat jij geïnternetbankierd hebt. Want Mebroot/Sinowal is ook een backdoor, gespecialiseerd in identiteitsdiefstal!
  • die vraag zag ik in het vorige topic ook al staan en ben daar bij mezelf al even over te rade gegaan. Ik zou het echter eerlijk gezegd niet meer precies weten, maar volgens mij vorige week zeker een keer. Zondagavond valt mij ineens in, toen heb ik gekeken op internetbankieren. Ik heb toen geen overboekingen gedaan. Zijn daar nog zaken die ik zou moeten regelen?? Overigens zijn de problemen die ik merkte met internet enzo, wel verholpen. Ook heb ik ineens weer de windows opstart/afsluitgeluiden die al tijden weg waren. Thanx voor de reacties tot dusver
  • Bij welke bank zit jij? En je mag het volgende gaan doen: [b:498d2930dd]Welk programma[/b:498d2930dd]: [color=#008000:498d2930dd][b:498d2930dd]Emsisoft Emergency Kit 1.0[/b:498d2930dd][/color:498d2930dd] [b:498d2930dd]Waarvoor/waarom[/b:498d2930dd]: Detecteert en verwijdert malware [b:498d2930dd]Moeilijkheidsgraad[/b:498d2930dd]: geen. Download: [b:498d2930dd][url=http://download11.emsisoft.com/EmsisoftEmergencyKit.zip][color=#FF0000:498d2930dd]Emsisoft Emergency Kit[/color:498d2930dd][/url][/b:498d2930dd] [b:498d2930dd]Opmerkingen[/b:498d2930dd]:[list:498d2930dd][*:498d2930dd]de download is gecomprimeerd, pak EmsisoftEmergencyKit.zip uit en plaats de nieuwe map op het bureaublad. [*:498d2930dd]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:498d2930dd] [b:498d2930dd]Emsisoft Emergency Kit opstarten[/b:498d2930dd] door de map "[b:498d2930dd]EmsisoftEmergencyKit[/b:498d2930dd]" te openen [list:498d2930dd][list:498d2930dd][*:498d2930dd][b:498d2930dd][color=#0000FF:498d2930dd]Windows 2000[/color:498d2930dd][/b:498d2930dd] en [color=#0000FF:498d2930dd][b:498d2930dd]Windows XP[/b:498d2930dd][/color:498d2930dd]: dubbelklik op "Start.exe". [*:498d2930dd][color=#0000FF:498d2930dd][b:498d2930dd]Windows Vista[/b:498d2930dd][/color:498d2930dd] en [color=#0000FF:498d2930dd][b:498d2930dd]Windows 7[/b:498d2930dd][/color:498d2930dd]: via rechtsklik op "Start.exe" en kies voor "Als Administrator uitvoeren".[/list:u:498d2930dd][/list:u:498d2930dd] [b:498d2930dd]Scannen[/b:498d2930dd]: [list:498d2930dd][*:498d2930dd] Klik nu in het keuzescherm op "[b:498d2930dd]Emergency Kit Scanner[/b:498d2930dd]" en aansluitend komt dan de melding, dat het is aanbevolen om eerst te updaten. [img:498d2930dd]http://www.imgdumper.nl/uploads5/4f8d1a3bd534a/4f8d1a3bd3fbd-EmsisoftEK11.jpg[/img:498d2930dd] [*:498d2930dd]Doe dit dan ook door te klikken op "[b:498d2930dd]Ja[/b:498d2930dd]" [*:498d2930dd]Wanneer het updaten gereed is volgt de melding "[b:498d2930dd]Update proces is succesvol afgerond[/b:498d2930dd]" [*:498d2930dd]Klik nu op"[b:498d2930dd]Menu[/b:498d2930dd]" en dan op "[b:498d2930dd]Scan PC[/b:498d2930dd]" [*:498d2930dd] Selecteer de optie "[b:498d2930dd]Diep[/b:498d2930dd]" als deze niet standaard al zo is ingesteld. [*:498d2930dd] Klik aansluitend op de knop "[b:498d2930dd]Scan[/b:498d2930dd]" [list:498d2930dd][*:498d2930dd]Wees geduldig en doe verder niets met de computer gedurende de scan, daar de scan geruime tijd kan duren.[/list:u:498d2930dd] [*:498d2930dd] Het venster met de waarschuwing over een verhoogd risico kan gesloten worden, wanneer de scan gereed is. [*:498d2930dd] Zorg ervoor dat alle gevonden items zijn aangevinkt en klik dan op de knop "[b:498d2930dd]Verwijder geselecteerde[/b:498d2930dd]" - dan zal de volgende melding komen: [img:498d2930dd]http://www.imgdumper.nl/uploads5/4f8d1a4d63784/4f8d1a4d61ffa-EmsisoftEK2.jpg[/img:498d2930dd] [*:498d2930dd]Klik aansluitend dus op "[b:498d2930dd]Ja[/b:498d2930dd]" [*:498d2930dd] Wanneer het verwijderen klaar is, klik dan op de knop "[b:498d2930dd]View report[/b:498d2930dd]" en selecteer het tekstbestand van deze scan met de naam zoals: [b:498d2930dd]a2scan_110730-111615.txt[/b:498d2930dd] [*:498d2930dd] Plaats de inhoud van dat LOG bestand straks in het nieuwe bericht.[/list:u:498d2930dd] [color=#008000:498d2930dd][b:498d2930dd]Notabene:[/b:498d2930dd][/color:498d2930dd] Herstart nu de computer.
  • bij de rabobank. hier is de log: Emsisoft Emergency Kit - Versie 1.0 Laatste Update: 23-5-2012 21:32:36 Scaninstellingen: Scantype: Diepe Scan Objecten: Geheugen, Sporen, Cookies, C:\ Scan archieven: Aan Heuristieken: Uit ADS Scan: Aan Scan gestart: 23-5-2012 21:33:00 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313300705093000 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313300705093001 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313352618437000 Ontdekt: Trace.TrackingCookie.m.webtrends.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313697959859000 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313697959859001 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314251800250000 Ontdekt: Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307915 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307916 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307964 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307979 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307994 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107310033 Ontdekt: Trace.TrackingCookie.eas.apm.emediate.eu!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107310920 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107310921 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107314277 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107314967 Ontdekt: Trace.TrackingCookie.fr.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107314968 Ontdekt: Trace.TrackingCookie.fr.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107320173 Ontdekt: Trace.TrackingCookie.eas4.emediate.eu!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107323575 Ontdekt: Trace.TrackingCookie.eas4.emediate.eu!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107335426 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107337886 Ontdekt: Trace.TrackingCookie.fl01.ct2.comclick!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107341764 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107342673 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107346290 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107346291 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107347732 Ontdekt: Trace.TrackingCookie.www.etracker.de!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107363503 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107365619 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107367022 Ontdekt: Trace.TrackingCookie.fl01.ct2.comclick!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107367023 Ontdekt: Trace.TrackingCookie.fl01.ct2.comclick!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107372912 Ontdekt: Trace.TrackingCookie.sex!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107375478 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107377471 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107377472 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107384412 Ontdekt: Trace.TrackingCookie.adfarm1.adition.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107384420 Ontdekt: Trace.TrackingCookie.eas.apm.emediate.eu!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107387055 Ontdekt: Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107387056 Ontdekt: Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107387057 Ontdekt: Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107390022 Ontdekt: Trace.TrackingCookie.1xxx.cqcounter.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107392449 Ontdekt: Trace.TrackingCookie.www.belstat.be!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107397488 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107398215 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107398216 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107398757 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107398758 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107399430 Ontdekt: Trace.TrackingCookie.ad.zanox.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107415975 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107420540 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107428758 Ontdekt: Trace.TrackingCookie.www.belstat.nl!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107429267 Ontdekt: Trace.TrackingCookie.tribalfusion.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107429746 Ontdekt: Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107430230 Ontdekt: Trace.TrackingCookie.www.belstat.be!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107432175 Ontdekt: Trace.TrackingCookie.www.belstat.nl!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107432183 Ontdekt: Trace.TrackingCookie.www.belstat.nl!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107432221 Ontdekt: Trace.TrackingCookie.eas.apm.emediate.eu!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107432248 Ontdekt: Trace.TrackingCookie.eas.apm.emediate.eu!A2 C:\Documents and Settings\Marc\Application Data\Qohoza\xaepz.exe Ontdekt: Trojan-Spy.Zbot!IK C:\Documents and Settings\Marc\Application Data\Sun\Java\Deployment\cache\6.0\36\2f60364-293e5b4d/Update.class Ontdekt: Exploit.Java.CVE-2011-3544!IK C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache(2)\f_0010a8/unnamed Ontdekt: HTML.Crypted!IK C:\Documents and Settings\Marc\Local Settings\Temp\plugtmp-33\plugin-adfp2.php Ontdekt: Exploit.PDF!IK C:\TDSSKiller_Quarantine\23.05.2012_18.25.56\mbr0000\mbr0000\tsk0000.dta Ontdekt: Trojan.DOS.Sinowal!IK Gescand Bestanden: 414943 Sporen: 555017 Cookies: 2183 Processen: 48 Gevonden Bestanden: 5 Sporen: 0 Cookies: 66 Processen: 0 Registersleutels: 0 Scan Geëindigd: 24-5-2012 0:35:55 Scantijd: 3:02:55 C:\TDSSKiller_Quarantine\23.05.2012_18.25.56\mbr0000\mbr0000\tsk0000.dta Verwijderd Trojan.DOS.Sinowal!IK C:\Documents and Settings\Marc\Local Settings\Temp\plugtmp-33\plugin-adfp2.php Verwijderd Exploit.PDF!IK C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache(2)\f_0010a8/unnamed Verwijderd HTML.Crypted!IK C:\Documents and Settings\Marc\Application Data\Sun\Java\Deployment\cache\6.0\36\2f60364-293e5b4d/Update.class Verwijderd Exploit.Java.CVE-2011-3544!IK C:\Documents and Settings\Marc\Application Data\Qohoza\xaepz.exe Verwijderd Trojan-Spy.Zbot!IK C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107429267 Verwijderd Trace.TrackingCookie.tribalfusion.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107428758 Verwijderd Trace.TrackingCookie.www.belstat.nl!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107432175 Verwijderd Trace.TrackingCookie.www.belstat.nl!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107432183 Verwijderd Trace.TrackingCookie.www.belstat.nl!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107399430 Verwijderd Trace.TrackingCookie.ad.zanox.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107392449 Verwijderd Trace.TrackingCookie.www.belstat.be!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107430230 Verwijderd Trace.TrackingCookie.www.belstat.be!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107390022 Verwijderd Trace.TrackingCookie.1xxx.cqcounter.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107384412 Verwijderd Trace.TrackingCookie.adfarm1.adition.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107372912 Verwijderd Trace.TrackingCookie.sex!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107347732 Verwijderd Trace.TrackingCookie.www.etracker.de!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107337886 Verwijderd Trace.TrackingCookie.fl01.ct2.comclick!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107367022 Verwijderd Trace.TrackingCookie.fl01.ct2.comclick!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107367023 Verwijderd Trace.TrackingCookie.fl01.ct2.comclick!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107320173 Verwijderd Trace.TrackingCookie.eas4.emediate.eu!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107323575 Verwijderd Trace.TrackingCookie.eas4.emediate.eu!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107314967 Verwijderd Trace.TrackingCookie.fr.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107314968 Verwijderd Trace.TrackingCookie.fr.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107310920 Verwijderd Trace.TrackingCookie.stat.onestat!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107310921 Verwijderd Trace.TrackingCookie.stat.onestat!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107335426 Verwijderd Trace.TrackingCookie.stat.onestat!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107341764 Verwijderd Trace.TrackingCookie.stat.onestat!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107397488 Verwijderd Trace.TrackingCookie.stat.onestat!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107420540 Verwijderd Trace.TrackingCookie.stat.onestat!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107310033 Verwijderd Trace.TrackingCookie.eas.apm.emediate.eu!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107384420 Verwijderd Trace.TrackingCookie.eas.apm.emediate.eu!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107432221 Verwijderd Trace.TrackingCookie.eas.apm.emediate.eu!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107432248 Verwijderd Trace.TrackingCookie.eas.apm.emediate.eu!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314251800250000 Verwijderd Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107387055 Verwijderd Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107387056 Verwijderd Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107387057 Verwijderd Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107429746 Verwijderd Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313352618437000 Verwijderd Trace.TrackingCookie.m.webtrends.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313300705093000 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313300705093001 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313697959859000 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313697959859001 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307915 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307916 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307964 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307979 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307994 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107314277 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107342673 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107346290 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107346291 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107363503 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107365619 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107375478 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107377471 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107377472 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107398215 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107398216 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107398757 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107398758 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107415975 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 Verwijderd Bestanden: 5 Sporen: 0 Cookies: 57
  • Hoi - gooi de oude ComboFix naar de prullenbak. [b:6859b30cfc]Welk programma[/b:6859b30cfc]: [color=#008000:6859b30cfc][b:6859b30cfc]ComboFix[/b:6859b30cfc][/color:6859b30cfc] [b:6859b30cfc]Waarvoor/waarom[/b:6859b30cfc]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:6859b30cfc]Moeilijkheidsgraad[/b:6859b30cfc]: Lees alles eerst goed vanwege de voorbereidingsfase. [b:6859b30cfc]Downloadlokatie[/b:6859b30cfc]: Dit programma absoluut naar het bureaublad downloaden! [b:6859b30cfc]Download ComboFix via één van deze locaties[/b:6859b30cfc]: [list:6859b30cfc][*:6859b30cfc][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:6859b30cfc]Bleepingcomputer[/b:6859b30cfc][/url] [*:6859b30cfc][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:6859b30cfc]ForoSpyware[/b:6859b30cfc][/url] [*:6859b30cfc][url=http://subs.geekstogo.com/ComboFix.exe][b:6859b30cfc]Geekstogo[/b:6859b30cfc][/url][/list:u:6859b30cfc] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:6859b30cfc]Hier[/b:6859b30cfc][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:6859b30cfc]Hier[/b:6859b30cfc][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:6859b30cfc]hier[/b:6859b30cfc][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:6859b30cfc]Voor alle duidelijkheid nogmaals[/b:6859b30cfc]: ComboFix dient vanaf het bureaublad gestart te worden. [b:6859b30cfc]Opmerkingen[/b:6859b30cfc]: [list:6859b30cfc][*:6859b30cfc] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:6859b30cfc]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:6859b30cfc]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:6859b30cfc] [b:6859b30cfc]ComboFix is opgestart[/b:6859b30cfc]: [list:6859b30cfc][*:6859b30cfc]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:6859b30cfc]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:6859b30cfc]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:6859b30cfc]Wanneer ComboFix gereed is, zal het een logbestand voor je maken. [*:6859b30cfc]Post de inhoud van dit logbestand in je volgende bericht. [*:6859b30cfc]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:6859b30cfc] [b:6859b30cfc]Belangrijke opmerking[/b:6859b30cfc]: [list:6859b30cfc][*:6859b30cfc][b:6859b30cfc][color=#0000FF:6859b30cfc]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:6859b30cfc][/b:6859b30cfc] [*:6859b30cfc][b:6859b30cfc][color=#FF0000:6859b30cfc]Illegal operation attempted on a registery key that has been marked for deletion.[/color:6859b30cfc][/b:6859b30cfc] [*:6859b30cfc][b:6859b30cfc][color=#008000:6859b30cfc]Start dan de computer opnieuw op.[/color:6859b30cfc][/b:6859b30cfc][/list:u:6859b30cfc]
  • Bij deze de nieuwe log, nu weer vlug avira erop zetten, die kreeg ik namelijk zo vlug niet uitgeschakeld, bij de vorige combifix had ik namelijk een waarschuwing genegeerd, maar dat wilde ik nu niet doen. ComboFix 12-05-24.03 - Angelique 24-05-2012 22:09:23.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1565 [GMT 2:00] Gestart vanuit: c:\documents and settings\Angelique\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP . . (((((((((((((((((((( Bestanden Gemaakt van 2012-04-24 to 2012-05-24 )))))))))))))))))))))))))))))) . . 2012-05-23 18:53 . 2012-05-23 18:53 -------- d--h--r- c:\documents and settings\LocalService\Onlangs geopend 2012-05-23 17:30 . 2012-05-23 19:29 -------- d-----w- c:\windows\system32\NtmsData 2012-05-23 16:27 . 2012-05-23 16:27 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-23 06:06 . 2012-05-23 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\REPORTS 2012-05-23 06:06 . 2012-05-23 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\INFECTED 2012-05-23 06:06 . 2012-05-23 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\LOGFILES 2012-05-23 05:24 . 2012-05-23 05:24 -------- d-----w- c:\windows\system32\Adobe 2012-05-23 05:19 . 2012-05-23 05:22 -------- d-----w- c:\documents and settings\Angelique\Local Settings\Application Data\Babylon 2012-05-23 05:15 . 2012-05-23 05:15 -------- d-----w- c:\documents and settings\Angelique\Local Settings\Application Data\LogMeIn 2012-05-23 05:15 . 2012-05-23 20:25 -------- d-----w- c:\documents and settings\Angelique\Local Settings\Application Data\AskToolbar 2012-05-23 05:15 . 2012-05-23 17:37 -------- d-----w- c:\documents and settings\Angelique\Application Data\Babylon . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-11 13:55 . 2004-08-03 23:58 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:55 . 2004-09-13 12:52 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:55 . 2004-09-13 12:52 1862400 ----a-w- c:\windows\system32\win32k.sys 2012-03-01 11:00 . 2004-09-13 12:52 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:00 . 2004-09-13 12:52 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 11:00 . 2004-09-13 12:52 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 2004-09-13 12:52 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2004-09-13 12:52 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17 . 2004-09-13 12:52 385024 ------w- c:\windows\system32\html.iec 2010-03-31 08:09 . 2010-03-31 08:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll 2010-04-08 10:36 . 2010-04-08 10:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll 2012-03-02 22:53 . 2011-09-09 17:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-05-23_16.49.22 ))))))))))))))))))))))))))))))))))))))))) . + 2012-05-24 20:07 . 2012-05-24 20:07 16384 c:\windows\Temp\Perflib_Perfdata_60c.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-03 15:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-13 8523776] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-11-28 1036288] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-11 63048] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272] "Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2012-01-03 3184240] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2011-07-06 14:32 87424 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Papyrus\\NASCAR Racing 2003 Season\\NR2003.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"= "c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Opera\\opera.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1947:TCP"= 1947:TCP:HASP SRM "1947:UDP"= 1947:UDP:HASP SRM "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27-1-2010 19:33 64288] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [20-6-2007 15:30 79168] R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21-10-2011 16:23 196176] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13-10-2011 18:21 249648] R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [6-7-2011 16:32 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11-1-2011 19:04 12856] R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [27-4-2007 1:00 316992] R2 TrueSwordSchedulerService;True Sword 5 Scheduler;c:\program files\True Sword 5\TrueSwordSchedule.exe [15-8-2011 19:48 828416] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 7:58 135664] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [5-7-2010 22:59 16512] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 7:58 135664] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28-1-2010 8:26 22216] S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [25-3-2009 19:02 34760] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504] S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28-1-2010 8:26 366152] . Inhoud van de 'Gedeelde Taken' map . 2012-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 05:58] . 2012-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 05:58] . 2012-05-19 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20] . 2012-04-05 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20] . 2012-05-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2012-01-03 15:31] . 2012-05-24 c:\windows\Tasks\User_Feed_Synchronization-{E9AF3B0A-C52E-445B-845F-676F41AB08FF}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\documents and settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-24 22:17 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¤–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(724) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'explorer.exe'(3756) c:\program files\Babylon\Babylon-Pro\Captlib.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2012-05-24 22:18:29 ComboFix-quarantined-files.txt 2012-05-24 20:18 ComboFix2.txt 2012-05-23 16:53 . Pre-Run: 103.602.896.896 bytes beschikbaar Post-Run: 103.591.497.728 bytes beschikbaar . - - End Of File - - 463F19080495CFED1066F2EB8B58E6DE
  • Ik breng het topic nog eens even onder de aandacht. Is de geplaatste combofix log oke? En is het weer veilig om thuis internetbankieren te starten? Alvast bedankt voor reacties. Groet Angelique
  • Hallo Angelique, ik heb jou schijnbaar over het hoofd heen gezien, dus die bump van je is perfekt. Ja, in principe mag je alweer internetbankieren hoor. Maar er moet nog het een en ander gedaan worden - we gebruiken daarvoor ComboFix opnieuw met een script. Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:6684b9c373]Kladblok (of Notepad)[/b:6684b9c373]". Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:6684b9c373][color=#0000FF:6684b9c373]ClearJavaCache:: File:: c:\program files\Ask.com\Updater\Updater.exe c:\windows\system32\drivers\Partizan.sys Folder:: c:\program files\Ask.com Driver:: Partizan Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-03 15:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ApnUpdater"=- "Babylon Client"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1947:TCP"= 1947:TCP:HASP SRM "1947:UDP"= 1947:UDP:HASP SRM "3389:TCP"=- "65533:TCP"=- "52344:TCP"=- DDS:: IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm[/color:6684b9c373][/b:6684b9c373] Sla dit kladblokbestand op je bureaublad op als [b:6684b9c373]CFScript.txt[/b:6684b9c373]. [b:6684b9c373][color=#FF0000:6684b9c373]Nu eerst de antivirus en eventuele spywarescanners deaktiveren![/color:6684b9c373][/b:6684b9c373] [color=#008000:6684b9c373][b:6684b9c373]Zorg ook ervoor dat alle andere openstaande vensters gesloten zijn, ook de webbrowser.[/b:6684b9c373][/color:6684b9c373] Sleep CFScript.txt in ComboFix.exe [img:6684b9c373]http://crew.nucia.eu/smeenk/CFScript.gif[/img:6684b9c373] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix-log dat na het opnieuw starten wordt getoond. Ingeval Combofix je computer opnieuw heeft opgestart (of jij dat hebt gedaan), vindt je het log ook in [b:6684b9c373]C:\Combofix.txt[/b:6684b9c373] [b:6684b9c373]Belangrijke opmerking[/b:6684b9c373]: [list:6684b9c373][*:6684b9c373][b:6684b9c373][color=#FF0000:6684b9c373]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:6684b9c373][/b:6684b9c373] [*:6684b9c373][b:6684b9c373][color=#0000FF:6684b9c373]Illegal operation attempted on a registery key that has been marked for deletion.[/color:6684b9c373][/b:6684b9c373] [*:6684b9c373][b:6684b9c373][color=#FF0000:6684b9c373]Start dan de computer opnieuw op.[/color:6684b9c373][/b:6684b9c373][/list:u:6684b9c373]
  • Hoi Abraham54, Dank je alweer voor je reactie. Ik heb geduld hoor, ik kan me ook voorstellen dat je niet iedere dag tijd hebt om anderen te helpen :roll: goed, daar komt de logfile weer. Combofix had trouwens zelf de pc opnieuw opgestart. ComboFix 12-05-29.01 - Angelique 29-05-2012 18:49:40.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1468 [GMT 2:00] Gestart vanuit: c:\documents and settings\Angelique\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Angelique\Bureaublad\CFScript.txt AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} * Nieuw herstelpunt werd aangemaakt . FILE :: "c:\program files\Ask.com\Updater\Updater.exe" "c:\windows\system32\drivers\Partizan.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Ask.com c:\program files\Ask.com\assets\oobe\b.png c:\program files\Ask.com\assets\oobe\bl.png c:\program files\Ask.com\assets\oobe\br.png c:\program files\Ask.com\assets\oobe\l.png c:\program files\Ask.com\assets\oobe\pointer.png c:\program files\Ask.com\assets\oobe\r.png c:\program files\Ask.com\assets\oobe\t.png c:\program files\Ask.com\assets\oobe\tl.png c:\program files\Ask.com\assets\oobe\tr.png c:\program files\Ask.com\cobrand.ico c:\program files\Ask.com\config.xml c:\program files\Ask.com\favicon.ico c:\program files\Ask.com\GenericAskToolbar.dll c:\program files\Ask.com\mupcfg.xml c:\program files\Ask.com\precache.exe c:\program files\Ask.com\SaUpdate.exe c:\program files\Ask.com\Updater\config.xml c:\program files\Ask.com\Updater\Updater.exe c:\program files\Ask.com\UpdateTask.exe c:\windows\system32\drivers\Partizan.sys . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_PARTIZAN -------\Service_Partizan . . (((((((((((((((((((( Bestanden Gemaakt van 2012-04-28 to 2012-05-29 )))))))))))))))))))))))))))))) . . 2012-05-25 05:37 . 2012-05-25 05:37 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-05-25 05:30 . 2012-05-25 05:37 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-24 20:28 . 2012-05-24 20:28 -------- d-----w- c:\documents and settings\Angelique\Application Data\Avira 2012-05-24 20:23 . 2012-02-03 13:28 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-05-24 20:23 . 2012-02-03 13:28 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-05-24 20:23 . 2012-02-03 13:28 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-05-24 20:23 . 2012-05-24 20:23 -------- d-----w- c:\program files\Avira 2012-05-24 20:23 . 2012-05-24 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2012-05-23 18:53 . 2012-05-23 18:53 -------- d--h--r- c:\documents and settings\LocalService\Onlangs geopend 2012-05-23 17:30 . 2012-05-23 19:29 -------- d-----w- c:\windows\system32\NtmsData 2012-05-23 16:27 . 2012-05-23 16:27 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-23 06:06 . 2012-05-23 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\REPORTS 2012-05-23 06:06 . 2012-05-23 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\INFECTED 2012-05-23 06:06 . 2012-05-23 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\LOGFILES 2012-05-23 05:24 . 2012-05-23 05:24 -------- d-----w- c:\windows\system32\Adobe 2012-05-23 05:19 . 2012-05-23 05:22 -------- d-----w- c:\documents and settings\Angelique\Local Settings\Application Data\Babylon 2012-05-23 05:15 . 2012-05-23 05:15 -------- d-----w- c:\documents and settings\Angelique\Local Settings\Application Data\LogMeIn 2012-05-23 05:15 . 2012-05-23 20:25 -------- d-----w- c:\documents and settings\Angelique\Local Settings\Application Data\AskToolbar 2012-05-23 05:15 . 2012-05-23 17:37 -------- d-----w- c:\documents and settings\Angelique\Application Data\Babylon . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-25 05:37 . 2011-09-29 19:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-11 13:55 . 2004-08-03 23:58 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:55 . 2004-09-13 12:52 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:55 . 2004-09-13 12:52 1862400 ----a-w- c:\windows\system32\win32k.sys 2012-03-01 11:00 . 2004-09-13 12:52 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:00 . 2004-09-13 12:52 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 11:00 . 2004-09-13 12:52 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-03-31 08:09 . 2010-03-31 08:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll 2010-04-08 10:36 . 2010-04-08 10:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll 2012-03-02 22:53 . 2011-09-09 17:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-05-23_16.49.22 ))))))))))))))))))))))))))))))))))))))))) . + 2012-05-29 16:57 . 2012-05-29 16:57 16384 c:\windows\Temp\Perflib_Perfdata_7ec.dat + 2012-05-25 05:30 . 2012-05-25 05:30 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe + 2012-05-25 05:37 . 2012-05-25 05:37 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe + 2012-05-25 05:37 . 2012-05-25 05:37 424096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll + 2012-05-25 05:30 . 2012-05-25 05:37 257696 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe + 2012-05-25 05:30 . 2012-05-25 05:30 8797856 c:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-13 8523776] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-11-28 1036288] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-11 63048] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-02-03 258512] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2011-07-06 14:32 87424 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Papyrus\\NASCAR Racing 2003 Season\\NR2003.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"= "c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Opera\\opera.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1947:TCP"= 1947:TCP:HASP SRM "1947:UDP"= 1947:UDP:HASP SRM . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27-1-2010 19:33 64288] R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [24-5-2012 22:23 36000] R2 AntiVirSchedulerService;Avira Planner;c:\program files\Avira\AntiVir Desktop\sched.exe [24-5-2012 22:23 86224] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [20-6-2007 15:30 79168] R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21-10-2011 16:23 196176] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13-10-2011 18:21 249648] R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [6-7-2011 16:32 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11-1-2011 19:04 12856] R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [27-4-2007 1:00 316992] R2 TrueSwordSchedulerService;True Sword 5 Scheduler;c:\program files\True Sword 5\TrueSwordSchedule.exe [15-8-2011 19:48 828416] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 7:58 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [25-5-2012 7:30 257696] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [5-7-2010 22:59 16512] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 7:58 135664] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28-1-2010 8:26 22216] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504] S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28-1-2010 8:26 366152] . Inhoud van de 'Gedeelde Taken' map . 2012-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 05:37] . 2012-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 05:58] . 2012-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 05:58] . 2012-05-28 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20] . 2012-04-05 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20] . 2012-05-29 c:\windows\Tasks\User_Feed_Synchronization-{E9AF3B0A-C52E-445B-845F-676F41AB08FF}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\documents and settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-29 18:58 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¤–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(736) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'explorer.exe'(3568) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\hasplms.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2012-05-29 19:03:30 - machine werd herstart ComboFix-quarantined-files.txt 2012-05-29 17:03 ComboFix2.txt 2012-05-24 20:18 ComboFix3.txt 2012-05-23 16:53 . Pre-Run: 102.759.084.032 bytes beschikbaar Post-Run: 102.769.627.136 bytes beschikbaar . - - End Of File - - 8E26DE5CB095AD7AF1CFB62737D650F0
  • Hoe gaat het nu?
  • De problemen die ik had met internet waren in feite al weg na de eerste combifix,. met andere woorden, ik merk niets meer. Ik begrijp uit jouw vraag, dat er ook niets meer in de log terug te vinden is??
  • Fijn dat alles weer oké lijkt. Als de laatste test ook schoon blijft, moet het goed zijn. [b:56ef3731fe][url=http://www.eset.com/home/products/online-scanner/]Doe de ESET online scan (Klik).[/url][/b:56ef3731fe] [list:56ef3731fe] [*:56ef3731fe]Klik op de knop [b:56ef3731fe]ESET Online Scanner[/b:56ef3731fe] [*:56ef3731fe]Zet een vinkje bij [b:56ef3731fe]YES, I accept the Terms of Use[/b:56ef3731fe] [*:56ef3731fe]Klik op [b:56ef3731fe]Start[/b:56ef3731fe] [*:56ef3731fe]Sta het ActiveX control toe om te installeren. [*:56ef3731fe]Zet een vinkje bij de volgende opties: [list:56ef3731fe][*:56ef3731fe][b:56ef3731fe]Remove found threats[/b:56ef3731fe] [*:56ef3731fe][b:56ef3731fe]Scan archives[/b:56ef3731fe][/list:u:56ef3731fe] [*:56ef3731fe]Klik vervolgens op [b:56ef3731fe][color=#0000FF:56ef3731fe]"Advanced Settings"[/color:56ef3731fe][/b:56ef3731fe] [list:56ef3731fe][*:56ef3731fe][b:56ef3731fe]Scan for potentially unwanted applications[/b:56ef3731fe] [*:56ef3731fe][b:56ef3731fe]Scan for potentially unsafe applications[/b:56ef3731fe] [*:56ef3731fe][b:56ef3731fe]Enable Anti-Stealth technology [/b:56ef3731fe][/list:u:56ef3731fe] [*:56ef3731fe]Klik op [b:56ef3731fe]Start[/b:56ef3731fe] [*:56ef3731fe]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld. [*:56ef3731fe]is de scan klaar, daarna mag jij het venster sluiten omdat de scan klaar is. [*:56ef3731fe]Ga vervolgens naar C:\Program Files\ESET\ESET Online Scanner en klik daar op log.txt [*:56ef3731fe]Selekteer, kopieer en plak dan de inhoud van dit log in je volgende bericht.[/list:u:56ef3731fe] [color=#0000FF:56ef3731fe][b:56ef3731fe]N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller![/b:56ef3731fe][/color:56ef3731fe]
  • klaar............ maaruh, toch nog 6 meldingen gekregen :cry: Maar wie weet valt het toch wel mee ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=de376b363ca46f47a4fad7305ffad576 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-05-29 09:26:12 # local_time=2012-05-29 11:26:12 (+0100, West-Europa (zomertijd)) # country="Netherlands" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1792 16777191 100 0 428911 428911 0 0 # compatibility_mode=8192 67108863 100 0 100 100 0 0 # scanned=158846 # found=6 # cleaned=6 # scan_time=6874 C:\Documents and Settings\Marc\Local Settings\Temp\sivSetup.exe a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Marc\Local Settings\Temp\ICReinstall\cnet_PrintSpoolerFixUtility_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Marc\Mijn documenten\Downloads\cnet_PrintSpoolerFixUtility_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Babylon\Babylon-Pro\Utils\MyBabylonTB.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{CB32FFED-FFB0-4F82-9D41-E1A8368D0A19}\RP1124\A0288375.exe a variant of Win32/Kryptik.ZNZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{CB32FFED-FFB0-4F82-9D41-E1A8368D0A19}\RP1129\A0289192.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • Hallo, we gaan nog een keer uitgebreid kijken: [b:fbfdae6836]Welk programma[/b:fbfdae6836]: [color=#008000:fbfdae6836][b:fbfdae6836]OTL.com[/b:fbfdae6836][/color:fbfdae6836] [b:fbfdae6836]Waarvoor/waarom[/b:fbfdae6836]: multifunktioneel tool - analyse en fix [b:fbfdae6836]Moeilijkheidsgraad[/b:fbfdae6836]: geen. [b:fbfdae6836]Download[/b:fbfdae6836]: [url=http://oldtimer.geekstogo.com/OTL.com][b:fbfdae6836][color=red:fbfdae6836]OTL[/color:fbfdae6836][/b:fbfdae6836][/url] en plaats het bestand op het bureaublad. [b:fbfdae6836][color=#008000:fbfdae6836]OTL.com[/color:fbfdae6836] gebruiken[/b:fbfdae6836]: [list:fbfdae6836][*:fbfdae6836] [b:fbfdae6836][color=#0000FF:fbfdae6836]Sluit nu eerst alle nog openstaande programmavensters![/color:fbfdae6836][/b:fbfdae6836] [list:fbfdae6836][*:fbfdae6836]Dubblklik op [img:fbfdae6836]http://www.imgdumper.nl/uploads5/4f91108799372/4f91108798ba0-OTL-1.png[/img:fbfdae6836] [/list:u:fbfdae6836][/list:u:fbfdae6836] [list:fbfdae6836][*:fbfdae6836]Zet een vinkje bij [color=#0000FF:fbfdae6836][b:fbfdae6836]Scan All Users[/b:fbfdae6836][/color:fbfdae6836]. [*:fbfdae6836]Klik op [img:fbfdae6836]http://www.imgdumper.nl/uploads5/4f9112fd1172c/4f9112fd11340-OTL-3.png[/img:fbfdae6836]. [*:fbfdae6836]Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef. [*:fbfdae6836]De scan zal niet heel erg lang duren. [list:fbfdae6836][*:fbfdae6836]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: [b:fbfdae6836]OTL.Txt[/b:fbfdae6836] en [b:fbfdae6836]Extras.txt[/b:fbfdae6836]. [*:fbfdae6836]Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.[/list:u:fbfdae6836] [*:fbfdae6836][color=#008000:fbfdae6836][b:fbfdae6836]Notabene:[/b:fbfdae6836][/color:fbfdae6836] indien het log niet in één bericht past, spreidt het dan over twee of meer berichten.[/list:u:fbfdae6836]
  • hoihoi, Terug van mijn werk de scan laten lopen. Bijgaand de logfiles OTL logfile created on: 30-5-2012 18:44:31 - Run 1 OTL by OldTimer - Version 3.2.44.0 Folder = C:\Documents and Settings\Angelique\Bureaublad Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 2,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,65% Memory free 3,85 Gb Paging File | 3,45 Gb Available in Paging File | 89,83% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148,93 Gb Total Space | 95,57 Gb Free Space | 64,17% Space Free | Partition Type: NTFS Computer Name: CP-597526-A | User Name: Angelique | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717:a20cf19a8f]========== Processes (SafeList) ==========[/color:a20cf19a8f] PRC - [2012-05-30 18:41:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Angelique\Bureaublad\OTL.com PRC - [2012-02-03 15:28:38 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012-02-03 15:28:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012-02-03 15:28:12 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012-02-03 15:28:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011-10-21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE PRC - [2011-10-13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2011-07-06 16:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe PRC - [2011-01-11 19:04:04 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe PRC - [2010-04-06 01:26:36 | 000,828,416 | ---- | M] (Security Stronghold) -- C:\Program Files\True Sword 5\TrueSwordSchedule.exe PRC - [2009-11-18 13:47:14 | 001,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe PRC - [2008-07-17 16:37:44 | 002,549,248 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe PRC - [2008-04-14 19:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-04 11:38:00 | 000,088,584 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe PRC - [2007-10-03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007-10-03 16:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007-06-20 15:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe PRC - [2007-04-27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe PRC - [2007-04-27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe PRC - [2006-10-20 18:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [color=#E56717:a20cf19a8f]========== Modules (No Company Name) ==========[/color:a20cf19a8f] MOD - [2012-02-03 15:28:24 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll MOD - [2009-11-05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll [color=#E56717:a20cf19a8f]========== Win32 Services (SafeList) ==========[/color:a20cf19a8f] SRV - [2012-05-25 07:37:18 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-02-03 15:28:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012-02-03 15:28:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011-10-21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011-10-13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011-08-31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011-07-06 16:32:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint) SRV - [2011-07-06 16:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2011-01-11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) SRV - [2010-04-06 01:26:36 | 000,828,416 | ---- | M] (Security Stronghold) [Auto | Running] -- C:\Program Files\True Sword 5\TrueSwordSchedule.exe -- (TrueSwordSchedulerService) SRV - [2008-07-29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008-07-17 16:37:44 | 002,549,248 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\system32\hasplms.exe -- (hasplms) SRV - [2008-04-14 19:03:08 | 000,113,664 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm) SRV - [2008-04-14 19:03:08 | 000,113,664 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE) SRV - [2008-04-14 19:02:31 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger) SRV - [2008-04-14 19:02:29 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess) SRV - [2008-04-14 19:02:22 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter) SRV - [2007-10-03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007-06-20 15:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon) SRV - [2007-04-27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) SRV - [2007-04-27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer) SRV - [2007-02-05 11:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV) SRV - [2007-02-05 11:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service) SRV - [2006-12-14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006-12-14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006-12-14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2003-01-17 03:59:56 | 000,001,984 | ---- | M] () [Unknown (-1) | Unknown] -- C:\WINDOWS\system32\drivers\papycpu2.sys -- (papycpu2) SRV - [2003-01-17 03:59:56 | 000,001,856 | ---- | M] () [Unknown (-1) | Unknown] -- C:\WINDOWS\system32\drivers\papyjoy.sys -- (papyjoy) [color=#E56717:a20cf19a8f]========== Driver Services (SafeList) ==========[/color:a20cf19a8f] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2012-02-03 15:28:37 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012-02-03 15:28:37 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012-02-03 15:28:37 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011-08-31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011-07-06 16:32:50 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2011-01-11 19:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2011-01-11 19:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo) DRV - [2010-12-03 11:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd) DRV - [2010-06-17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009-08-05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2008-11-11 14:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008-11-11 14:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008-11-11 14:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008-07-11 07:05:00 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel) DRV - [2008-07-11 07:05:00 | 000,037,088 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB) DRV - [2008-04-14 18:43:25 | 000,120,448 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia) DRV - [2008-04-14 18:40:12 | 000,800,000 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot) DRV - [2008-04-14 18:37:32 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde) DRV - [2008-04-13 20:41:22 | 000,018,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\i2omp.sys -- (i2omp) DRV - [2008-04-13 20:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde) DRV - [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi) DRV - [2008-04-13 20:36:40 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\viaagp.sys -- (viaagp) DRV - [2008-04-13 20:36:39 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\agpcpq.sys -- (agpCPQ) DRV - [2008-04-13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp) DRV - [2008-04-13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp) DRV - [2008-04-13 20:36:38 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\alim1541.sys -- (alim1541) DRV - [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\agp440.sys -- (agp440) DRV - [2008-04-13 20:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs) DRV - [2008-03-27 18:50:00 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge) DRV - [2008-02-11 16:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2008-01-24 15:09:34 | 000,048,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2008-01-24 15:09:24 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2008-01-24 15:09:14 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmHidLo.sys -- (WmHidLo) DRV - [2008-01-24 15:09:04 | 000,028,168 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2008-01-24 15:08:54 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2007-11-28 21:59:14 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService) DRV - [2007-07-05 15:16:56 | 000,238,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp) DRV - [2007-07-05 15:16:56 | 000,014,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb) DRV - [2007-06-20 15:30:20 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND) DRV - [2007-06-06 13:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2004-08-04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC) DRV - [2004-08-04 13:00:00 | 000,006,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm) DRV - [2003-01-17 03:59:56 | 000,001,984 | ---- | M] () [Unknown (-1) | Unknown (-1) | Running] -- C:\WINDOWS\system32\drivers\papycpu2.sys -- (papycpu2) DRV - [2003-01-17 03:59:56 | 000,001,856 | ---- | M] () [Unknown (-1) | Unknown (-1) | Running] -- C:\WINDOWS\system32\drivers\papyjoy.sys -- (papyjoy) DRV - [2002-07-17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI) DRV - [2001-09-06 21:14:20 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde) DRV - [2001-09-06 20:02:58 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde) DRV - [2001-09-06 19:37:58 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\toside.sys -- (TosIde) DRV - [2001-08-17 23:07:44 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\hpn.sys -- (hpn) DRV - [2001-08-17 23:07:44 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dpti2o.sys -- (dpti2o) DRV - [2001-08-17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow) DRV - [2001-08-17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3) DRV - [2001-08-17 23:07:42 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\perc2hib.sys -- (perc2hib) DRV - [2001-08-17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi) DRV - [2001-08-17 23:07:40 | 000,027,296 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\perc2.sys -- (perc2) DRV - [2001-08-17 23:07:38 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aic78xx.sys -- (aic78xx) DRV - [2001-08-17 23:07:36 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aic78u2.sys -- (aic78u2) DRV - [2001-08-17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx) DRV - [2001-08-17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810) DRV - [2001-08-17 23:07:32 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2001-08-17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra) DRV - [2001-08-17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160) DRV - [2001-08-17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080) DRV - [2001-08-17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280) DRV - [2001-08-17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k) DRV - [2001-08-17 22:52:16 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1240.sys -- (ql1240) DRV - [2001-08-17 22:52:16 | 000,033,152 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql10wnt.sys -- (Ql10wnt) DRV - [2001-08-17 22:52:16 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dac960nt.sys -- (dac960nt) DRV - [2001-08-17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x) DRV - [2001-08-17 22:52:08 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ini910u.sys -- (ini910u) DRV - [2001-08-17 22:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k) DRV - [2001-08-17 22:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf) DRV - [2001-08-17 22:52:06 | 000,014,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cpqarray.sys -- (Cpqarray) DRV - [2001-08-17 22:52:06 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cd20xrnt.sys -- (cd20xrnt) DRV - [2001-08-17 22:52:04 | 000,022,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc3350p.sys -- (asc3350p) DRV - [2001-08-17 22:52:04 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\amsint.sys -- (amsint) DRV - [2001-08-17 22:52:02 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aha154x.sys -- (Aha154x) DRV - [2001-08-17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc) DRV - [2001-08-17 22:52:00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ABP480N5.SYS -- (abp480n5) DRV - [2001-08-17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550) DRV - [2001-08-17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde) [color=#E56717:a20cf19a8f]========== Standard Registry (SafeList) ==========[/color:a20cf19a8f] [color=#E56717:a20cf19a8f]========== Internet Explorer ==========[/color:a20cf19a8f] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen IE - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\..\SearchScopes,DefaultScope = {DF0F4CF1-7C0D-4E0C-BBBD-4FD081AD78FD} IE - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\..\SearchScopes\{DF0F4CF1-7C0D-4E0C-BBBD-4FD081AD78FD}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en IE - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\..\SearchScopes\{E4AAD716-DA23-4BED-BAA6-CDE282F0F14D}: "URL" = http://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=18&tid={C462929C-7DFA-4403-B580-0529591231C2} IE - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717:a20cf19a8f]========== FireFox ==========[/color:a20cf19a8f] FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Program Files\Virtual Earth 3D\ [2009-05-01 23:54:22 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2009-05-01 23:54:22 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-03-03 00:53:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-08-25 23:27:31 | 000,000,000 | ---D | M] [2010-01-27 19:43:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Angelique\Application Data\Mozilla\Extensions [2011-08-15 21:08:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions [2010-01-27 19:57:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-06 13:07:22 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593} [2011-07-31 22:23:33 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2011-11-10 13:23:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2008-12-09 18:22:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012-03-03 00:53:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-05-04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-03-31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll [2010-04-08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll [2010-07-05 23:05:17 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2010-09-14 14:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml [2012-02-25 17:40:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012-02-25 17:40:48 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml [2012-02-25 17:40:48 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml [2012-02-25 17:40:48 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml [color=#E56717:a20cf19a8f]========== Chrome ==========[/color:a20cf19a8f] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Angelique\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Documents and Settings\Angelique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Zylom Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Babylon Translator = C:\Documents and Settings\Angelique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\ O1 HOSTS File: ([2012-05-29 18:56:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found. O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools) O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\Marc\Menu Start\Programma's\Opstarten\OpenOffice.org 3.1 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game04.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CB46CA2-4499-462D-BE7B-E03BC71D50DC}: DhcpNameServer = 212.54.40.25 212.54.35.25 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Ierland.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Ierland.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004-09-13 15:06:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (Partizan) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717:a20cf19a8f]========== Files/Folders - Created Within 30 Days ==========[/color:a20cf19a8f] [2012-05-30 18:42:06 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Angelique\Bureaublad\OTL.com [2012-05-29 23:36:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012-05-29 21:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012-05-24 22:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelique\Application Data\Avira [2012-05-24 22:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Avira [2012-05-24 22:23:08 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2012-05-24 22:23:08 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2012-05-24 22:23:08 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2012-05-24 22:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012-05-24 22:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [2012-05-24 21:59:42 | 004,530,590 | R--- | C] (Swearware) -- C:\Documents and Settings\Angelique\Bureaublad\ComboFix.exe [2012-05-23 21:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelique\Bureaublad\EmsisoftEmergencyKit [2012-05-23 19:30:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2012-05-23 18:38:29 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012-05-23 18:36:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012-05-23 18:36:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012-05-23 18:36:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012-05-23 18:36:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012-05-23 18:34:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012-05-23 18:31:41 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-05-23 18:31:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Angelique\Menu Start\Programma's\Systeembeheer [2012-05-23 18:27:53 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012-05-23 18:25:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelique\Bureaublad\tdsskiller [2012-05-23 08:06:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\REPORTS [2012-05-23 08:06:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LOGFILES [2012-05-23 08:06:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\INFECTED [2012-05-23 07:24:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [2012-05-23 07:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelique\Local Settings\Application Data\Babylon [2012-05-23 07:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelique\Local Settings\Application Data\LogMeIn [2012-05-23 07:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelique\Local Settings\Application Data\AskToolbar [2012-05-23 07:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelique\Application Data\Babylon [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717:a20cf19a8f]========== Files - Modified Within 30 Days ==========[/color:a20cf19a8f] [2012-05-30 18:41:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Angelique\Bureaublad\OTL.com [2012-05-30 18:40:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-05-30 18:39:59 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP [2012-05-30 18:39:43 | 000,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012-05-30 18:39:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-05-30 18:39:32 | 2144,980,992 | -HS- | M] () -- C:\hiberfil.sys [2012-05-30 09:37:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012-05-30 08:55:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012-05-29 19:14:23 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E9AF3B0A-C52E-445B-845F-676F41AB08FF}.job [2012-05-29 18:56:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012-05-29 18:48:10 | 004,530,590 | R--- | M] (Swearware) -- C:\Documents and Settings\Angelique\Bureaublad\ComboFix.exe [2012-05-28 17:00:00 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job [2012-05-24 22:23:21 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Avira Control Center.lnk [2012-05-24 06:57:01 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Google Chrome.lnk [2012-05-23 21:27:48 | 133,736,152 | ---- | M] () -- C:\Documents and Settings\Angelique\Bureaublad\EmsisoftEmergencyKit.zip [2012-05-23 18:38:35 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012-05-23 07:21:43 | 087,546,928 | ---- | M] () -- C:\Documents and Settings\Angelique\Bureaublad\avira_free_antivirus_nl.exe [2012-05-10 07:08:15 | 000,630,186 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat [2012-05-10 07:08:15 | 000,552,154 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012-05-10 07:08:15 | 000,128,304 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat [2012-05-10 07:08:15 | 000,101,564 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012-05-10 07:00:50 | 000,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-05-09 22:06:55 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012-05-03 18:10:04 | 000,081,747 | ---- | M] () -- C:\Documents and Settings\Angelique\Mijn documenten\Afschrift-114405522-0220.pdf [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717:a20cf19a8f]========== Files Created - No Company Name ==========[/color:a20cf19a8f] [2012-05-25 07:30:28 | 000,000,940 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012-05-24 23:06:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP [2012-05-24 22:23:21 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Avira Control Center.lnk [2012-05-23 21:26:52 | 133,736,152 | ---- | C] () -- C:\Documents and Settings\Angelique\Bureaublad\EmsisoftEmergencyKit.zip [2012-05-23 18:38:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012-05-23 18:38:30 | 000,261,936 | RHS- | C] () -- C:\cmldr [2012-05-23 18:36:04 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012-05-23 18:36:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012-05-23 18:36:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012-05-23 18:36:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012-05-23 18:36:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012-05-23 07:21:35 | 087,546,928 | ---- | C] () -- C:\Documents and Settings\Angelique\Bureaublad\avira_free_antivirus_nl.exe [2012-05-03 18:10:04 | 000,081,747 | ---- | C] () -- C:\Documents and Settings\Angelique\Mijn documenten\Afschrift-114405522-0220.pdf [2012-02-14 22:53:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011-04-23 07:02:34 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011-04-23 07:02:34 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011-04-05 22:56:58 | 000,531,638 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2138607393-1720253505-3263822841-1006-0.dat [2011-04-05 22:56:58 | 000,281,694 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2010-07-23 21:07:34 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [color=#E56717:a20cf19a8f]========== LOP Check ==========[/color:a20cf19a8f] [2010-11-06 13:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1D3E [2012-05-29 18:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon [2012-03-01 20:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dassault Systemes [2009-01-31 18:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse [2011-09-25 10:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Het Digitale Huis [2010-01-28 08:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro [2012-05-23 19:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\INFECTED [2012-05-23 18:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LOGFILES [2011-08-17 18:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2008-07-22 16:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes [2011-08-15 21:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure [2012-05-23 19:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\REPORTS [2008-05-06 08:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom [2012-05-23 19:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelique\Application Data\Babylon [2010-11-06 13:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelique\Application Data\bearsharemediabartb [2012-01-14 09:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Babylon [2012-05-03 18:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Belastingdienst [2011-07-14 16:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Bytue [2012-03-01 20:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\DraftSight [2011-08-14 22:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\ElevatedDiagnostics [2011-04-05 19:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Garmin [2011-05-25 19:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Huer [2012-01-27 09:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Ivib [2010-11-17 08:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\LG Electronics [2009-10-04 10:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\OpenOffice.org [2011-09-09 23:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Opera [2011-08-26 07:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\PriceGong [2012-05-24 06:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Qohoza [2011-08-18 23:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\QuickScan [2011-05-25 09:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Ugyf [2011-07-08 13:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Yvytre [2008-09-24 19:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Zylom [2012-05-28 17:00:00 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job [2012-04-05 06:19:42 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job [2012-05-29 19:14:23 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E9AF3B0A-C52E-445B-845F-676F41AB08FF}.job [color=#E56717:a20cf19a8f]========== Purity Check ==========[/color:a20cf19a8f] [color=#E56717:a20cf19a8f]========== Alternate Data Streams ==========[/color:a20cf19a8f] @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 < End of report >
  • de extras.txt staat er dus inderdaad niet helemaal op, dus maar even in een nieuw bericht. OTL Extras logfile created on: 30-5-2012 18:44:31 - Run 1 OTL by OldTimer - Version 3.2.44.0 Folder = C:\Documents and Settings\Angelique\Bureaublad Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 2,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,65% Memory free 3,85 Gb Paging File | 3,45 Gb Available in Paging File | 89,83% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148,93 Gb Total Space | 95,57 Gb Free Space | 64,17% Space Free | Partition Type: NTFS Computer Name: CP-597526-A | User Name: Angelique | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717:53068ea8cc]========== Extra Registry (SafeList) ==========[/color:53068ea8cc] [color=#E56717:53068ea8cc]========== File Associations ==========[/color:53068ea8cc] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-2138607393-1720253505-3263822841-1005\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found [color=#E56717:53068ea8cc]========== Shell Spawning ==========[/color:53068ea8cc] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717:53068ea8cc]========== Security Center Settings ==========[/color:53068ea8cc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717:53068ea8cc]========== System Restore Settings ==========[/color:53068ea8cc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717:53068ea8cc]========== Firewall Settings ==========[/color:53068ea8cc] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services "80:TCP" = 80:TCP:*:Enabled:Services [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "1947:TCP" = 1947:TCP:*:Enabled:HASP SRM "1947:UDP" = 1947:UDP:*:Enabled:HASP SRM [color=#E56717:53068ea8cc]========== Authorized Applications List ==========[/color:53068ea8cc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Papyrus\NASCAR Racing 2003 Season\NR2003.exe" = C:\Papyrus\NASCAR Racing 2003 Season\NR2003.exe:*:Enabled:NASCAR Racing 2003 Season -- (Sierra Entertainment, Inc. Bellevue, WA 98005) "C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Enabled:Sentinel Protection Server -- (SafeNet, Inc) "C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Enabled:Sentinel Keys Server -- (SafeNet, Inc.) "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) [color=#E56717:53068ea8cc]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color:53068ea8cc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0451FD8E-D80E-4BA6-AE02-EBE80A059CB0}" = Sibelius Scorch (ActiveX Only) "{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only) "{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II "{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}" = Microsoft .NET Framework 1.1 Dutch Language Pack "{1714C437-23D3-423a-8D78-7ECE5C6BD2AD}_is1" = DBB Regelgeving 2008 1.2 "{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26 "{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD "{2869F5EA-93C3-48E5-80DF-DB696BC84A91}" = Windows Live Mail "{30ED8F74-4222-4500-95A4-89651D56D349}" = OpenOffice.org 3.1 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook "{34EE7FA0-B2D5-11D3-A666-9AC0085B326B}" = ASD tekenmethodiek 5.8 "{34EE7FA0-B2D5-11D3-A666-9AC0085B326B}_is1" = ASD 6.4 6.4 "{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35CA031C-D3CD-4A28-8D9B-C71466C4F045}" = Windows Live Writer "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta) "{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{57573545-74EB-46D2-B362-AA05364E4ED8}" = LogMeIn "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0 "{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}" = Logitech Gaming Software 5.02 "{6FEC9863-5EF2-4A07-9D0B-CA81B47E3F59}" = Windows Live Photo Gallery "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{87A003CE-22FD-4952-9B0F-B98304A13427}" = DraftSight "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90110413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Editie 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0122-0413-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1043-7B44-A81300000003}" = Adobe Reader 8.1.3 - Nederlands "{ACC2E059-40E9-4464-B18D-C9BDD9A02CED}" = NASCAR® Racing 2003 Season "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B843C05E-B363-4F50-B594-F37E9C3CB2EE}_is1" = DBB 1.5.0.13 "{BBCDD043-4A5F-409C-B4E0-2759F459D1B9}_is1" = DBB Regelgeving 2011-1 1.0.0.0 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C20C2630-B3A7-44BA-BDD0-31E256AE490E}" = Windows Live Call "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver "{CAEB2BE8-EF9E-4BFE-8165-3B54B62AF6CF}" = Windows Live Family Safety "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC38A00D-7EED-46CE-9281-D1D97B81F22A}" = Windows Live Messenger "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E34F703A-1C9D-4B1F-ABBE-D7E8800B860D}" = Windows Live Sync "{E56D5DC8-4C73-44B1-B650-AAD75C7A2701}" = Broadcom ASF Management Applications "{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}" = Windows Live Essentials "{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{FAEE61D3-2A5E-4F7F-926F-77AAC08CE4DD}" = Sentinel System Driver Installer 7.5.0 "{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller "Aangifte inkomstenbelasting 2008" = Aangifte inkomstenbelasting 2008 "Aangifte inkomstenbelasting 2009" = Aangifte inkomstenbelasting 2009 "Aangifte inkomstenbelasting 2010" = Aangifte inkomstenbelasting 2010 "Aangifte inkomstenbelasting 2011" = Aangifte inkomstenbelasting 2011 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ARKEY 8" = ARKEY 8 "Avira AntiVir Desktop" = Avira Free Antivirus "AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2 "AVS Update Manager_is1" = AVS Update Manager 1.0 "Babylon" = Babylon "CCleaner" = CCleaner (remove only) "Chord Finder" = Uninstall Super Guitar Chord Finder "CutePDF Writer Installation" = CutePDF Writer 2.8 "ESET Online Scanner" = ESET Online Scanner v3 "Finale NotePad 2008" = Finale NotePad 2008 "Free WMA to MP3 Changer_is1" = Free WMA to MP3 Changer version 1.0 "Google Chrome" = Google Chrome "Het Digitale Huis Software Overzicht_is1" = Het Digitale Huis Software Overzicht 2.0 "Het Digitale Huis Software Updater_is1" = Het Digitale Huis Software Updater 2.1 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware versie 1.51.2.1300 "mc3b626_is1" = MusiCAD 3.1 (build 626) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD "Mozilla Firefox 10.0.2 (x86 nl)" = Mozilla Firefox 10.0.2 (x86 nl) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MuseScore 0.9" = MuseScore 0.9 MuseScore score typesetter "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Normworm_is1" = Normworm 8.0 "NVIDIA Drivers" = NVIDIA Drivers "OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01 "Opera 11.64.1403" = Opera 11.64 "popupcard_en" = Pop-Up Card Designer "Spyware Doctor" = Spyware Doctor 7.0 "True Sword 5_is1" = True Sword 5 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 [color=#E56717:53068ea8cc]========== HKEY_USERS Uninstall List ==========[/color:53068ea8cc] [HKEY_USERS\S-1-5-21-2138607393-1720253505-3263822841-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater [color=#E56717:53068ea8cc]========== Last 10 Event Log Errors ==========[/color:53068ea8cc] [ Application Events ] Error - 23-5-2012 12:24:29 | Computer Name = CP-597526-A | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0 Description = Error - 23-5-2012 12:52:57 | Computer Name = CP-597526-A | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0 Description = Error - 23-5-2012 17:00:00 | Computer Name = CP-597526-A | Source = TrueSwordSchedule.exe | ID = 0 Description = Error - 24-5-2012 1:12:34 | Computer Name = CP-597526-A | Source = Microsoft Office 11 | ID = 2000 Description = Accepted Safe Mode action : Microsoft Office Outlook. Error - 24-5-2012 16:23:33 | Computer Name = CP-597526-A | Source = crypt32 | ID = 131083 Description = Het uitpakken van een basislijst uit de cab voor automatische updates is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> met de fout: Een vereist certificaat valt niet binnen de geldigheidsperiode als gekeken wordt naar de huidige systeemklok of de tijdstempel in het ondertekende bestand. Error - 24-5-2012 16:23:33 | Computer Name = CP-597526-A | Source = crypt32 | ID = 131083 Description = Het uitpakken van een basislijst uit de cab voor automatische updates is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> met de fout: Een vereist certificaat valt niet binnen de geldigheidsperiode als gekeken wordt naar de huidige systeemklok of de tijdstempel in het ondertekende bestand. Error - 24-5-2012 16:23:48 | Computer Name = CP-597526-A | Source = crypt32 | ID = 131080 Description = Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> opvragen van de automatische update van het basislijstvolgordenummer van derden is mislukt met de fout: Deze bewerking is geretourneerd omdat de time-outperiode verlopen is. Error - 24-5-2012 17:00:00 | Computer Name = CP-597526-A | Source = TrueSwordSchedule.exe | ID = 0 Description = Error - 27-5-2012 4:57:08 | Computer Name = CP-597526-A | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0 Description = Error - 29-5-2012 17:00:00 | Computer Name = CP-597526-A | Source = TrueSwordSchedule.exe | ID = 0 Description = [ System Events ] Error - 24-5-2012 0:36:17 | Computer Name = CP-597526-A | Source = PlugPlayManager | ID = 12 Description = Het apparaat TEAC USB HS-xD/SM USB Device (USBSTOR\Disk&Ven_TEAC&Prod_USB___HS-xD/SM&Rev_4.08\00000114F40E&1) is uit het systeem verdwenen zonder dat de verwijdering is voorbereid. Error - 24-5-2012 0:36:17 | Computer Name = CP-597526-A | Source = PlugPlayManager | ID = 12 Description = Het apparaat TEAC USB HS-MS Card USB Device (USBSTOR\Disk&Ven_TEAC&Prod_USB___HS-MS_Card&Rev_4.08\00000114F40E&2) is uit het systeem verdwenen zonder dat de verwijdering is voorbereid. Error - 24-5-2012 0:36:17 | Computer Name = CP-597526-A | Source = PlugPlayManager | ID = 12 Description = Het apparaat TEAC USB HS-SD Card USB Device (USBSTOR\Disk&Ven_TEAC&Prod_USB___HS-SD_Card&Rev_4.08\00000114F40E&3) is uit het systeem verdwenen zonder dat de verwijdering is voorbereid. Error - 24-5-2012 0:36:17 | Computer Name = CP-597526-A | Source = PlugPlayManager | ID = 12 Description = Het apparaat Algemeen volume (STORAGE\RemovableMedia\7&11957f07&0&RM) is uit het systeem verdwenen zonder dat de verwijdering is voorbereid. Error - 24-5-2012 0:36:17 | Computer Name = CP-597526-A | Source = PlugPlayManager | ID = 12 Description = Het apparaat Algemeen volume (STORAGE\RemovableMedia\7&11b93931&0&RM) is uit het systeem verdwenen zonder dat de verwijdering is voorbereid. Error - 24-5-2012 0:36:17 | Computer Name = CP-597526-A | Source = PlugPlayManager | ID = 12 Description = Het apparaat Algemeen volume (STORAGE\RemovableMedia\7&16f76511&0&RM) is uit het systeem verdwenen zonder dat de verwijdering is voorbereid. Error - 24-5-2012 0:36:17 | Computer Name = CP-597526-A | Source = PlugPlayManager | ID = 12 Description = Het apparaat Algemeen volume (STORAGE\RemovableMedia\7&6c7ed&0&RM) is uit het systeem verdwenen zonder dat de verwijdering is voorbereid. Error - 26-5-2012 2:56:54 | Computer Name = CP-597526-A | Source = Service Control Manager | ID = 7009 Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: COM-service voor IMAPI cd-branders. Error - 26-5-2012 2:56:54 | Computer Name = CP-597526-A | Source = Service Control Manager | ID = 7000 Description = De COM-service voor IMAPI cd-branders-service kan vanwege de volgende fout niet worden gestart: %%1053 Error - 29-5-2012 12:56:40 | Computer Name = CP-597526-A | Source = PlugPlayManager | ID = 11 Description = Het apparaat Root\LEGACY_PARTIZAN\0000 is uit het systeem verdwenen zonder dat de verwijdering is voorbereid. < End of report >
  • Hoi, ik wil dat je nu eerst het volgende doet: ga naar Configuratiescherm\[b:67e0985a9b]Software[/b:67e0985a9b] en verwijder daar a) Lavasoft AdAware en b) PCTools Spyware Doctor Beide tools heb je niet meer nodig. Daarna: [b:67e0985a9b]sluit voordat [color=#008000:67e0985a9b]OTL[/color:67e0985a9b] de fix laat doen, eerst alle andere openstaande vensters![/b:67e0985a9b] [list:67e0985a9b][*:67e0985a9b]Dubblklik op [img:67e0985a9b]http://www.imgdumper.nl/uploads5/4f91108799372/4f91108798ba0-OTL-1.png[/img:67e0985a9b] [*:67e0985a9b]Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het kader onder [img:67e0985a9b]http://www.imgdumper.nl/uploads5/4f9111a6d2e57/4f9111a6d2a6c-OTL-2.png[/img:67e0985a9b] [b:67e0985a9b][color=#0000FF:67e0985a9b] :OTL IE - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\..\SearchScopes\{E4AAD716-DA23-4BED-BAA6-CDE282F0F14D}: "URL" = http://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=18&tid={C462929C-7DFA-4403-B580-0529591231C2} [2010-11-06 13:07:22 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593} [2010-07-05 23:05:17 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2010-09-14 14:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Documents and Settings\Angelique\Local Settings\Application O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found. O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) [2012-05-29 18:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon [2010-01-28 08:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro [2012-05-23 19:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelique\Application Data\Babylon [2010-11-06 13:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelique\Application Data\bearsharemediabartb [2012-01-14 09:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Babylon [2011-08-26 07:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\PriceGong @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 :Services :Reg :Files ipconfig /flushdns /c :Commands [purity] [emptytemp] [emptyjava] [emptyflash] [createrestorepoint] [reboot][/color:67e0985a9b][/b:67e0985a9b] [*:67e0985a9b]Klik daarna bovenaan op [img:67e0985a9b]http://www.imgdumper.nl/uploads5/4f911cee9de47/4f911cee9da59-OTL-4.png[/img:67e0985a9b] [*:67e0985a9b]Laat het programma ongestoord zijn werk doen. [*:67e0985a9b][color=#FF0000:67e0985a9b][b:67e0985a9b]OTL zal na de scan melden dat de PC opnieuw opgestart gaat worden. Sta dat dus toe.[/b:67e0985a9b][/color:67e0985a9b] [*:67e0985a9b]Klik op [b:67e0985a9b]OK[/b:67e0985a9b] [*:67e0985a9b]Na het opnieuw opstarten wordt enkel een nieuw log geopend. [*:67e0985a9b]Post via kopiëren en plakken de inhoud van dat OTL-scanlog.[/list:u:67e0985a9b]

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.