Vraag & Antwoord

Beveiliging & privacy

ad.yield.manager.com

50 antwoorden
  • Ik heb de link geprobeerd die f. ramaekers mij adviseerde: http://removevirustool.blogspot.nl/2012/06/how-to-permanently-remove.html Echter dat heeft niet veel geholpen. Wat op de site werd voorgesteld vond ik niet terug op mijn pc. Ik heb SpyHunter laten scannen, die vond 35 bedreigingen(allemaal teksfiles) maar verwijderde ze niet. Ik probeer nu met een online scan van Kaspersky. Ik kan desnoods ook een log file plaatsen van HiJackThis.
  • Heb even een hijack this log gemaakt. Ben wel bezig geweest met online scanners van Trend Micro en Kaspersky, maar die hebben niets gevonden. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:59:02, on 3-12-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16455) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\ASUS\AI Gear\GearHelp.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\OO Software\Defrag\oodtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\tem\Module.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\Margreet Bontekoe\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Ai Gear Help] "C:\Program Files\ASUS\AI Gear\GearHelp.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [lipo] C:\tem\Module.exe O4 - Startup: setup_9.0.0.722_03.12.2012_14-57(Kaspersky).lnk = Margreet Bontekoe\Desktop\Virus Removal Tool\setup_9.0.0.722_03.12.2012_14-57(Kaspersky)\startup.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Acronis Nonstop Backup-service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: CrossLoop Service (CrossLoopService) - CrossLoop - C:\Users\Margreet Bontekoe\AppData\Local\CrossLoop\CrossLoopService.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Users\Margreet Bontekoe\AppData\Local\CrossLoop\tvnserver.exe -- End of file - 7103 bytes
  • Ik zou even wachten op Abraham54 en verder niets meer doen......... Abraham54 reageert meestal vrij snel.
  • Okee, hopelijk weet Abraham 'waar hij de mosterd haalt'. :wink:
  • Hallo Margreet, we gaan beginnen. [color=#FF0000:728e6afac8][b:728e6afac8]Stap •1•[/b:728e6afac8][/color:728e6afac8] [b:728e6afac8]Welk programma[/b:728e6afac8]: [color=#008000:728e6afac8][b:728e6afac8]AdwCleaner[/b:728e6afac8][/color:728e6afac8] [b:728e6afac8]Waarvoor/waarom[/b:728e6afac8]: Scanner om Windows op te schonen en te ontdoen van malafide toolbars. [b:728e6afac8]Moeilijkheidsgraad[/b:728e6afac8]: Geen. [b:728e6afac8]Downloadlokatie[/b:728e6afac8]: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen! [b:728e6afac8]Download[/b:728e6afac8]: [url=http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner]AdwCleaner by Xplode[/url]. [b:728e6afac8]Opmerkingen[/b:728e6afac8]: [list:728e6afac8][*:728e6afac8][color=#FF0000:728e6afac8][b:728e6afac8] Alle openstaande programma's en webpagina's dienen afgesloten te zijn[/b:728e6afac8][/color:728e6afac8]. [*:728e6afac8]Dat na opstarten van [color=#008000:728e6afac8][b:728e6afac8]AdwCleaner[/b:728e6afac8][/color:728e6afac8] de snelkoppelingen verdwijnen van bureaublad, is normaal.[/list:u:728e6afac8] [b:728e6afac8][color=#008000:728e6afac8]AdwCleaner[/color:728e6afac8] opstarten[/b:728e6afac8]: [list:728e6afac8][*:728e6afac8][b:728e6afac8][color=#0000FF:728e6afac8]Windows 2000[/color:728e6afac8][/b:728e6afac8] en [color=#0000FF:728e6afac8][b:728e6afac8]Windows XP[/b:728e6afac8][/color:728e6afac8]: dubbelklik op adwcleaner.exe. [*:728e6afac8][color=#0000FF:728e6afac8][b:728e6afac8]Windows Vista[/b:728e6afac8][/color:728e6afac8], [color=#0000FF:728e6afac8][b:728e6afac8]Windows 7[/b:728e6afac8][/color:728e6afac8] en [color=#0000FF:728e6afac8][b:728e6afac8]Windows 8[/b:728e6afac8][/color:728e6afac8]: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".[/list:u:728e6afac8] [b:728e6afac8][color=#008000:728e6afac8]AdwCleaner[/color:728e6afac8] is opgestart[/b:728e6afac8]: [list:728e6afac8][*:728e6afac8]Klik op de knop [color=#0000FF:728e6afac8][b:728e6afac8]Verwijderen[/b:728e6afac8][/color:728e6afac8] [*:728e6afac8]Klik bij [color=#0000FF:728e6afac8][b:728e6afac8]AdwCleaner – Afsluiting van de programma's[/b:728e6afac8][/color:728e6afac8] op [b:728e6afac8]OK[/b:728e6afac8] [*:728e6afac8]Klik bij [color=#0000FF:728e6afac8][b:728e6afac8]AdwCleaner – Herstarten noodzakelijk[/b:728e6afac8][/color:728e6afac8] op [b:728e6afac8]OK[/b:728e6afac8][/list:u:728e6afac8] [b:728e6afac8][color=#008000:728e6afac8]AdwCleaner[/color:728e6afac8] logbestand[/b:728e6afac8]: [list:728e6afac8][*:728e6afac8]Nadat de PC opnieuw is opgestart, opent een logfile. [*:728e6afac8]Post vervolgens de inhoud van dit log in je volgende bericht.[/list:u:728e6afac8] [color=#FF0000:728e6afac8][b:728e6afac8]Stap •2•[/b:728e6afac8][/color:728e6afac8] [b:728e6afac8]Welk programma[/b:728e6afac8]: [color=#008000:728e6afac8][b:728e6afac8]Malwarebytes MBAM[/b:728e6afac8][/color:728e6afac8] [b:728e6afac8]Waarvoor/waarom[/b:728e6afac8]: gratis specialistische ondemandscanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware. [b:728e6afac8]Moeilijkheidsgraad[/b:728e6afac8]: geen. [b:728e6afac8]Download Malwarebytes MBAM via één van deze locaties[/b:728e6afac8]: [list:728e6afac8][*:728e6afac8][url=http://www.softpedia.com/result.php?sid=&pid=1-423&r=Z2V0L0FudGl2aXJ1cy9NYWx3YXJlYnl0ZXMtQW50aS1NYWx3YXJlLnNodG1s][b:728e6afac8]Softpedia.com[/b:728e6afac8][/url][*:728e6afac8][url=http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html][b:728e6afac8]Majorgeeks.com[/b:728e6afac8][/url][/list:u:728e6afac8] [b:728e6afac8]Allereerst[/b:728e6afac8]:[list:728e6afac8][*:728e6afac8] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus. [*:728e6afac8] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:728e6afac8] [b:728e6afac8]Malwarebytes MBAM opstarten[/b:728e6afac8]: [list:728e6afac8][*:728e6afac8] [b:728e6afac8][color=#0000FF:728e6afac8]Sluit nu eerst alle nog openstaande programmavensters![/color:728e6afac8][/b:728e6afac8] [list:728e6afac8][*:728e6afac8][b:728e6afac8][color=#0000FF:728e6afac8]Windows 2000[/color:728e6afac8][/b:728e6afac8] en [color=#0000FF:728e6afac8][b:728e6afac8]Windows XP[/b:728e6afac8][/color:728e6afac8]: dubbelklik op de MBAM -snelkoppeling. [*:728e6afac8][color=#0000FF:728e6afac8][b:728e6afac8]Windows Vista[/b:728e6afac8][/color:728e6afac8] en [color=#0000FF:728e6afac8][b:728e6afac8]Windows 7[/b:728e6afac8][/color:728e6afac8]: rechtsklik op de MBAM-snelkoppeling en dan kiezen voor Als Administrator uitvoeren.[/list:u:728e6afac8][/list:u:728e6afac8] [list:728e6afac8][*:728e6afac8][b:728e6afac8]Let op:[/b:728e6afac8] [list:728e6afac8][*:728e6afac8]Malwarebytes verstrekt nu de volledige versie van MBAM. [*:728e6afac8]Bij de eerste start kijg je de mogelijkheid de gratis probeerversie van Malwarebytes AntiMalware tijdelijk te gebruiken. [*:728e6afac8]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan voor de gratis versie te gaan en dus het vinkje bij de probeerversie te verwijderen. [*:728e6afac8]Zodoende zal MBAM als gratis versie verder te gebruiken zijn[/list:u:728e6afac8] [img:728e6afac8]http://www.imgdumper.nl/uploads5/5006440296e1a/5006440291bd9-MBAM_4.jpg[/img:728e6afac8] [*:728e6afac8][b:728e6afac8]Doe ook nog het volgende:[/b:728e6afac8] [list:728e6afac8][*:728e6afac8]Zodra het programma gestart is, ga dan naar het tabblad "[b:728e6afac8]Instellingen[/b:728e6afac8]". [*:728e6afac8]Vink hier aan: "[b:728e6afac8]Sluit Internet Explorer tijdens verwijdering van malware[/b:728e6afac8]".[/list:u:728e6afac8][/list:u:728e6afac8] [b:728e6afac8]Scannen[/b:728e6afac8]: [list:728e6afac8][*:728e6afac8] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'. [*:728e6afac8]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'. [*:728e6afac8]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:728e6afac8] [b:728e6afac8]Infecties gevonden[/b:728e6afac8]: [list:728e6afac8][*:728e6afac8]Klik nu eerst op OK om de melding weg te klikken [*:728e6afac8]Klik vervolgens rechtsonder op de knop Bekijk resultaten. [*:728e6afac8]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde. [*:728e6afac8]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [*:728e6afac8]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken! [*:728e6afac8]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:728e6afac8] [b:728e6afac8]MBAM-Log[/b:728e6afac8]: [list:728e6afac8][*:728e6afac8] Het log wordt automatisch bewaard door 'MBAM' en dat kan je terugvinden door in het hoofdmenu van 'MBAM' op de tab 'Logbestanden' te klikken.[/list:u:728e6afac8] [color=#008000:728e6afac8][b:728e6afac8]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:728e6afac8][/color:728e6afac8]
  • Okee, hier is het log van AdwCleaner: # AdwCleaner v2.011 - Verslag gemaakt op 05/12/2012 om 10:26:57 # Geactualiseerd op 02/12/2012 door Xplode # Besturingssysteem : Windows 7 Ultimate Service Pack 1 (32 bits) # Gebruiker : Margreet Bontekoe - MARGREETBONTEKO # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\Margreet Bontekoe\Desktop\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** ***** [Register] ***** Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} ***** [Browsers] ***** -\\ Internet Explorer v9.0.8112.16455 [OK] Het register bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[S2].txt - [701 octets] - [05/12/2012 10:26:57] ########## EOF - C:\AdwCleaner[S2].txt - [760 octets] ##########
  • En dit is het logje van MBAM: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Databaseversie: v2012.12.05.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Margreet Bontekoe :: MARGREETBONTEKO [administrator] 5-12-2012 10:35:50 mbam-log-2012-12-05 (10-35-50).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 214479 Verstreken tijd: 4 minuut/minuten, 3 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde)
  • Je mag verder gaan met het volgende tool: [b:a6eb716212]Welk programma[/b:a6eb716212]: [color=#008000:a6eb716212][b:a6eb716212]ComboFix[/b:a6eb716212][/color:a6eb716212] [b:a6eb716212]Waarvoor/waarom[/b:a6eb716212]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen. [b:a6eb716212]Moeilijkheidsgraad[/b:a6eb716212]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:a6eb716212]Downloadlokatie[/b:a6eb716212]: Dit programma absoluut naar het bureaublad downloaden! [b:a6eb716212]Download ComboFix via één van deze locaties[/b:a6eb716212]: [list:a6eb716212][*:a6eb716212][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:a6eb716212]Bleepingcomputer[/b:a6eb716212][/url] [*:a6eb716212][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:a6eb716212]ForoSpyware[/b:a6eb716212][/url] [*:a6eb716212][url=http://subs.geekstogo.com/ComboFix.exe][b:a6eb716212]Geekstogo[/b:a6eb716212][/url][/list:u:a6eb716212] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:a6eb716212][color=#0000FF:a6eb716212]Hier[/color:a6eb716212][/b:a6eb716212][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn! [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608][b:a6eb716212][color=#0000FF:a6eb716212]Hier[/color:a6eb716212][/b:a6eb716212][/url] en [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607][b:a6eb716212][color=#0000FF:a6eb716212]hier[/color:a6eb716212][/b:a6eb716212][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:a6eb716212]Opmerkingen[/b:a6eb716212]: [list:a6eb716212][*:a6eb716212] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:a6eb716212]Alle openstaande programma's en webpagina's dienen afgesloten te zijn. [*:a6eb716212]Indien ComboFix een melding geeft over Zero-acces, meld dat vervolgens erbij in je nieuwe bericht.[/list:u:a6eb716212] [b:a6eb716212]ComboFix opstarten[/b:a6eb716212]: [list:a6eb716212][*:a6eb716212][b:a6eb716212][color=#0000FF:a6eb716212]Windows 2000[/color:a6eb716212][/b:a6eb716212] en [color=#0000FF:a6eb716212][b:a6eb716212]Windows XP[/b:a6eb716212][/color:a6eb716212]: dubbelklik op ComboFix.exe. [*:a6eb716212][color=#0000FF:a6eb716212][b:a6eb716212]Windows Vista[/b:a6eb716212][/color:a6eb716212] en [color=#0000FF:a6eb716212][b:a6eb716212]Windows 7[/b:a6eb716212][/color:a6eb716212]: via rechtsklik op ComboFix.exe en kies voor "Als Administrator uitvoeren".[/list:u:a6eb716212] [b:a6eb716212]ComboFix is opgestart[/b:a6eb716212]: [list:a6eb716212][*:a6eb716212]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:a6eb716212]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:a6eb716212]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:a6eb716212]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:a6eb716212]Post de inhoud van dit logbestand in je volgende bericht. [*:a6eb716212]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:a6eb716212] [b:a6eb716212]Belangrijke opmerking[/b:a6eb716212]: [list:a6eb716212][*:a6eb716212][b:a6eb716212][color=#0000FF:a6eb716212]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:a6eb716212][/b:a6eb716212] [*:a6eb716212][b:a6eb716212][color=#FF0000:a6eb716212]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:a6eb716212][/b:a6eb716212] [*:a6eb716212][b:a6eb716212][color=#008000:a6eb716212]Start dan de computer opnieuw op.[/color:a6eb716212][/b:a6eb716212][/list:u:a6eb716212]
  • Heel erg bedankt tot nog toe Abraham. Ik kom hier direkt niet aan toe Dus dat wordt of vanavond of morgen dat ik hiermee bezig ga. Dit eist mijn volle concentratie. Maar toch fijn dat zo te zien de scanners niets gevonden hebben.....je zou dan zeggen: de pc is clean, maar enfin we gaan door. Ik wil het zeker weten. Zogauw ik ComboFix heb laten draaien breng ik rapport uit. Groetenissen, Margreet.
  • Hier is dan het log van ComboFix: ComboFix 12-12-04.01 - Margreet Bontekoe 05-12-2012 21:52:15.1.4 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3070.1989 [GMT 1:00] Gestart vanuit: c:\users\Margreet Bontekoe\Desktop\ComboFix.exe AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Persoonlijke firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Java\jre7\bin\ssv.dll . Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-11-05 to 2012-12-05 )))))))))))))))))))))))))))))) . . 2012-12-05 20:57 . 2012-12-05 20:57 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05230CFC-0730-41B9-BD70-3BB0563010BF}\offreg.dll 2012-12-05 20:57 . 2012-12-05 21:00 -------- d-----w- c:\users\Margreet Bontekoe\AppData\Local\temp 2012-12-05 20:57 . 2012-12-05 20:57 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-05 20:57 . 2012-12-05 20:57 -------- d-----w- c:\users\Byron\AppData\Local\temp 2012-12-04 19:53 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05230CFC-0730-41B9-BD70-3BB0563010BF}\mpengine.dll 2012-12-03 15:44 . 2012-12-03 15:44 -------- d-----w- c:\program files\MSXML 4.0 2012-12-03 15:31 . 2012-12-03 15:31 -------- d-----w- c:\users\Margreet Bontekoe\AppData\Local\VS Revo Group 2012-12-03 15:31 . 2009-12-30 10:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys 2012-12-03 15:31 . 2012-12-03 15:31 -------- d-----w- c:\program files\VS Revo Group 2012-12-03 14:43 . 2012-01-12 07:26 77816 ----a-r- c:\windows\system32\drivers\sbapifs.sys 2012-12-03 14:43 . 2012-01-19 08:22 42864 ------w- c:\windows\system32\SBBD.EXE 2012-12-03 11:16 . 2012-12-03 15:23 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP 2012-12-01 22:00 . 2012-12-04 22:35 -------- d-----w- c:\users\Margreet Bontekoe\AppData\Local\Microsoft Games 2012-12-01 20:11 . 2012-12-01 20:11 -------- d-----w- c:\users\Margreet Bontekoe\AppData\Roaming\DriverCure 2012-12-01 19:15 . 2012-12-01 19:15 -------- d-----w- c:\program files\Enigma Software Group 2012-12-01 19:15 . 2012-12-01 19:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2012-11-14 15:29 . 2012-11-14 15:29 -------- d-----w- c:\users\Byron\AppData\Roaming\Eltima Software 2012-11-14 15:15 . 2012-11-14 15:15 131584 ----a-w- c:\windows\system32\SpoonUninstall.exe 2012-11-14 15:14 . 2012-11-14 15:57 -------- d-----w- c:\users\Byron\AppData\Roaming\vlc 2012-11-14 15:13 . 2012-11-14 15:13 -------- d-----w- c:\users\Byron\omnitux 2012-11-14 14:57 . 2012-11-14 14:57 -------- d-----w- c:\users\Byron\childsplay 2012-11-14 14:55 . 2012-11-14 14:55 -------- d-----w- c:\users\Margreet Bontekoe\My GCompris 2012-11-14 14:55 . 2012-11-14 14:55 -------- d-----w- c:\users\Margreet Bontekoe\.config 2012-11-14 13:48 . 2012-11-14 13:48 -------- d-----w- c:\program files\VideoLAN 2012-11-14 13:23 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-14 13:23 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-14 13:23 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-14 13:23 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-14 13:23 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-14 13:23 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-14 13:23 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-14 13:23 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-14 13:23 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-14 13:23 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-14 13:20 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-11-14 13:20 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll 2012-11-14 13:20 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll 2012-11-14 13:20 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll 2012-11-14 13:20 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll 2012-11-14 13:20 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll 2012-11-14 13:20 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-11-14 13:20 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-11-14 13:20 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-11-14 13:20 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-11-14 13:20 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-11-14 13:20 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll 2012-11-12 11:20 . 2012-11-12 11:20 -------- d-----w- c:\users\Margreet Bontekoe\AppData\Local\Diagnostics 2012-11-09 13:46 . 2012-12-01 21:55 -------- d-----w- c:\users\Margreet Bontekoe\AppData\Roaming\vlc 2012-11-06 23:02 . 2012-11-06 23:02 -------- d-----w- c:\programdata\ATI 2012-11-06 23:02 . 2012-11-06 23:02 -------- d-----w- c:\program files\AMD AVT 2012-11-06 23:02 . 2012-11-06 23:02 -------- d-----w- c:\program files\AMD APP . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-12 10:45 . 2012-10-20 00:35 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-12 10:45 . 2012-10-20 00:35 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-02 12:30 . 2012-11-02 12:30 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-11-02 12:30 . 2012-11-02 12:30 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-11-02 12:30 . 2012-11-02 12:30 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-24 07:16 . 2012-10-24 07:16 23416 ----a-r- c:\windows\system32\SZIO5.dll 2012-10-24 07:16 . 2012-10-24 07:16 681848 ----a-r- c:\windows\system32\SZComp5.dll 2012-10-24 07:16 . 2012-10-24 07:16 509816 ----a-r- c:\windows\system32\SZBase5.dll 2012-10-20 13:14 . 2012-10-20 13:14 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys 2012-10-20 13:14 . 2012-10-20 13:14 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys 2012-10-20 13:14 . 2012-10-20 13:14 600928 ----a-w- c:\windows\system32\drivers\timntr.sys 2012-10-20 13:14 . 2012-10-20 13:14 170528 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-10-20 01:35 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2012-10-20 00:45 . 2011-03-28 16:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-10-20 00:29 . 2009-07-16 09:36 13216 ----a-w- c:\windows\system32\drivers\ASACPI.sys 2012-10-20 00:28 . 2012-10-20 00:29 11448 ----a-w- c:\windows\system32\drivers\AsUpIO.sys 2012-10-20 00:28 . 2012-10-20 00:29 24576 ----a-w- c:\windows\system32\AsIO.dll 2012-10-20 00:28 . 2012-10-20 00:29 11296 ----a-w- c:\windows\system32\drivers\AsIO.sys 2012-10-19 23:13 . 2012-10-19 23:13 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-10-19 23:13 . 2012-10-19 23:13 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-10-19 23:13 . 2012-10-19 23:13 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-10-19 23:13 . 2012-10-19 23:13 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-10-19 23:13 . 2012-10-19 23:13 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-10-19 23:13 . 2012-10-19 23:13 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-10-19 23:13 . 2012-10-19 23:13 367104 ----a-w- c:\windows\system32\html.iec 2012-10-19 23:13 . 2012-10-19 23:13 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-10-19 23:13 . 2012-10-19 23:13 161792 ----a-w- c:\windows\system32\msls31.dll 2012-10-19 23:13 . 2012-10-19 23:13 152064 ----a-w- c:\windows\system32\wextract.exe 2012-10-19 23:13 . 2012-10-19 23:13 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-10-19 23:13 . 2012-10-19 23:13 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-10-19 23:13 . 2012-10-19 23:13 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-10-19 23:13 . 2012-10-19 23:13 11776 ----a-w- c:\windows\system32\mshta.exe 2012-10-19 23:13 . 2012-10-19 23:13 101888 ----a-w- c:\windows\system32\admparse.dll 2012-10-16 07:39 . 2012-12-01 11:05 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-11 08:06 . 2012-10-11 08:06 29048 ----a-r- c:\windows\system32\IS3XDat5.dll 2012-10-11 08:06 . 2012-10-11 08:06 231288 ----a-r- c:\windows\system32\IS3Win325.dll 2012-10-11 08:06 . 2012-10-11 08:06 391032 ----a-r- c:\windows\system32\IS3UI5.dll 2012-10-11 08:06 . 2012-10-11 08:06 100216 ----a-r- c:\windows\system32\IS3Svc5.dll 2012-10-11 08:06 . 2012-10-11 08:06 132984 ----a-r- c:\windows\system32\IS3HTUI5.dll 2012-10-11 08:06 . 2012-10-11 08:06 104312 ----a-r- c:\windows\system32\IS3Inet5.dll 2012-10-11 08:06 . 2012-10-11 08:06 67448 ----a-r- c:\windows\system32\IS3Hks5.dll 2012-10-11 08:06 . 2012-10-11 08:06 460664 ----a-r- c:\windows\system32\IS3DBA5.dll 2012-10-11 08:06 . 2012-10-11 08:06 817016 ----a-r- c:\windows\system32\IS3Base5.dll 2012-09-29 17:54 . 2012-10-20 13:06 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-28 14:36 . 2012-09-28 14:36 180224 ----a-w- c:\windows\system32\clinfo.exe 2012-09-28 14:36 . 2012-09-28 14:36 65536 ----a-w- c:\windows\system32\OpenVideo.dll 2012-09-28 14:36 . 2012-09-28 14:36 56320 ----a-w- c:\windows\system32\OVDecode.dll 2012-09-28 14:32 . 2012-09-28 14:32 27341824 ----a-w- c:\windows\system32\amdocl.dll 2012-09-28 02:22 . 2012-09-28 02:22 5557928 ----a-w- c:\windows\system32\atiumdag.dll 2012-09-28 02:20 . 2012-09-28 02:20 9107968 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-09-28 02:05 . 2012-09-28 02:05 58880 ----a-w- c:\windows\system32\coinst_9.002.dll 2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\system32\aticalrt.dll 2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\system32\aticalcl.dll 2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\system32\aticaldd.dll 2012-09-28 01:43 . 2012-07-28 02:15 935424 ----a-w- c:\windows\system32\aticfx32.dll 2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\system32\atioglxx.dll 2012-09-28 01:39 . 2012-07-28 02:07 6536192 ----a-w- c:\windows\system32\atidxx32.dll 2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll 2012-09-28 01:38 . 2012-09-28 01:38 473088 ----a-w- c:\windows\system32\atieclxx.exe 2012-09-28 01:38 . 2012-09-28 01:38 217600 ----a-w- c:\windows\system32\atiesrxx.exe 2012-09-28 01:36 . 2012-09-28 01:36 163840 ----a-w- c:\windows\system32\atitmmxx.dll 2012-09-28 01:36 . 2012-09-28 01:36 20992 ----a-w- c:\windows\system32\atimuixx.dll 2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2012-09-28 01:22 . 2012-09-28 01:22 2691584 ----a-w- c:\windows\system32\atiumdva.dll 2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\system32\atiadlxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\system32\atigktxx.dll 2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\system32\atimpc32.dll 2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\system32\amdpcom32.dll 2012-09-28 01:12 . 2012-09-28 01:12 370176 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-09-28 01:11 . 2012-07-28 01:13 109568 ----a-w- c:\windows\system32\atiuxpag.dll 2012-09-28 01:10 . 2012-09-28 01:10 82944 ----a-w- c:\windows\system32\atiu9pag.dll 2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-09-14 18:28 . 2012-10-19 23:26 2048 ----a-w- c:\windows\system32\tzres.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-10-19 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ai Gear Help"="c:\program files\ASUS\AI Gear\GearHelp.exe" [2009-08-25 440832] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344] "SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-16 2536752] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-20 5571928] "Acronis Scheduler2Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-20 390512] "OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-11 2524416] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 3 (0x3) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 tvnserver;TightVNC Server;c:\users\Margreet Bontekoe\AppData\Local\CrossLoop\tvnserver.exe [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x] S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x] S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] S2 afcdpsrv;Acronis Nonstop Backup-service ;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x] S2 CrossLoopService;CrossLoop Service;c:\users\Margreet Bontekoe\AppData\Local\CrossLoop\CrossLoopService.exe [x] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x] S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x] S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroup REG_MULTI_SZ GPSvc . Inhoud van de 'Gedeelde Taken' map . 2012-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-20 10:45] . 2012-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-19 23:19] . 2012-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-19 23:19] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-lipo - c:\tem\Module.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-216212196-1965509487-2860391201-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-216212196-1965509487-2860391201-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\OO Software\Defrag\oodag.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE c:\windows\system32\sppsvc.exe c:\windows\system32\conhost.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\DllHost.exe . ************************************************************************** . Voltooingstijd: 2012-12-05 22:03:23 - machine werd herstart ComboFix-quarantined-files.txt 2012-12-05 21:03 . Pre-Run: 32.118.927.360 bytes beschikbaar Post-Run: 31.787.159.552 bytes beschikbaar . - - End Of File - - E55D88C6B4CF1A54781138D2BB0F7FB2
  • Volgende scan: [b:ef4c4d8601]Welk programma[/b:ef4c4d8601]: [color=#008000:ef4c4d8601][b:ef4c4d8601]Emsisoft Emergency Kit 3.0 Portable[/b:ef4c4d8601][/color:ef4c4d8601] [b:ef4c4d8601]Waarvoor/waarom[/b:ef4c4d8601]: Detecteert en verwijdert malware [b:ef4c4d8601]Moeilijkheidsgraad[/b:ef4c4d8601]: geen. Download: [b:ef4c4d8601][url=http://download11.emsisoft.com/EmsisoftEmergencyKit.zip][color=#FF0000:ef4c4d8601]Emsisoft Emergency Kit 3.0 Portable[/color:ef4c4d8601][/url][/b:ef4c4d8601] [b:ef4c4d8601]Opmerkingen[/b:ef4c4d8601]:[list:ef4c4d8601][*:ef4c4d8601]de download is gecomprimeerd, pak EmsisoftEmergencyKit.zip uit en plaats de nieuwe map op het bureaublad. [*:ef4c4d8601]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:ef4c4d8601] [b:ef4c4d8601]Opstarten[/b:ef4c4d8601]: Start door de map "[b:ef4c4d8601]EmsisoftEmergencyKit[/b:ef4c4d8601]" te openen [list:ef4c4d8601][list:ef4c4d8601][*:ef4c4d8601][b:ef4c4d8601][color=#0000FF:ef4c4d8601]Windows 2000[/color:ef4c4d8601][/b:ef4c4d8601] en [color=#0000FF:ef4c4d8601][b:ef4c4d8601]Windows XP[/b:ef4c4d8601][/color:ef4c4d8601]: dubbelklik op "Start.exe". [*:ef4c4d8601][color=#0000FF:ef4c4d8601][b:ef4c4d8601]Windows Vista[/b:ef4c4d8601][/color:ef4c4d8601], [color=#0000FF:ef4c4d8601][b:ef4c4d8601]Windows 7[/b:ef4c4d8601][/color:ef4c4d8601] en [color=#0000FF:ef4c4d8601][b:ef4c4d8601]Windows 8[/b:ef4c4d8601][/color:ef4c4d8601]: via rechtsklik op "Start.exe" en kies voor "Als Administrator uitvoeren".[/list:u:ef4c4d8601][/list:u:ef4c4d8601] [b:ef4c4d8601]Scannen[/b:ef4c4d8601]: [list:ef4c4d8601][*:ef4c4d8601] Klik nu in het keuzescherm op "[b:ef4c4d8601]Emergency Kit Scanner[/b:ef4c4d8601]" en aansluitend komt dan de melding, dat het is aanbevolen om eerst te updaten. [img:ef4c4d8601]http://www.imgdumper.nl/uploads5/4f8d1a3bd534a/4f8d1a3bd3fbd-EmsisoftEK11.jpg[/img:ef4c4d8601] [*:ef4c4d8601]Doe dit dan ook door te klikken op "[b:ef4c4d8601]Ja[/b:ef4c4d8601]" [*:ef4c4d8601]Wanneer het updaten gereed is volgt de melding "[b:ef4c4d8601]Update proces is succesvol afgerond[/b:ef4c4d8601]" [*:ef4c4d8601]Klik nu op"[b:ef4c4d8601]Menu[/b:ef4c4d8601]" en dan op "[b:ef4c4d8601]Scan PC[/b:ef4c4d8601]" [*:ef4c4d8601] Selecteer de optie "[b:ef4c4d8601]Diep[/b:ef4c4d8601]" als deze niet standaard al zo is ingesteld. [*:ef4c4d8601] Klik aansluitend op de knop "[b:ef4c4d8601]Scan[/b:ef4c4d8601]" [list:ef4c4d8601][*:ef4c4d8601]Wees geduldig en doe verder niets met de computer gedurende de scan, daar de scan geruime tijd kan duren.[/list:u:ef4c4d8601] [*:ef4c4d8601] Het venster met de waarschuwing over een verhoogd risico kan gesloten worden, wanneer de scan gereed is. [*:ef4c4d8601] Zorg ervoor dat alle gevonden items zijn aangevinkt en klik dan op de knop "[b:ef4c4d8601]Verwijder geselecteerde[/b:ef4c4d8601]" - dan zal de volgende melding komen: [img:ef4c4d8601]http://www.imgdumper.nl/uploads5/4f8d1a4d63784/4f8d1a4d61ffa-EmsisoftEK2.jpg[/img:ef4c4d8601] [*:ef4c4d8601]Klik aansluitend dus op "[b:ef4c4d8601]Ja[/b:ef4c4d8601]" [*:ef4c4d8601] Wanneer het verwijderen klaar is, klik dan op de knop "[b:ef4c4d8601]View report[/b:ef4c4d8601]" en selecteer het tekstbestand van deze scan met de naam zoals: [b:ef4c4d8601]a3scan_110730-111615.txt[/b:ef4c4d8601] [*:ef4c4d8601]Het log vind je ook terug in de map van de [b:ef4c4d8601]EmsisoftEmergencyKit[/b:ef4c4d8601]. [*:ef4c4d8601] Plaats de inhoud van dat LOG bestand straks in het nieuwe bericht.[/list:u:ef4c4d8601] [color=#008000:ef4c4d8601][b:ef4c4d8601]Notabene:[/b:ef4c4d8601][/color:ef4c4d8601] Herstart nu de computer.
  • Inderdaad, de scan duurde even, maar beter langzaam en grondig dan oppervlakkig. (dacht ik zo goed beveiligd te zijn met Nod32 en MBAM...) Gisteravond na vorige scanner liep hij weer zo gesmeerd en reageerde zo lekker vlot, dat ik dacht dat ik um kwijt was...vanmorgen startte hij traag op en mn browser laadde ook traag.(maar dat kan ook aan de providerliggen). Anyway, ben der nu dus wel achter niet te snel tevreden te zijn, dat blijkt wel weer dus, hihi. Hier volgen de bevindingen van EmergencyKit: Emsisoft Emergency Kit - Versie 3.0 Laatste Update: 6-12-2012 10:59:35 Scaninstellingen: Scantype: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\, D:\ Detecteer riskware: Uit Scan archieven: Aan ADS Scan: Aan Bestandsextensiefilter: Uit Geavanceerde cache: Aan Directe schijftoegang: Uit Scan gestart: 6-12-2012 11:03:56 C:\Program Files\WinRAR\Default.SFX Ontdekt: Trojan-Banker.Win32.Agent (A) Gescand 416203 Gevonden 1 Scan geëindigd: 6-12-2012 12:26:41 Scantijd: 1:22:45
  • Heb jij de laatste tijd geïnternetbankiert? [b:fd6d224bdc]Welk programma[/b:fd6d224bdc]: [color=#008000:fd6d224bdc][b:fd6d224bdc]OTL.com[/b:fd6d224bdc][/color:fd6d224bdc] [b:fd6d224bdc]Waarvoor/waarom[/b:fd6d224bdc]: multifunktioneel tool - analyse en fix [b:fd6d224bdc]Moeilijkheidsgraad[/b:fd6d224bdc]: geen. [b:fd6d224bdc]Download[/b:fd6d224bdc]: [url=http://oldtimer.geekstogo.com/OTL.com][b:fd6d224bdc][color=red:fd6d224bdc]OTL[/color:fd6d224bdc][/b:fd6d224bdc][/url] en plaats het bestand op het bureaublad. [b:fd6d224bdc][color=#008000:fd6d224bdc]OTL.com[/color:fd6d224bdc] gebruiken[/b:fd6d224bdc]: [list:fd6d224bdc][*:fd6d224bdc] [b:fd6d224bdc][color=#0000FF:fd6d224bdc]Sluit nu eerst alle nog openstaande programmavensters![/color:fd6d224bdc][/b:fd6d224bdc] [list:fd6d224bdc][*:fd6d224bdc][b:fd6d224bdc][color=#0000FF:fd6d224bdc]Windows 2000[/color:fd6d224bdc][/b:fd6d224bdc] en [color=#0000FF:fd6d224bdc][b:fd6d224bdc]Windows XP[/b:fd6d224bdc][/color:fd6d224bdc]: dubbelklik op [color=#008000:fd6d224bdc][b:fd6d224bdc]OTL[/b:fd6d224bdc][/color:fd6d224bdc]. [*:fd6d224bdc][color=#0000FF:fd6d224bdc][b:fd6d224bdc]Windows Vista[/b:fd6d224bdc][/color:fd6d224bdc] en [color=#0000FF:fd6d224bdc][b:fd6d224bdc]Windows 7[/b:fd6d224bdc][/color:fd6d224bdc]: via rechtsklik op [color=#008000:fd6d224bdc][b:fd6d224bdc]OTL.[/b:fd6d224bdc][/color:fd6d224bdc] en kies voor "Als Administrator uitvoeren".[/list:u:fd6d224bdc][/list:u:fd6d224bdc] [list:fd6d224bdc][*:fd6d224bdc]Zet een vinkje bij [color=#0000FF:fd6d224bdc][b:fd6d224bdc]Scan All Users[/b:fd6d224bdc][/color:fd6d224bdc]. [*:fd6d224bdc]Klik vervolgens op de knop [img:fd6d224bdc]http://www.imgdumper.nl/uploads5/4f9112fd1172c/4f9112fd11340-OTL-3.png[/img:fd6d224bdc]. [*:fd6d224bdc]Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef. [*:fd6d224bdc]De scan zal niet heel erg lang duren. [list:fd6d224bdc][*:fd6d224bdc]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: [b:fd6d224bdc]OTL.Txt[/b:fd6d224bdc] en [b:fd6d224bdc]Extras.txt[/b:fd6d224bdc]. [*:fd6d224bdc]Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.[/list:u:fd6d224bdc] [*:fd6d224bdc][color=#008000:fd6d224bdc][b:fd6d224bdc]Notabene:[/b:fd6d224bdc][/color:fd6d224bdc] indien het log niet in één bericht past, spreidt het dan over twee of meer berichten.[/list:u:fd6d224bdc]
  • Uh ja, een paar dagen geleden heb ik nog rekeningen overgemaakt. En vandaag en gisteren las ik is er geld gestort wat ik teveel betaald had. Ik kon echter niet zien of er rare bedragen waren afgeboekt. Het waren bedragen die mij erg bekend voorkwamen. Ik zit nu op de pc beneden even antwoord te geven. Ik zal zsm naar boven gaan naar mijn geïnfecteerde pc om voorgesteld programma uit te voeren. Groetenissen, Margreet.
  • Hier is dan de log van OTL: OTL logfile created on: 6-12-2012 20:53:28 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Margreet Bontekoe\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 3,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 66,08% Memory free 6,00 Gb Paging File | 4,88 Gb Available in Paging File | 81,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 55,57 Gb Total Space | 30,70 Gb Free Space | 55,25% Space Free | Partition Type: NTFS Drive D: | 56,12 Gb Total Space | 40,54 Gb Free Space | 72,23% Space Free | Partition Type: NTFS Computer Name: MARGREETBONTEKO | User Name: Margreet Bontekoe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717:e4bf7d87ef]========== Processes (SafeList) ==========[/color:e4bf7d87ef] PRC - [2012-12-06 20:51:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Margreet Bontekoe\Desktop\OTL.com PRC - [2012-10-20 14:14:25 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2012-09-28 15:42:26 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2012-09-28 02:38:42 | 000,473,088 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012-09-28 02:38:02 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2012-09-23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-07-11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2012-01-06 07:35:22 | 000,569,072 | ---- | M] (CrossLoop) -- C:\Users\Margreet Bontekoe\AppData\Local\CrossLoop\CrossLoopService.exe PRC - [2011-09-23 17:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2011-09-22 11:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe PRC - [2011-09-22 11:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-12-20 14:57:24 | 000,390,512 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2010-12-20 14:57:20 | 000,804,304 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2010-12-20 14:55:52 | 005,571,928 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2010-11-20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010-11-16 03:06:22 | 002,536,752 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe PRC - [2009-09-11 23:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe PRC - [2009-09-11 23:34:00 | 002,524,416 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodtray.exe PRC - [2009-08-25 20:04:34 | 000,440,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\AI Gear\GearHelp.exe [color=#E56717:e4bf7d87ef]========== Modules (No Company Name) ==========[/color:e4bf7d87ef] MOD - [2012-11-14 15:05:47 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\1352c3e5dd49f3bf8c2f8e106ceb79fb\WindowsFormsIntegration.ni.dll MOD - [2012-11-14 15:03:31 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9fedec1f005f9e39f8dde611c4c27cab\UIAutomationProvider.ni.dll MOD - [2012-11-14 15:03:30 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\4209aa9559e29ce30e4e92f31ac3472f\System.Runtime.Remoting.ni.dll MOD - [2012-11-14 15:03:20 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll MOD - [2012-11-14 14:30:32 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll MOD - [2012-11-14 14:30:16 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll MOD - [2012-11-14 14:30:05 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll MOD - [2012-11-14 14:30:03 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cbb227c0a77a5b15a1255220984239f2\PresentationFramework.Aero.ni.dll MOD - [2012-11-14 14:28:21 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll MOD - [2012-11-14 14:28:19 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll MOD - [2012-11-14 14:28:16 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll MOD - [2012-11-14 14:28:13 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll MOD - [2012-11-14 14:28:12 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll MOD - [2012-11-14 14:28:11 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll MOD - [2012-11-14 14:28:03 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll MOD - [2012-09-28 15:42:42 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll MOD - [2011-03-16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2011-03-02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2010-12-20 14:55:14 | 011,177,408 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\Common\ti_managers.dll [color=#E56717:e4bf7d87ef]========== Services (SafeList) ==========[/color:e4bf7d87ef] SRV - File not found [Auto | Stopped] -- -- (szserver) SRV - [2012-11-12 11:45:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-10-20 14:14:25 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2012-09-28 15:42:26 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2012-09-28 02:38:02 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012-09-23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012-09-20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012-07-11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2012-01-06 07:35:22 | 000,569,072 | ---- | M] (CrossLoop) [Auto | Running] -- C:\Users\Margreet Bontekoe\AppData\Local\CrossLoop\CrossLoopService.exe -- (CrossLoopService) SRV - [2011-09-23 17:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011-09-22 11:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn) SRV - [2010-12-20 14:57:20 | 000,804,304 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2010-07-21 06:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Users\Margreet Bontekoe\AppData\Local\CrossLoop\tvnserver.exe -- (tvnserver) SRV - [2009-09-11 23:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717:e4bf7d87ef]========== Driver Services (SafeList) ==========[/color:e4bf7d87ef] DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\MARGRE~1\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012-10-20 14:14:26 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp) DRV - [2012-10-20 14:14:22 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273) DRV - [2012-10-20 14:14:19 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2012-10-20 14:14:13 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2012-10-20 01:29:59 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2012-10-20 01:28:27 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2012-10-20 01:28:27 | 000,011,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO) DRV - [2012-09-28 03:20:20 | 009,107,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012-09-28 02:12:10 | 000,370,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012-08-23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012-08-23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012-05-14 07:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2012-04-09 10:13:58 | 000,048,256 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.2) DRV - [2012-01-12 08:26:16 | 000,077,816 | R--- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs) DRV - [2011-08-09 13:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm) DRV - [2011-08-04 08:20:38 | 000,147,480 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw) DRV - [2011-08-04 08:20:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp) DRV - [2011-08-04 08:20:38 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF) DRV - [2011-08-04 08:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2011-07-22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011-07-13 12:39:10 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol) DRV - [2011-07-13 12:39:10 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp) DRV - [2011-07-12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010-11-20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010-11-20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010-11-20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010-11-20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010-11-20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010-02-18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2009-12-30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt) DRV - [2009-07-13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2007-02-16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL) [color=#E56717:e4bf7d87ef]========== Standard Registry (SafeList) ==========[/color:e4bf7d87ef] [color=#E56717:e4bf7d87ef]========== Internet Explorer ==========[/color:e4bf7d87ef] IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 74 C3 D6 4E AE CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717:e4bf7d87ef]========== FireFox ==========[/color:e4bf7d87ef] FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-10-20 12:55:49 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012-12-05 22:00:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll File not found O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Acronis Scheduler2Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [Ai Gear Help] C:\Program Files\ASUS\AI Gear\GearHelp.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B30BD16B-7779-4B06-883C-E37901740343}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717:e4bf7d87ef]========== Files/Folders - Created Within 30 Days ==========[/color:e4bf7d87ef] [2012-12-06 20:51:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Margreet Bontekoe\Desktop\OTL.com [2012-12-05 22:03:25 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012-12-05 22:00:16 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012-12-05 21:57:00 | 000,000,000 | ---D | C] -- C:\Users\Margreet Bontekoe\AppData\Local\temp [2012-12-05 21:51:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012-12-05 21:51:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012-12-05 21:51:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012-12-05 21:49:21 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-12-05 21:49:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012-12-05 11:09:52 | 000,000,000 | ---D | C] -- C:\Users\Margreet Bontekoe\Desktop\VirusTroubles [2012-12-05 10:19:42 | 000,000,000 | ---D | C] -- C:\Users\Margreet Bontekoe\AppData\Local\{BBDC611C-6887-4699-A1CD-1E2649FECBFD} [2012-12-03 16:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2012-12-03 16:31:36 | 000,000,000 | ---D | C] -- C:\Users\Margreet Bontekoe\AppData\Local\VS Revo Group [2012-12-03 16:31:33 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys [2012-12-03 16:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro [2012-12-03 16:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2012-12-03 15:43:55 | 000,077,816 | R--- | C] (GFI Software) -- C:\Windows\System32\drivers\sbapifs.sys [2012-12-03 15:43:47 | 000,042,864 | ---- | C] (GFI Software) -- C:\Windows\System32\SBBD.EXE [2012-12-01 23:00:36 | 000,000,000 | ---D | C] -- C:\Users\Margreet Bontekoe\AppData\Local\Microsoft Games [2012-12-01 21:11:44 | 000,000,000 | ---D | C] -- C:\Users\Margreet Bontekoe\AppData\Roaming\DriverCure [2012-12-01 20:43:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2012-12-01 20:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2012-11-14 16:15:41 | 000,000,000 | ---D | C] -- C:\Users\Margreet Bontekoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ri-li [2012-11-14 16:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ri-li [2012-11-14 16:00:02 | 000,000,000 | ---D | C] -- C:\Users\Margreet Bontekoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Omnitux [2012-11-14 16:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Omnitux [2012-11-14 15:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jigsaws Galore [2012-11-14 15:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Childsplay [2012-11-14 15:55:28 | 000,000,000 | ---D | C] -- C:\Users\Margreet Bontekoe\My GCompris [2012-11-14 15:55:28 | 000,000,000 | ---D | C] -- C:\Users\Margreet Bontekoe\.config [2012-11-14 15:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GCompris [2012-11-14 14:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012-11-14 14:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2012-11-14 14:22:18 | 000,000,000 | ---D | C] -- C:\Users\Margreet Bontekoe\AppData\Roaming\LavasoftStatistics [2012-11-14 14:21:57 | 000,000,000 | ---D | C] -- C:\Users\Margreet Bontekoe\AppData\Roaming\Ad-Aware Antivirus [2012-11-12 12:20:58 | 000,000,000 | ---D | C] -- C:\Users\Margreet Bontekoe\AppData\Local\Diagnostics [2012-11-09 14:46:34 | 000,000,000 | ---D | C] -- C:\Users\Margreet Bontekoe\AppData\Roaming\vlc [2012-11-07 00:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012-11-07 00:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT [2012-11-07 00:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP [2012-11-07 00:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717:e4bf7d87ef]========== Files - Modified Within 30 Days ==========[/color:e4bf7d87ef] [2012-12-06 20:55:24 | 000,017,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-12-06 20:55:24 | 000,017,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-12-06 20:51:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Margreet Bontekoe\Desktop\OTL.com [2012-12-06 20:49:55 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-12-06 20:49:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-12-06 20:49:23 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys [2012-12-06 20:49:22 | 000,059,972 | ---- | M] () -- C:\Windows\System32\oodbs.lor [2012-12-06 14:33:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-12-06 14:31:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-12-06 14:14:27 | 000,701,326 | ---- | M] () -- C:\Windows\System32\perfh013.dat [2012-12-06 14:14:27 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-12-06 14:14:27 | 000,133,358 | ---- | M] () -- C:\Windows\System32\perfc013.dat [2012-12-06 14:14:27 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-12-05 22:00:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012-12-03 15:49:36 | 000,000,608 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg [2012-12-03 15:33:31 | 000,266,024 | ---- | M] () -- C:\Users\Margreet Bontekoe\AppData\Local\census.cache [2012-12-03 15:33:08 | 000,118,881 | ---- | M] () -- C:\Users\Margreet Bontekoe\AppData\Local\ars.cache [2012-12-03 15:26:06 | 000,000,036 | ---- | M] () -- C:\Users\Margreet Bontekoe\AppData\Local\housecall.guid.cache [2012-12-01 22:55:09 | 000,392,473 | ---- | M] () -- C:\Users\Margreet Bontekoe\Desktop\1703.zip [2012-11-14 16:15:46 | 000,131,584 | ---- | M] () -- C:\Windows\System32\SpoonUninstall.exe [2012-11-14 16:15:46 | 000,003,443 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-Ri-li.dat [2012-11-14 16:15:12 | 000,034,358 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-Ri-li.bmp [2012-11-14 14:39:20 | 000,409,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012-11-12 12:29:06 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012-11-12 12:29:06 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717:e4bf7d87ef]========== Files Created - No Company Name ==========[/color:e4bf7d87ef] [2012-12-05 21:51:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012-12-05 21:51:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012-12-05 21:51:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012-12-05 21:51:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012-12-05 21:51:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012-12-03 15:46:57 | 000,000,608 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg [2012-12-03 15:33:31 | 000,266,024 | ---- | C] () -- C:\Users\Margreet Bontekoe\AppData\Local\census.cache [2012-12-03 15:33:08 | 000,118,881 | ---- | C] () -- C:\Users\Margreet Bontekoe\AppData\Local\ars.cache [2012-12-03 15:26:06 | 000,000,036 | ---- | C] () -- C:\Users\Margreet Bontekoe\AppData\Local\housecall.guid.cache [2012-12-01 22:55:07 | 000,392,473 | ---- | C] () -- C:\Users\Margreet Bontekoe\Desktop\1703.zip [2012-11-14 16:15:46 | 000,131,584 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe [2012-11-14 16:15:46 | 000,034,358 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-Ri-li.bmp [2012-11-14 16:15:46 | 000,003,443 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-Ri-li.dat [2012-11-14 14:23:53 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012-11-14 14:23:25 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012-11-12 12:29:06 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2012-11-12 12:29:06 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2012-10-20 12:38:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012-10-20 02:01:33 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2012-10-20 02:00:37 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012-10-20 01:30:18 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys [2012-10-20 01:30:18 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys [2012-10-20 01:29:23 | 000,011,448 | ---- | C] () -- C:\Windows\System32\drivers\AsUpIO.sys [2012-10-20 01:29:20 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll [2012-10-20 01:29:20 | 000,011,296 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2012-09-28 15:36:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012-07-28 02:30:54 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012-07-28 02:30:54 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012-05-23 16:31:02 | 000,632,252 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2012-05-02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2011-09-12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [color=#E56717:e4bf7d87ef]========== ZeroAccess Check ==========[/color:e4bf7d87ef] [2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717:e4bf7d87ef]========== LOP Check ==========[/color:e4bf7d87ef] [2012-10-20 16:43:08 | 000,000,000 | ---D | M] -- C:\Users\Margreet Bontekoe\AppData\Roaming\Acronis [2012-11-14 14:22:03 | 000,000,000 | ---D | M] -- C:\Users\Margreet Bontekoe\AppData\Roaming\Ad-Aware Antivirus [2012-12-01 21:11:44 | 000,000,000 | ---D | M] -- C:\Users\Margreet Bontekoe\AppData\Roaming\DriverCure [2012-10-20 16:58:34 | 000,000,000 | ---D | M] -- C:\Users\Margreet Bontekoe\AppData\Roaming\Eltima Software [2012-10-20 12:57:09 | 000,000,000 | ---D | M] -- C:\Users\Margreet Bontekoe\AppData\Roaming\ESET [2012-11-06 21:14:04 | 000,000,000 | ---D | M] -- C:\Users\Margreet Bontekoe\AppData\Roaming\Windows Live Writer [color=#E56717:e4bf7d87ef]========== Purity Check ==========[/color:e4bf7d87ef] < End of report >
  • Ik moet er trouwens wel bij zeggen dat ik deze geïnfecteerde pc niet gebruik voor internetbankieren. Is het misschien ook verstandig deze scans uit te voeren op de pc waar ik wel op internetbankier?? Groetenissen, Margreet
  • Nog ff de extras.txt.: OTL Extras logfile created on: 6-12-2012 20:53:28 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Margreet Bontekoe\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 3,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 66,08% Memory free 6,00 Gb Paging File | 4,88 Gb Available in Paging File | 81,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 55,57 Gb Total Space | 30,70 Gb Free Space | 55,25% Space Free | Partition Type: NTFS Drive D: | 56,12 Gb Total Space | 40,54 Gb Free Space | 72,23% Space Free | Partition Type: NTFS Computer Name: MARGREETBONTEKO | User Name: Margreet Bontekoe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717:49033a51c3]========== Extra Registry (SafeList) ==========[/color:49033a51c3] [color=#E56717:49033a51c3]========== File Associations ==========[/color:49033a51c3] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [color=#E56717:49033a51c3]========== Shell Spawning ==========[/color:49033a51c3] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717:49033a51c3]========== Security Center Settings ==========[/color:49033a51c3] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717:49033a51c3]========== System Restore Settings ==========[/color:49033a51c3] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717:49033a51c3]========== Firewall Settings ==========[/color:49033a51c3] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717:49033a51c3]========== Authorized Applications List ==========[/color:49033a51c3] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717:49033a51c3]========== Vista Active Open Ports Exception List ==========[/color:49033a51c3] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0326546E-2D39-4BDC-8A86-156138C1D542}" = lport=5910 | protocol=6 | dir=in | name=vnc5910 | "{077BFB43-9159-4A46-B255-6589B41645C2}" = rport=138 | protocol=17 | dir=out | app=system | "{0CA47C9D-FF69-41A8-8A17-B999009665F6}" = rport=445 | protocol=6 | dir=out | app=system | "{122FA0E9-342F-428F-A13E-0A9B0A6C4F7A}" = lport=2869 | protocol=6 | dir=in | app=system | "{12BB2599-70CC-4018-B278-154703436A99}" = lport=445 | protocol=6 | dir=in | app=system | "{3780D0AA-D7CF-4440-997F-4866E5F225A3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{461D928D-9FBB-4A50-97CD-12EAC08C3391}" = lport=137 | protocol=17 | dir=in | app=system | "{49E6FC25-8B4D-45F1-806D-9F8643B24EA0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4CECB4F4-C0DA-4C1D-A68E-50FECE739161}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{508F8509-F652-4269-B233-48E82738887B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{6412F44A-6846-4B88-8630-B6F040283BC8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6979ECE0-58CD-4775-8D39-579AB8A1A905}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6C42B57E-EE26-443D-BDF7-F880630ED9A9}" = rport=137 | protocol=17 | dir=out | app=system | "{79AFD0D6-6BE8-4925-BBC5-F79CB95B679C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7D3D5D21-40A5-40B0-84CF-A9ECE1DAA709}" = lport=139 | protocol=6 | dir=in | app=system | "{826045FE-89ED-43F9-AFD9-EB9A332BD892}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{82630E2F-919B-466E-A9DA-D4FE2F96FF33}" = rport=10243 | protocol=6 | dir=out | app=system | "{9C7A0C0E-8094-4A35-A99C-BBD1F9C58DF5}" = rport=139 | protocol=6 | dir=out | app=system | "{AC63CDED-E273-4015-9C7E-5156B66CC0AA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AE507A8C-31A6-4831-B230-FAB674D2DC60}" = lport=138 | protocol=17 | dir=in | app=system | "{C41386ED-BDA0-453D-947D-D2C690E0CAC5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C7BF483F-F3AB-43FA-B58A-FB63B5E36986}" = lport=10243 | protocol=6 | dir=in | app=system | "{CBD36EAD-8D1E-41AB-A7FB-4C4FAC6A290B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F69D1E8E-EFFC-4DDA-B755-4AA98B585D6A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | [color=#E56717:49033a51c3]========== Vista Active Application Exception List ==========[/color:49033a51c3] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02B9A72A-E8B2-4B0B-9881-7119AFA8AF94}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{0898533A-3BAE-4180-A99E-918127397A0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2F4AC6A5-4B11-45FB-8217-441150D3EDA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{30DDD7E4-1AFF-4802-A695-993A441B925E}" = protocol=17 | dir=in | app=c:\users\margreet bontekoe\appdata\local\crossloop\tvnserver.exe | "{314F6D3C-569B-46E1-9C24-1D6B784A31B8}" = protocol=6 | dir=in | app=c:\users\margreet bontekoe\appdata\local\crossloop\tvnserver.exe | "{3ADCC181-9E70-4DC2-9ABF-22C518570172}" = protocol=17 | dir=in | app=c:\users\margreet bontekoe\appdata\local\crossloop\vncviewer.exe | "{441CEE6C-E975-4B15-A6E5-F1174D54ABEB}" = protocol=6 | dir=out | app=system | "{4D3C5AA0-367D-484D-89C5-6387E2DB3A72}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{59EC0CED-2868-4271-9992-97C9B201D3BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5E5ADB2C-9CDD-4646-BACE-164CD5C89C1D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{6D4ABBE2-4D62-40EE-8E1D-3C6C7A57A257}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7A8B2390-8D87-4B1F-8A1C-1B929DF79B73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{94953A91-3975-4662-AFBF-FDCCEDD00E80}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{9D87046C-176A-4701-920F-7FE957D2A99C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9F330D19-E44A-4F61-925E-03D3C51AA07E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A38B2188-75B0-4EF0-A9DF-B46737548245}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{A406AF1C-7FA8-4612-B078-75549DAB10A8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B91753F0-8F14-4A7F-8852-FE77AC4D9B47}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{BCA2D340-B692-4AE0-897F-68E3EADD9411}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D7CBE18C-208D-4AE3-9A3A-9DA43D1D4C0E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{EBABE47F-D360-4D4B-8C84-FE4393467691}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F1C983FB-BAF5-4535-B9CE-8DA9C3F09F6E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{FEFDF90D-5FDF-4C3C-8DAE-75EA8848E0EA}" = protocol=6 | dir=in | app=c:\users\margreet bontekoe\appdata\local\crossloop\vncviewer.exe | "TCP Query User{828E564E-6DA6-4ADA-A81F-1B89B6A56FD3}C:\users\margreet bontekoe\appdata\local\crossloop\crossloopconnect.exe" = protocol=6 | dir=in | app=c:\users\margreet bontekoe\appdata\local\crossloop\crossloopconnect.exe | "UDP Query User{0D4837FD-9E47-47EC-9AD4-DD0B3D424246}C:\users\margreet bontekoe\appdata\local\crossloop\crossloopconnect.exe" = protocol=17 | dir=in | app=c:\users\margreet bontekoe\appdata\local\crossloop\crossloopconnect.exe | [color=#E56717:49033a51c3]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color:49033a51c3] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi "{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11 "{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11 "{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish "{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11 "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic "{2F141715-E144-48C0-8562-D193B7AB85BC}" = Microsoft SQL Server Compact 4.0 ENU "{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM) "{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian "{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1 "{3BA9E451-32AD-4ADF-A370-9A53E826F284}" = ESET Smart Security "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{430912D2-51D8-1CB9-3B38-79D570F034DC}" = AMD Accelerated Video Transcoding "{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1 "{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5285F904-1577-5F06-FF04-4FA4EBA52966}" = AMD Media Foundation Decoders "{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM) "{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM) "{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM) "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic "{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3 "{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM) "{6B568B64-0BDE-4FB2-A1AB-8A41DF033C57}" = AI Gear "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German "{759E97EC-9E3D-4F55-C321-7819C93F0887}" = ccc-utility "{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2 "{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86095E92-1959-8364-920E-82E81F64F8FB}" = AMD VISION Engine Control Center "{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A7ABBD4-A617-4AE8-9C6D-1510DE46EC35}" = Nero 11 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2010 "{90140000-0015-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2010 "{90140000-0016-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2010 "{90140000-0018-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2010 "{90140000-0019-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2010 "{90140000-001A-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2010 "{90140000-001B-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010 "{90140000-001F-0413-0000-0000000FF1CE}_Office14.PROPLUS_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010 "{90140000-002C-0413-0000-0000000FF1CE}_Office14.PROPLUS_{D3B92058-CF96-445F-A297-F7ED19C4E841}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2010 "{90140000-0044-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010 "{90140000-006E-0413-0000-0000000FF1CE}_Office14.PROPLUS_{260407D0-98A1-4D9A-A956-3D1DEDDDF3B9}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2010 "{90140000-00A1-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2010 "{90140000-00BA-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech "{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish "{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish "{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AD6518A-539D-8E0D-2C72-E51A62978096}" = AMD Drag and Drop Transcoding "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch "{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1 "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples "{A2EAE643-8804-9420-5DBE-2752D6957964}" = AMD Catalyst Install Manager "{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2 "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1043-7B44-AB0000000001}" = Adobe Reader XI - Nederlands "{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4 "{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts "{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11 "{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1 "{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All "{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM) "{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3 "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11 "{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM) "{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai "{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM) "{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM) "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11 "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish "{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic "{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM) "{ED6C5ECD-5AA4-4054-BF67-8F49526E5765}" = O&O Defrag Professional "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish "{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples "{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic "{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11 "{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers "{FA042EF2-5103-2F7E-C313-976C6F761EBE}" = AMD Fuel "{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM) "{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Childsplay_is1" = Childsplay 0.81.8 "CloneCD" = CloneCD "CrossLoop_is1" = CrossLoop 2.82 "GCompris" = GCompris Uninstall "Jigsaws Galore_is1" = Jigsaws Galore "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.65.1.1000 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Omnitux" = Omnitux 1.2 "Ri-li" = Ri-li "Speccy" = Speccy "SWF & FLV Player_is1" = SWF & FLV Player 3.0 (build 3.0.33.5106) "VLC media player" = VLC media player 2.0.4 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.00 (32-bit) [color=#E56717:49033a51c3]========== Last 20 Event Log Errors ==========[/color:49033a51c3] [ Application Events ] Error - 3-12-2012 11:26:06 | Computer Name = MargreetBonteko | Source = MsiInstaller | ID = 11721 Description = Error - 3-12-2012 11:26:31 | Computer Name = MargreetBonteko | Source = MsiInstaller | ID = 11721 Description = Error - 3-12-2012 11:32:13 | Computer Name = MargreetBonteko | Source = MsiInstaller | ID = 11721 Description = Error - 3-12-2012 11:33:27 | Computer Name = MargreetBonteko | Source = MsiInstaller | ID = 11721 Description = Error - 3-12-2012 11:35:45 | Computer Name = MargreetBonteko | Source = MsiInstaller | ID = 11721 Description = Error - 3-12-2012 11:38:19 | Computer Name = MargreetBonteko | Source = MsiInstaller | ID = 11721 Description = Error - 4-12-2012 15:57:33 | Computer Name = MargreetBonteko | Source = MsiInstaller | ID = 11721 Description = Error - 4-12-2012 18:00:38 | Computer Name = MargreetBonteko | Source = MsiInstaller | ID = 11721 Description = Error - 4-12-2012 18:07:34 | Computer Name = MargreetBonteko | Source = MsiInstaller | ID = 11721 Description = Error - 4-12-2012 18:13:18 | Computer Name = MargreetBonteko | Source = MsiInstaller | ID = 11721 Description = Error - 6-12-2012 7:49:31 | Computer Name = MargreetBonteko | Source = MsiInstaller | ID = 11721 Description = [ System Events ] Error - 5-12-2012 16:23:55 | Computer Name = MargreetBonteko | Source = Service Control Manager | ID = 7000 Description = De szserver-service kan vanwege de volgende fout niet worden gestart: %%3 Error - 5-12-2012 16:49:13 | Computer Name = MargreetBonteko | Source = Service Control Manager | ID = 7034 Description = De CrossLoop Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Error - 5-12-2012 16:52:04 | Computer Name = MargreetBonteko | Source = Service Control Manager | ID = 7030 Description = De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist. Error - 5-12-2012 16:54:23 | Computer Name = MargreetBonteko | Source = Service Control Manager | ID = 7030 Description = De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist. Error - 5-12-2012 16:57:05 | Computer Name = MargreetBonteko | Source = Service Control Manager | ID = 7030 Description = De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist. Error - 5-12-2012 16:59:42 | Computer Name = MargreetBonteko | Source = Service Control Manager | ID = 7000 Description = De szserver-service kan vanwege de volgende fout niet worden gestart: %%3 Error - 5-12-2012 16:59:42 | Computer Name = MargreetBonteko | Source = EventLog | ID = 6008 Description = De vorige afsluiting van het systeem om 21:56:32 op ?5-?12-?2012 is onverwacht gebeurd. Error - 6-12-2012 5:40:15 | Computer Name = MargreetBonteko | Source = Service Control Manager | ID = 7000 Description = De szserver-service kan vanwege de volgende fout niet worden gestart: %%3 Error - 6-12-2012 9:09:58 | Computer Name = MargreetBonteko | Source = Service Control Manager | ID = 7000 Description = De szserver-service kan vanwege de volgende fout niet worden gestart: %%3 Error - 6-12-2012 15:49:27 | Computer Name = MargreetBonteko | Source = Service Control Manager | ID = 7000 Description = De szserver-service kan vanwege de volgende fout niet worden gestart: %%3 < End of report >
  • Je hebt twee antivirusprogramma's in deze PC zitten. Eset is akkoord en goed Lavasoft AdAware Antivirus - stukken minder goed dan Eset en het advies is dan ook Lavasoft AdAware geheel te verijderen. Het beste kan je hiervoor de Revo Uninstaller voor gebruiken. http://www.revouninstaller.com/ Post hierna een nieuw OTL log. Het tweede log wordt dan niet meer aangemaakt. En natuurlijk mag je ook je tweede PC voor onderzoek aanmelden.
  • Helaas kan Revo Uninstaller geen Lavasoft AdAware zien. Wel een StopZilla, die overigens een foutmelding geeft bij het verwijderen. Ik had hem voordat ik hier hulp vroeg geïnstalleerd maar hij bracht geen oplossing. Dus wou ik hem desinstalleren en dat lukte niet. Ik heb wel een aantal vetgedrukte registerverwijzingen gezien na de scan van Revo Uninstaller. Maar ik weet niet zo goed of die wel betrekking hebben tot die StopZilla. Ook heb ik geprobeerd door een nieuwe install van StopZilla en daarna weer desinstalleren alles weg te krijgen van StopZilla. Toen werd gemeld dat er al een StopZilla op mijn pc stond dus die installatie lukte niet. Ik ga OTL nog even een scan laten draaien en post dan de log in een nieuw bericht. Ik ga eerst deze pc in orde proberen te maken en dan meld ik mn tweede pc aan voor onderzoek.
  • Op advies van f.ramaekers heb ik mijn post hier neergezet. Ik zat op de "internet anders" Hallo mensen, Ik heb volgend probleem: Ik krijg op mijn buroblad steeds van die hinderlijke popups over spelletjes e.d waar ik eventueel mee zou willen werken. Als ik bovenin zo'n venster kijk zie ik dat het van de website van ad.yieldmanager.com komt. Ik heb het internet al afgezocht naar tips om dat hinderlijke ding te verwijderen. Ook las ik op internet dat de site als hoedanig alleen maar tracking cookies plaatst en dus niet echt gevaarlijk is. In mijn browser heb ik de site geblokkeerd. Daar tref ik hem dan ook niet meer aan met popups. Ik wis (zeer) regelmatig mijn browsergeschiedenis. Heb via de zoekoptie in het startmenu gezocht naar gelijknamige bestanden. Helaas niets gevonden. Ik heb MBAM een grondige scan laten uitvoeren. Niets gevonden. Ik heb ESET een grondige scan laten uitvoeren. Niets gevonden. En nog steeds weet dat kolere-ding dergelijke hinderlijke popups op mijn buroblad te plaatsen..... Onderin de taakbalk staat dan ook een geopende "Module". In de rootmap vlak boven de map Windows staat een "tem"map die verband houdt met die "module". Ik heb geprobeerd die map te verwijderen maar dat is niet mogelijk omdat hij in een ander programma geopend zou zijn. (uh....welk programma, vraag ik mij dan af) Ik heb de pc een herstart gegeven in de hoop dat dat dan uit het geheugen zou zijn en toen geprobeerd die map te verwijderen. Helaas hetzelfde antwoord dat ik hem niet kon verwijderen omdat hij in een ander programma geopend zou zijn. Uh...I ran out of options en wil jullie vragen: hebben jullie nog tips die ik mogelijk nog zou kunnen proberen? Het zou toch te zot zijn om mn pc opnieuw te moeten installeren teneinde eindelijk van die popups op mn buroblad verlost te zijn?? Alvast bedankt voor het meedenken. Groetenissen, Margreet.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.