Vraag & Antwoord

Beveiliging & privacy

Zeer trage laptop

12 antwoorden
  • Goedemiddag, Sinds een paar dagen is mijn laptop zeer traag. Heb inmidels tdsskiller laten scannen en daarna combofix. De laptop is inmiddels een stuk sneller, maar ik ben bang dat als ik deze opnieuw opstart dat hij weer even traag zal zijn. Iemand misschien advies. Ik heb de logs hieronder geplaatst. Alvast bedankt voor de hulp. Groeten, Niels 11:32:10.0250 1424 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 11:32:10.0890 1424 ============================================================ 11:32:10.0890 1424 Current date / time: 2013/01/26 11:32:10.0890 11:32:10.0890 1424 SystemInfo: 11:32:10.0906 1424 11:32:10.0906 1424 OS Version: 5.1.2600 ServicePack: 3.0 11:32:10.0906 1424 Product type: Workstation 11:32:10.0906 1424 ComputerName: GMB_LT_R010 11:32:10.0906 1424 UserName: nielsho 11:32:10.0906 1424 Windows directory: C:\WINDOWS 11:32:10.0906 1424 System windows directory: C:\WINDOWS 11:32:10.0906 1424 Processor architecture: Intel x86 11:32:10.0906 1424 Number of processors: 2 11:32:10.0921 1424 Page size: 0x1000 11:32:10.0921 1424 Boot type: Normal boot 11:32:10.0921 1424 ============================================================ 11:32:35.0390 1424 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 11:32:35.0484 1424 ============================================================ 11:32:35.0484 1424 \Device\Harddisk0\DR0: 11:32:35.0484 1424 MBR partitions: 11:32:35.0484 1424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782 11:32:35.0484 1424 ============================================================ 11:32:35.0531 1424 C: <-> \Device\Harddisk0\DR0\Partition1 11:32:35.0546 1424 ============================================================ 11:32:35.0546 1424 Initialize success 11:32:35.0562 1424 ============================================================ 11:33:07.0937 0504 ============================================================ 11:33:07.0953 0504 Scan started 11:33:07.0953 0504 Mode: Manual; SigCheck; TDLFS; 11:33:07.0953 0504 ============================================================ 11:33:11.0703 0504 ================ Scan system memory ======================== 11:33:11.0828 0504 System memory - ok 11:33:11.0828 0504 ================ Scan services ============================= 11:33:12.0687 0504 Abiosdsk - ok 11:33:12.0859 0504 abp480n5 - ok 11:33:13.0093 0504 [ 558A0039F0EF634397E1F61055504478 ] Accelerometer C:\WINDOWS\system32\DRIVERS\Accelerometer.sys 11:33:18.0250 0504 Accelerometer - ok 11:33:18.0500 0504 [ 02273A448BA21A7D447DAEB47810D40C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 11:33:22.0843 0504 ACPI - ok 11:33:23.0015 0504 [ 63F517B1A87DABF3F5ACB8A7952FC1D1 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 11:33:27.0125 0504 ACPIEC - ok 11:33:27.0375 0504 [ 7356EFF52AD50B8946D346002118CE62 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys 11:33:28.0046 0504 ADIHdAudAddService - ok 11:33:28.0312 0504 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 11:33:29.0093 0504 AdobeFlashPlayerUpdateSvc - ok 11:33:29.0203 0504 adpu160m - ok 11:33:29.0421 0504 [ FFF87A9B1AB36EE4B7BEC98A4CB01B79 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys 11:33:30.0031 0504 AEAudio - ok 11:33:30.0234 0504 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 11:33:34.0593 0504 aec - ok 11:33:34.0859 0504 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 11:33:35.0718 0504 AFD - ok 11:33:35.0890 0504 [ 9C9D3B7A05445B1AB2DF4D0C4D6B77E8 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe 11:33:36.0375 0504 AgereModemAudio - ok 11:33:36.0968 0504 [ 3712986CC3ABF0DC656B43525B9D1279 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys 11:33:38.0062 0504 AgereSoftModem - ok 11:33:38.0203 0504 Aha154x - ok 11:33:38.0359 0504 aic78u2 - ok 11:33:38.0500 0504 aic78xx - ok 11:33:38.0687 0504 [ 8BED67D13DCB55B3E9FF6DAC4C6D3B49 ] Alerter C:\WINDOWS\system32\alrsvc.dll 11:33:43.0046 0504 Alerter - ok 11:33:43.0265 0504 [ DAB2A89FDE5CF791161200D90C1BCB12 ] ALG C:\WINDOWS\System32\alg.exe 11:33:47.0562 0504 ALG - ok 11:33:47.0812 0504 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys 11:33:51.0968 0504 AliIde - ok 11:33:52.0156 0504 amsint - ok 11:33:52.0359 0504 [ A8AA9D47F971570A5162B862B80F87E8 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 11:33:52.0937 0504 Apple Mobile Device - ok 11:33:53.0140 0504 [ 434A70FA278EB3C42140E3755C2FA4F8 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 11:33:57.0531 0504 AppMgmt - ok 11:33:57.0750 0504 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys 11:34:01.0875 0504 Arp1394 - ok 11:34:02.0015 0504 asc - ok 11:34:02.0140 0504 asc3350p - ok 11:34:02.0328 0504 asc3550 - ok 11:34:02.0687 0504 ASPI32 - ok 11:34:02.0953 0504 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 11:34:03.0515 0504 aspnet_state - ok 11:34:03.0734 0504 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 11:34:08.0140 0504 AsyncMac - ok 11:34:08.0312 0504 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 11:34:12.0781 0504 atapi - ok 11:34:12.0921 0504 Atdisk - ok 11:34:13.0125 0504 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 11:34:17.0328 0504 Atmarpc - ok 11:34:17.0546 0504 [ 3EF1DB7F168851914517D4ED36B57C04 ] ATMhelpr C:\WINDOWS\system32\drivers\ATMhelpr.sys 11:34:17.0656 0504 ATMhelpr ( UnsignedFile.Multi.Generic ) - warning 11:34:17.0671 0504 ATMhelpr - detected UnsignedFile.Multi.Generic (1) 11:34:17.0890 0504 [ 293E8CC3C246A89F4CCA75B024AD757F ] ATSWPDRV C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys 11:34:20.0046 0504 ATSWPDRV - ok 11:34:20.0265 0504 [ F10745ED3195360E69AA4A6E7768C0E0 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 11:34:24.0609 0504 AudioSrv - ok 11:34:24.0812 0504 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 11:34:29.0156 0504 audstub - ok 11:34:29.0421 0504 [ 74A65415DFAAD20F06E7550FA9B6E012 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys 11:34:30.0109 0504 b57w2k - ok 11:34:30.0312 0504 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 11:34:34.0703 0504 Beep - ok 11:34:35.0000 0504 [ 5C0073A51C4873430FA8B262E92183FF ] BITS C:\WINDOWS\system32\qmgr.dll 11:34:39.0484 0504 BITS - ok 11:34:39.0718 0504 [ F934D1B230F84E1D19DD00AC5A7A83ED ] Bridge C:\WINDOWS\system32\DRIVERS\bridge.sys 11:34:44.0328 0504 Bridge - ok 11:34:44.0515 0504 [ F934D1B230F84E1D19DD00AC5A7A83ED ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys 11:34:48.0687 0504 BridgeMP - ok 11:34:48.0921 0504 [ 139102D1865D3C1F152A25ABD16242DB ] Browser C:\WINDOWS\System32\browser.dll 11:34:49.0531 0504 Browser - ok 11:34:49.0859 0504 [ 3AA4BF555C00C5B87FD48DD7BDBD4E97 ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys 11:34:50.0625 0504 btaudio - ok 11:34:50.0765 0504 [ 07F0A66CFA550B13AD0674AE09E3CBA0 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys 11:34:51.0265 0504 BTDriver - ok 11:34:51.0750 0504 [ BA57F31EAB93DC597D772F6F5B9ED54F ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys 11:34:52.0765 0504 BTKRNL - ok 11:34:53.0000 0504 [ 0ECE2B1910527AE85691151D56621891 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 11:34:53.0234 0504 btwdins ( UnsignedFile.Multi.Generic ) - warning 11:34:53.0234 0504 btwdins - detected UnsignedFile.Multi.Generic (1) 11:34:53.0453 0504 [ B1D350F3F13CF340FCE93912D2BA1EBF ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys 11:34:54.0062 0504 BTWDNDIS - ok 11:34:54.0234 0504 [ 57E91E9925976BBC98984EEBAAF1D84C ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys 11:34:54.0812 0504 BTWUSB - ok 11:34:54.0968 0504 catchme - ok 11:34:55.0203 0504 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 11:34:59.0406 0504 cbidf2k - ok 11:34:59.0562 0504 [ 20F89E232173985A455BC9A5F70D1166 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe 11:34:59.0796 0504 CCALib8 ( UnsignedFile.Multi.Generic ) - warning 11:34:59.0796 0504 CCALib8 - detected UnsignedFile.Multi.Generic (1) 11:34:59.0937 0504 cd20xrnt - ok 11:35:00.0125 0504 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 11:35:04.0312 0504 Cdaudio - ok 11:35:04.0500 0504 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 11:35:08.0484 0504 Cdfs - ok 11:35:08.0671 0504 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 11:35:12.0734 0504 Cdrom - ok 11:35:12.0875 0504 Changer - ok 11:35:13.0046 0504 [ BD85400700B80FBE3D4A3412BCE74861 ] CiSvc C:\WINDOWS\system32\cisvc.exe 11:35:16.0968 0504 CiSvc - ok 11:35:17.0140 0504 [ 4FB6108130829666C8FE96B442FEAD94 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 11:35:21.0062 0504 ClipSrv - ok 11:35:21.0296 0504 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:35:21.0875 0504 clr_optimization_v2.0.50727_32 - ok 11:35:22.0062 0504 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 11:35:22.0640 0504 clr_optimization_v4.0.30319_32 - ok 11:35:22.0828 0504 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 11:35:26.0937 0504 CmBatt - ok 11:35:27.0109 0504 CmdIde - ok 11:35:27.0328 0504 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 11:35:31.0375 0504 Compbatt - ok 11:35:31.0515 0504 COMSysApp - ok 11:35:31.0875 0504 Cpqarray - ok 11:35:32.0000 0504 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys 11:35:32.0609 0504 cpudrv - ok 11:35:32.0796 0504 [ 0A9CF5D3CF63A8699F28C814EF821C7E ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 11:35:36.0921 0504 CryptSvc - ok 11:35:37.0093 0504 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\WINDOWS\system32\DRIVERS\ctxusbm.sys 11:35:37.0640 0504 ctxusbm - ok 11:35:37.0765 0504 dac2w2k - ok 11:35:37.0937 0504 dac960nt - ok 11:35:38.0203 0504 [ D9883335CC1C17AFC3A09C8AC3E4DBE4 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 11:35:38.0984 0504 DcomLaunch - ok 11:35:39.0203 0504 [ 146AB038F5DBB366122D28444999AB2C ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 11:35:43.0187 0504 Dhcp - ok 11:35:43.0359 0504 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 11:35:47.0453 0504 Disk - ok 11:35:47.0593 0504 dmadmin - ok 11:35:48.0046 0504 [ DEC123E0C75971D0CC7A6C6A75E28429 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 11:35:52.0421 0504 dmboot - ok 11:35:52.0656 0504 [ 7268E66259722F6228C730685B201092 ] dmio C:\WINDOWS\system32\drivers\dmio.sys 11:35:56.0734 0504 dmio - ok 11:35:56.0921 0504 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 11:36:01.0156 0504 dmload - ok 11:36:01.0328 0504 [ 127DB74184E2D3D31655DA525A5EFDE1 ] dmserver C:\WINDOWS\System32\dmserver.dll 11:36:05.0328 0504 dmserver - ok 11:36:05.0500 0504 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 11:36:09.0515 0504 DMusic - ok 11:36:09.0796 0504 [ DE6CDB6CBC5C27B9085CFA6DFE8E5025 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 11:36:10.0375 0504 Dnscache - ok 11:36:10.0593 0504 [ 90EE765E1A598B578852901F74F914F1 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 11:36:14.0890 0504 Dot3svc - ok 11:36:15.0046 0504 dpti2o - ok 11:36:15.0234 0504 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 11:36:19.0234 0504 drmkaud - ok 11:36:19.0406 0504 [ E88B0CFCECF745211BBA87F44F85D0DD ] eabfiltr C:\WINDOWS\system32\DRIVERS\eabfiltr.sys 11:36:19.0890 0504 eabfiltr - ok 11:36:20.0125 0504 [ E6BBDEBF7081899D161C773E8D84D015 ] EapHost C:\WINDOWS\System32\eapsvc.dll 11:36:24.0156 0504 EapHost - ok 11:36:24.0359 0504 [ 2F5C7F650B7AF178988946EE4B0D9C01 ] ERSvc C:\WINDOWS\System32\ersvc.dll 11:36:28.0312 0504 ERSvc - ok 11:36:28.0515 0504 [ 657B69389B893F440B07590C9E963F23 ] Eventlog C:\WINDOWS\system32\services.exe 11:36:29.0125 0504 Eventlog - ok 11:36:29.0328 0504 [ 97912DC0679D2DA60CCE589BBC196D72 ] EventSystem C:\WINDOWS\system32\es.dll 11:36:29.0984 0504 EventSystem - ok 11:36:30.0171 0504 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 11:36:34.0234 0504 Fastfat - ok 11:36:34.0453 0504 [ 2D5D4156292150FE571872C1B88E9299 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 11:36:35.0109 0504 FastUserSwitchingCompatibility - ok 11:36:35.0328 0504 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys 11:36:39.0296 0504 Fdc - ok 11:36:39.0531 0504 [ 8BFFFB5AC954E19DFDB96D56512AA518 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 11:36:43.0562 0504 Fips - ok 11:36:43.0718 0504 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys 11:36:47.0703 0504 Flpydisk - ok 11:36:47.0890 0504 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 11:36:52.0078 0504 FltMgr - ok 11:36:52.0265 0504 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 11:36:52.0859 0504 FontCache3.0.0.0 - ok 11:36:53.0109 0504 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 11:36:57.0453 0504 Fs_Rec - ok 11:36:57.0656 0504 [ FA8CA22E70245C81FF29C36AF56292FC ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 11:37:02.0031 0504 Ftdisk - ok 11:37:02.0234 0504 [ AB8A6A87D9D7255C3884D5B9541A6E80 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 11:37:02.0656 0504 GEARAspiWDM - ok 11:37:02.0859 0504 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 11:37:06.0890 0504 Gpc - ok 11:37:07.0109 0504 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 11:37:07.0671 0504 gupdate - ok 11:37:07.0796 0504 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 11:37:08.0328 0504 gupdatem - ok 11:37:08.0578 0504 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 11:37:09.0171 0504 gusvc - ok 11:37:09.0343 0504 [ 407E41DDB2BFECE109132AEC296E0D98 ] HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys 11:37:09.0890 0504 HBtnKey - ok 11:37:10.0125 0504 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 11:37:14.0156 0504 HDAudBus - ok 11:37:14.0343 0504 [ 5327BAD9B35C33D2A64B64E4CF282ECD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 11:37:18.0296 0504 helpsvc - ok 11:37:18.0468 0504 HidServ - ok 11:37:18.0656 0504 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 11:37:22.0562 0504 HidUsb - ok 11:37:22.0750 0504 [ 1FF903FFA2DA1704E5A5443D37D8E49E ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 11:37:26.0687 0504 hkmsvc - ok 11:37:26.0875 0504 [ 5953C0952E4DD2B25B9ADEF05AB0285C ] hpdskflt C:\WINDOWS\system32\DRIVERS\hpdskflt.sys 11:37:27.0312 0504 hpdskflt - ok 11:37:27.0437 0504 hpn - ok 11:37:27.0640 0504 [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 11:37:27.0859 0504 hpqwmiex ( UnsignedFile.Multi.Generic ) - warning 11:37:27.0859 0504 hpqwmiex - detected UnsignedFile.Multi.Generic (1) 11:37:28.0109 0504 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 11:37:28.0750 0504 HTTP - ok 11:37:28.0921 0504 [ 2529C7BA05242BEED0027F554D0513BB ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 11:37:32.0890 0504 HTTPFilter - ok 11:37:33.0109 0504 [ 2310CA92D37D97C9231ADF1796B47B9D ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys 11:37:33.0718 0504 hwdatacard - ok 11:37:33.0859 0504 i2omgmt - ok 11:37:34.0000 0504 i2omp - ok 11:37:34.0234 0504 [ C43372D0682F8E32E4EC21117E089EC0 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 11:37:38.0453 0504 i8042prt - ok 11:37:40.0359 0504 [ 200CCA76CD0E0F7EEC78FA56C29B4D67 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 11:37:43.0765 0504 ialm - ok 11:37:44.0093 0504 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys 11:37:44.0812 0504 iaStor - ok 11:37:45.0015 0504 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 11:37:45.0140 0504 IDriverT ( UnsignedFile.Multi.Generic ) - warning 11:37:45.0156 0504 IDriverT - detected UnsignedFile.Multi.Generic (1) 11:37:45.0546 0504 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 11:37:46.0609 0504 idsvc - ok 11:37:46.0890 0504 [ F67554DA27D5B55EFCB6C7CB4818FBFD ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS 11:37:47.0375 0504 IFXTPM - ok 11:37:47.0593 0504 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 11:37:51.0515 0504 Imapi - ok 11:37:51.0765 0504 [ A117772F94C854DE5D1BBC1F1962B192 ] ImapiService C:\WINDOWS\system32\imapi.exe 11:37:55.0890 0504 ImapiService - ok 11:37:56.0078 0504 ini910u - ok 11:37:56.0312 0504 [ 72C63AD984D427D34BD5B9DB838D88EB ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys 11:38:00.0281 0504 IntelIde - ok 11:38:00.0531 0504 [ 2D2254FAC267E6B1C7865E8EBEF60C6D ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 11:38:04.0390 0504 intelppm - ok 11:38:04.0578 0504 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 11:38:08.0578 0504 Ip6Fw - ok 11:38:08.0781 0504 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 11:38:12.0953 0504 IpFilterDriver - ok 11:38:13.0156 0504 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 11:38:17.0296 0504 IpInIp - ok 11:38:17.0531 0504 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 11:38:21.0718 0504 IpNat - ok 11:38:22.0000 0504 [ 62937A89470AF8FF172F0980CA8AEFC9 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 11:38:22.0781 0504 iPod Service - ok 11:38:22.0968 0504 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 11:38:26.0859 0504 IPSec - ok 11:38:27.0046 0504 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 11:38:30.0890 0504 IRENUM - ok 11:38:31.0109 0504 [ 0B78E1A31340E1FB1E389D5633F7C3A0 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 11:38:35.0046 0504 isapnp - ok 11:38:35.0234 0504 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe 11:38:35.0828 0504 IviRegMgr - ok 11:38:36.0015 0504 [ 9AE07549A0D691A103FAF8946554BDB7 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe 11:38:36.0656 0504 JavaQuickStarterService - ok 11:38:36.0859 0504 [ 380397621E94B32C744E7B2CC1330390 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 11:38:40.0765 0504 Kbdclass - ok 11:38:40.0937 0504 [ B833B70FE639F01FB36CEDABE57EF031 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys 11:38:45.0000 0504 kbdhid - ok 11:38:45.0203 0504 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 11:38:49.0203 0504 kmixer - ok 11:38:49.0375 0504 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 11:38:49.0937 0504 KSecDD - ok 11:38:50.0156 0504 [ C7955E7EDAEA462D04F1C4BE1D340372 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 11:38:50.0765 0504 lanmanserver - ok 11:38:50.0953 0504 [ A936A575EAF6DCE8DC08BC0C53972ADD ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 11:38:51.0515 0504 lanmanworkstation - ok 11:38:51.0640 0504 lbrtfdc - ok 11:38:52.0000 0504 [ 31D8B705DCD5F2366186E731F87C7A71 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe 11:38:52.0515 0504 LightScribeService - ok 11:38:52.0734 0504 [ 91AE20C5C2776C511994AA1308C05283 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 11:38:56.0718 0504 LmHosts - ok 11:38:56.0953 0504 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe 11:38:57.0203 0504 MDM ( UnsignedFile.Multi.Generic ) - warning 11:38:57.0203 0504 MDM - detected UnsignedFile.Multi.Generic (1) 11:38:57.0359 0504 [ C56A45A03DCA11712DE9FDF98224230B ] Messenger C:\WINDOWS\System32\msgsvc.dll 11:39:01.0421 0504 Messenger - ok 11:39:01.0609 0504 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 11:39:06.0234 0504 mnmdd - ok 11:39:06.0406 0504 [ 5B1D994DCF1895AFA27600E46A2F0FEA ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 11:39:10.0484 0504 mnmsrvc - ok 11:39:10.0703 0504 [ 8114EEAC353F549331AB73E9AF4219ED ] Modem C:\WINDOWS\system32\drivers\Modem.sys 11:39:14.0656 0504 Modem - ok 11:39:14.0843 0504 [ 1A4E2214DD63E4A876463D3427EE8261 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 11:39:18.0843 0504 Mouclass - ok 11:39:19.0062 0504 [ 18017899254E01371E1A39754D6BF98C ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 11:39:23.0187 0504 mouhid - ok 11:39:23.0343 0504 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 11:39:27.0296 0504 MountMgr - ok 11:39:27.0484 0504 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys 11:39:28.0375 0504 MpFilter - ok 11:39:28.0640 0504 [ A69630D039C38018689190234F866D77 ] MpKsl1b87c517 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F6E0F18-04BA-4939-BFDB-034BA7EC37B6}\MpKsl1b87c517.sys 11:39:29.0156 0504 MpKsl1b87c517 - ok 11:39:29.0343 0504 [ 70C14F5CCA5CF73F8A645C73A01D8726 ] MQAC C:\WINDOWS\system32\drivers\mqac.sys 11:39:33.0281 0504 MQAC - ok 11:39:33.0406 0504 mraid35x - ok 11:39:33.0640 0504 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 11:39:37.0531 0504 MRxDAV - ok 11:39:37.0843 0504 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 11:39:38.0515 0504 MRxSmb - ok 11:39:38.0750 0504 [ 21EA21984D7D1AD50DB2E627020AB14C ] MSDTC C:\WINDOWS\system32\msdtc.exe 11:39:42.0796 0504 MSDTC - ok 11:39:43.0093 0504 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 11:39:47.0343 0504 Msfs - ok 11:39:47.0500 0504 MSIServer - ok 11:39:47.0687 0504 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 11:39:51.0765 0504 MSKSSRV - ok 11:39:51.0984 0504 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 11:39:52.0625 0504 MsMpSvc - ok 11:39:52.0812 0504 [ F5F2E7EA537F60A4FD35079BDBCD7899 ] MSMQ C:\WINDOWS\system32\mqsvc.exe 11:39:56.0765 0504 MSMQ - ok 11:39:56.0953 0504 [ 0EADA80C26343A8FB3880FE95881338B ] MSMQTriggers C:\WINDOWS\system32\mqtgsvc.exe 11:40:00.0953 0504 MSMQTriggers - ok 11:40:01.0140 0504 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 11:40:05.0343 0504 MSPCLOCK - ok 11:40:05.0531 0504 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 11:40:09.0437 0504 MSPQM - ok 11:40:09.0609 0504 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 11:40:13.0515 0504 mssmbios - ok 11:40:13.0734 0504 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 11:40:14.0218 0504 Mup - ok 11:40:14.0453 0504 [ 87E394C810794D3C70CF22E8316CB23E ] napagent C:\WINDOWS\System32\qagentrt.dll 11:40:18.0656 0504 napagent - ok 11:40:19.0000 0504 [ E4534BCCDD1EA7A7A256BB9D6688A5FC ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe 11:40:19.0750 0504 NAUpdate - ok 11:40:19.0968 0504 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 11:40:23.0953 0504 NDIS - ok 11:40:24.0156 0504 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 11:40:24.0640 0504 NdisTapi - ok 11:40:24.0843 0504 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 11:40:29.0046 0504 Ndisuio - ok 11:40:29.0234 0504 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 11:40:33.0234 0504 NdisWan - ok 11:40:33.0421 0504 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 11:40:33.0953 0504 NDProxy - ok 11:40:34.0187 0504 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 11:40:38.0109 0504 NetBIOS - ok 11:40:38.0328 0504 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 11:40:42.0406 0504 NetBT - ok 11:40:42.0609 0504 [ DC6BAE085E9B3C2F3A963ED46791FEAB ] NetDDE C:\WINDOWS\system32\netdde.exe 11:40:46.0734 0504 NetDDE - ok 11:40:46.0843 0504 [ DC6BAE085E9B3C2F3A963ED46791FEAB ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 11:40:50.0796 0504 NetDDEdsdm - ok 11:40:50.0953 0504 [ 8754210A3399D19610CE2D71E0C3E5D9 ] Netlogon C:\WINDOWS\system32\lsass.exe 11:40:54.0859 0504 Netlogon - ok 11:40:55.0109 0504 [ 5431FB616ECAE0D587C5B97D0B86CBD8 ] Netman C:\WINDOWS\System32\netman.dll 11:40:59.0156 0504 Netman - ok 11:40:59.0375 0504 [ 562E15CE8A98282F241E03829657E344 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 11:41:00.0000 0504 NetTcpPortSharing - ok 11:41:00.0843 0504 [ D57258165ABA8162DE8E29D71487FC4B ] NETw4x32 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys 11:41:02.0687 0504 NETw4x32 - ok 11:41:04.0109 0504 [ 91F027C242D3FF6E5C09F92A0518297F ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 11:41:06.0781 0504 NETw5x32 - ok 11:41:06.0984 0504 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys 11:41:10.0890 0504 NIC1394 - ok 11:41:11.0125 0504 [ 4522CBE00A9E9EEE36AA82ED4B319148 ] Nla C:\WINDOWS\System32\mswsock.dll 11:41:11.0812 0504 Nla - ok 11:41:12.0015 0504 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 11:41:16.0000 0504 Npfs - ok 11:41:16.0328 0504 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 11:41:20.0390 0504 Ntfs - ok 11:41:20.0562 0504 [ 8754210A3399D19610CE2D71E0C3E5D9 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 11:41:24.0656 0504 NtLmSsp - ok 11:41:24.0968 0504 [ AC1A78237B53044735693633F8235468 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 11:41:29.0250 0504 NtmsSvc - ok 11:41:29.0421 0504 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 11:41:33.0640 0504 Null - ok 11:41:33.0812 0504 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 11:41:37.0812 0504 NwlnkFlt - ok 11:41:38.0000 0504 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 11:41:41.0984 0504 NwlnkFwd - ok 11:41:42.0328 0504 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 11:41:43.0093 0504 odserv - ok 11:41:43.0281 0504 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys 11:41:47.0484 0504 ohci1394 - ok 11:41:47.0656 0504 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 11:41:48.0203 0504 ose - ok 11:41:48.0437 0504 [ E3934CCC20A4D24F1924E13D36D2A5BD ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys 11:41:52.0343 0504 Parport - ok 11:41:52.0500 0504 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 11:41:56.0515 0504 PartMgr - ok 11:41:56.0718 0504 [ 1EADE28746A64C21E0A808BB12A63326 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 11:42:00.0921 0504 ParVdm - ok 11:42:01.0078 0504 [ 3B166F9F753C21AEDAA9A6BD76B49655 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 11:42:04.0968 0504 PCI - ok 11:42:05.0109 0504 PCIDump - ok 11:42:05.0312 0504 [ B31EDEBA4DA28283F6B8DC4756FB9585 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 11:42:09.0328 0504 PCIIde - ok 11:42:09.0500 0504 [ 2137FFD65F8E609A3A5ACD487C56CCE0 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys 11:42:13.0500 0504 Pcmcia - ok 11:42:13.0640 0504 PDCOMP - ok 11:42:13.0796 0504 pdfcDispatcher - ok 11:42:13.0953 0504 PDFRAME - ok 11:42:14.0093 0504 PDRELI - ok 11:42:14.0250 0504 PDRFRAME - ok 11:42:14.0390 0504 perc2 - ok 11:42:14.0531 0504 perc2hib - ok 11:42:15.0031 0504 [ 657B69389B893F440B07590C9E963F23 ] PlugPlay C:\WINDOWS\system32\services.exe 11:42:15.0703 0504 PlugPlay - ok 11:42:15.0906 0504 [ 3CECDA26586CA4DB9BE51241A6DB7C3C ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll 11:42:17.0953 0504 Pml Driver HPZ12 - ok 11:42:18.0109 0504 [ 8754210A3399D19610CE2D71E0C3E5D9 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 11:42:22.0000 0504 PolicyAgent - ok 11:42:22.0203 0504 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 11:42:26.0093 0504 PptpMiniport - ok 11:42:26.0234 0504 [ 8754210A3399D19610CE2D71E0C3E5D9 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 11:42:30.0453 0504 ProtectedStorage - ok 11:42:30.0640 0504 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 11:42:34.0703 0504 PSched - ok 11:42:34.0875 0504 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 11:42:38.0828 0504 Ptilink - ok 11:42:38.0953 0504 ql1080 - ok 11:42:39.0109 0504 Ql10wnt - ok 11:42:39.0265 0504 ql12160 - ok 11:42:39.0406 0504 ql1240 - ok 11:42:39.0546 0504 ql1280 - ok 11:42:39.0765 0504 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 11:42:43.0765 0504 RasAcd - ok 11:42:43.0953 0504 [ 0575D034B1292CA3A9BB9F67A8EE289C ] RasAuto C:\WINDOWS\System32\rasauto.dll 11:42:48.0000 0504 RasAuto - ok 11:42:48.0203 0504 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys 11:42:50.0437 0504 Rasirda - ok 11:42:50.0609 0504 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 11:42:54.0765 0504 Rasl2tp - ok 11:42:54.0953 0504 [ 9E7E2DF6971A5F00102BE3F901CC3BDC ] RasMan C:\WINDOWS\System32\rasmans.dll 11:42:58.0984 0504 RasMan - ok 11:42:59.0171 0504 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 11:43:04.0218 0504 RasPppoe - ok 11:43:04.0390 0504 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 11:43:08.0250 0504 Raspti - ok 11:43:08.0500 0504 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 11:43:13.0234 0504 Rdbss - ok 11:43:13.0406 0504 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 11:43:19.0015 0504 RDPCDD - ok 11:43:19.0312 0504 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 11:43:23.0421 0504 rdpdr - ok 11:43:23.0718 0504 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 11:43:24.0406 0504 RDPWD - ok 11:43:24.0625 0504 [ EA9FDF71D696B532BDC44C8BFF03A737 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 11:43:28.0718 0504 RDSessMgr - ok 11:43:28.0890 0504 [ 4173BC66E485FD77A03C4819F60BD0DA ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 11:43:32.0875 0504 redbook - ok 11:43:33.0078 0504 [ 4007ABF5D9BF0E55451D775443D1F985 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 11:43:37.0000 0504 RemoteAccess - ok 11:43:37.0203 0504 [ 2FD5B89BF9289C774C5C730DEA96CD91 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 11:43:41.0187 0504 RemoteRegistry - ok 11:43:41.0375 0504 [ 96F7A9A7BF0C9C0440A967440065D33C ] RMCAST C:\WINDOWS\system32\drivers\RMCast.sys 11:43:42.0000 0504 RMCAST - ok 11:43:42.0171 0504 [ BE078F8F7EC2491EFDD79A53353A060F ] RpcLocator C:\WINDOWS\system32\locator.exe 11:43:46.0187 0504 RpcLocator - ok 11:43:46.0468 0504 [ D9883335CC1C17AFC3A09C8AC3E4DBE4 ] RpcSs C:\WINDOWS\System32\rpcss.dll 11:43:47.0250 0504 RpcSs - ok 11:43:47.0437 0504 [ A3B23FB3F295694091F51865F98588B2 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys 11:43:47.0578 0504 rspndr ( UnsignedFile.Multi.Generic ) - warning 11:43:47.0578 0504 rspndr - detected UnsignedFile.Multi.Generic (1) 11:43:47.0781 0504 [ AD1B5F1B99FFF08C99F443D784711A81 ] RSVP C:\WINDOWS\system32\rsvp.exe 11:43:51.0953 0504 RSVP - ok 11:43:52.0156 0504 [ 8754210A3399D19610CE2D71E0C3E5D9 ] SamSs C:\WINDOWS\system32\lsass.exe 11:43:56.0109 0504 SamSs - ok 11:43:56.0312 0504 [ 1B4CD62174E907C7EF8EC5D4D0A2A616 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 11:44:00.0406 0504 SCardSvr - ok 11:44:00.0640 0504 [ 7C288AE0F75CB18CFF1DF6179A67AD8F ] Schedule C:\WINDOWS\system32\schedsvc.dll 11:44:04.0765 0504 Schedule - ok 11:44:05.0062 0504 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 11:44:09.0031 0504 Secdrv - ok 11:44:09.0203 0504 [ 6983665BEA867125B1DA5757CD8B2F9D ] seclogon C:\WINDOWS\System32\seclogon.dll 11:44:13.0171 0504 seclogon - ok 11:44:13.0312 0504 [ F6EC8F1E50E40237BDDEE1CB7FE20B42 ] SENS C:\WINDOWS\system32\sens.dll 11:44:17.0562 0504 SENS - ok 11:44:17.0734 0504 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 11:44:21.0562 0504 serenum - ok 11:44:21.0734 0504 [ 92C21762653BB2CE51147EB8A9AA654F ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 11:44:25.0625 0504 Serial - ok 11:44:26.0203 0504 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 11:44:30.0109 0504 Sfloppy - ok 11:44:30.0406 0504 [ 7579C4BE909D47F10F3D8D801CB13ED9 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 11:44:34.0500 0504 SharedAccess - ok 11:44:34.0671 0504 [ 2D5D4156292150FE571872C1B88E9299 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 11:44:35.0328 0504 ShellHWDetection - ok 11:44:35.0437 0504 Simbad - ok 11:44:35.0640 0504 [ F8BE8E1588AEFE40F2B219BF7AA632EF ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys 11:44:37.0906 0504 SMCIRDA - ok 11:44:38.0203 0504 Sparrow - ok 11:44:38.0343 0504 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 11:44:42.0281 0504 splitter - ok 11:44:42.0500 0504 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 11:44:43.0093 0504 Spooler - ok 11:44:43.0312 0504 [ 64D2A7640E0767ECD3BCB38D3200E7CE ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 11:44:47.0453 0504 sr - ok 11:44:47.0703 0504 [ 81CBF363C414620CAA61BD6843D8FDB9 ] srservice C:\WINDOWS\system32\srsvc.dll 11:44:51.0781 0504 srservice - ok 11:44:52.0062 0504 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 11:44:52.0703 0504 Srv - ok 11:44:52.0859 0504 [ 5B9D0DE64BE96A806819516440FD211C ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 11:44:56.0828 0504 SSDPSRV - ok 11:44:57.0156 0504 [ 5AE996186D2DC694FEF88F14A3FC9242 ] stisvc C:\WINDOWS\system32\wiaservc.dll 11:45:01.0281 0504 stisvc - ok 11:45:01.0453 0504 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 11:45:05.0296 0504 swenum - ok 11:45:05.0546 0504 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 11:45:09.0484 0504 swmidi - ok 11:45:09.0625 0504 SwPrv - ok 11:45:09.0828 0504 symc810 - ok 11:45:10.0000 0504 symc8xx - ok 11:45:10.0156 0504 sym_hi - ok 11:45:10.0343 0504 sym_u3 - ok 11:45:10.0906 0504 [ 0E8676FB3BB95AA40FDF7A4A31018C8B ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys 11:45:12.0218 0504 SynTP - ok 11:45:12.0500 0504 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 11:45:16.0562 0504 sysaudio - ok 11:45:16.0781 0504 [ 251EAE7C56C6AB9490311A3C9757E18D ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 11:45:20.0875 0504 SysmonLog - ok 11:45:21.0093 0504 [ 2BC9FB448F0C2394FF53C83A7BB04731 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 11:45:25.0343 0504 TapiSrv - ok 11:45:25.0687 0504 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 11:45:26.0390 0504 Tcpip - ok 11:45:26.0593 0504 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 11:45:30.0593 0504 TDPIPE - ok 11:45:30.0781 0504 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 11:45:34.0718 0504 TDTCP - ok 11:45:34.0968 0504 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 11:45:38.0984 0504 TermDD - ok 11:45:39.0234 0504 [ E0AEF86A594C9990D6321C5CA239C5B7 ] TermService C:\WINDOWS\System32\termsrv.dll 11:45:43.0375 0504 TermService - ok 11:45:43.0593 0504 [ 2D5D4156292150FE571872C1B88E9299 ] Themes C:\WINDOWS\System32\shsvcs.dll 11:45:44.0281 0504 Themes - ok 11:45:44.0468 0504 [ 78A2FE13662A119875F10E9FFCB49A8F ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 11:45:48.0484 0504 TlntSvr - ok 11:45:48.0625 0504 TosIde - ok 11:45:48.0859 0504 [ 20655E8CA1C78BC7088B18E93806D21B ] TrkWks C:\WINDOWS\system32\trkwks.dll 11:45:52.0750 0504 TrkWks - ok 11:45:53.0078 0504 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 11:45:57.0062 0504 Udfs - ok 11:45:57.0187 0504 ultra - ok 11:45:57.0359 0504 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe 11:45:57.0937 0504 UMWdf - ok 11:45:58.0203 0504 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 11:46:02.0375 0504 Update - ok 11:46:02.0593 0504 [ 01653D6C9604F1FB31A76EC94E08954F ] upnphost C:\WINDOWS\System32\upnphost.dll 11:46:06.0734 0504 upnphost - ok 11:46:06.0921 0504 [ A89796DD0DE24CF03B3A39407E1F46A3 ] UPS C:\WINDOWS\System32\ups.exe 11:46:11.0078 0504 UPS - ok 11:46:11.0328 0504 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 11:46:15.0390 0504 usbccgp - ok 11:46:15.0562 0504 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 11:46:19.0562 0504 usbehci - ok 11:46:19.0765 0504 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 11:46:23.0984 0504 usbhub - ok 11:46:24.0234 0504 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 11:46:28.0187 0504 usbprint - ok 11:46:28.0390 0504 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 11:46:32.0296 0504 usbscan - ok 11:46:32.0484 0504 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 11:46:36.0406 0504 USBSTOR - ok 11:46:36.0578 0504 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 11:46:40.0500 0504 usbuhci - ok 11:46:40.0671 0504 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys 11:46:44.0625 0504 usb_rndisx - ok 11:46:44.0781 0504 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 11:46:48.0921 0504 VgaSave - ok 11:46:49.0109 0504 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys 11:46:53.0140 0504 ViaIde - ok 11:46:53.0359 0504 [ 8AB662B3C4691E6DDF61C96BB5B7D103 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 11:46:57.0281 0504 VolSnap - ok 11:46:57.0593 0504 [ A585EDD6965B301DE8A45C6768C7C215 ] VSS C:\WINDOWS\System32\vssvc.exe 11:47:01.0750 0504 VSS - ok 11:47:02.0000 0504 [ 390D8E65F362327AD510B08971478301 ] W32Time C:\WINDOWS\system32\w32time.dll 11:47:06.0046 0504 W32Time - ok 11:47:06.0281 0504 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 11:47:10.0093 0504 Wanarp - ok 11:47:10.0406 0504 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys 11:47:11.0187 0504 Wdf01000 - ok 11:47:11.0328 0504 WDICA - ok 11:47:11.0546 0504 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 11:47:15.0625 0504 wdmaud - ok 11:47:15.0843 0504 [ 33D8E2812054D97A0AEC9B8F04277927 ] WebClient C:\WINDOWS\System32\webclnt.dll 11:47:19.0875 0504 WebClient - ok 11:47:20.0312 0504 [ F9E105F369C18E4001E0C05AAF600D73 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 11:47:24.0203 0504 winmgmt - ok 11:47:24.0609 0504 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 11:47:25.0156 0504 WmdmPmSN - ok 11:47:25.0515 0504 [ 93F8EB8C7CD4E325EC92EDBFC545103D ] Wmi C:\WINDOWS\System32\advapi32.dll 11:47:26.0375 0504 Wmi - ok 11:47:26.0562 0504 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 11:47:30.0578 0504 WmiAcpi - ok 11:47:30.0859 0504 [ 87F11D161207C7063EDABAC0AADC33C3 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 11:47:34.0968 0504 WmiApSrv - ok 11:47:35.0453 0504 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 11:47:36.0453 0504 WPFFontCache_v0400 - ok 11:47:36.0656 0504 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys 11:47:41.0000 0504 WS2IFSL - ok 11:47:41.0281 0504 [ 843F7FA8EA38E6A4262976DCC994C81A ] wscsvc C:\WINDOWS\system32\wscsvc.dll 11:47:45.0359 0504 wscsvc - ok 11:47:45.0515 0504 [ 1E8FDDDEF3FE260BADAB06DAE10D753A ] wuauserv C:\WINDOWS\system32\wuauserv.dll 11:47:49.0375 0504 wuauserv - ok 11:47:49.0562 0504 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 11:47:50.0140 0504 WudfPf - ok 11:47:50.0328 0504 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 11:47:50.0968 0504 WudfRd - ok 11:47:51.0156 0504 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 11:47:51.0750 0504 WudfSvc - ok 11:47:52.0062 0504 [ E99782DBB8FFA2AEE72B31DAC8D8D887 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 11:47:56.0218 0504 WZCSVC - ok 11:47:56.0437 0504 [ FD3C38635808920F8235BF2FED642F54 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 11:48:00.0406 0504 xmlprov - ok 11:48:00.0750 0504 ================ Scan global =============================== 11:48:01.0000 0504 [ 953AD498333B03F7CE547151F96EF241 ] C:\WINDOWS\system32\basesrv.dll 11:48:01.0281 0504 [ C7CC71181F7FD61C49EFF278003827A5 ] C:\WINDOWS\system32\winsrv.dll 11:48:01.0609 0504 [ C7CC71181F7FD61C49EFF278003827A5 ] C:\WINDOWS\system32\winsrv.dll 11:48:01.0859 0504 [ 657B69389B893F440B07590C9E963F23 ] C:\WINDOWS\system32\services.exe 11:48:01.0953 0504 [Global] - ok 11:48:01.0968 0504 ================ Scan MBR ================================== 11:48:02.0109 0504 [ D0531855B1068A1C2BE746F73C551399 ] \Device\Harddisk0\DR0 11:48:03.0562 0504 \Device\Harddisk0\DR0 - ok 11:48:03.0578 0504 ================ Scan VBR ================================== 11:48:03.0640 0504 [ 23C345BFA1784C2E7AEF9D8F7E009FAC ] \Device\Harddisk0\DR0\Partition1 11:48:03.0687 0504 \Device\Harddisk0\DR0\Partition1 - ok 11:48:03.0687 0504 ============================================================ 11:48:03.0687 0504 Scan finished 11:48:03.0703 0504 ============================================================ 11:48:04.0015 3032 Detected object count: 7 11:48:04.0015 3032 Actual detected object count: 7 11:50:56.0234 3032 ATMhelpr ( UnsignedFile.Multi.Generic ) - skipped by user 11:50:56.0250 3032 ATMhelpr ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:50:56.0265 3032 btwdins ( UnsignedFile.Multi.Generic ) - skipped by user 11:50:56.0281 3032 btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:50:56.0328 3032 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user 11:50:56.0328 3032 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:50:56.0375 3032 hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user 11:50:56.0390 3032 hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:50:56.0437 3032 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 11:50:56.0437 3032 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:50:56.0484 3032 MDM ( UnsignedFile.Multi.Generic ) - skipped by user 11:50:56.0484 3032 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:50:56.0546 3032 rspndr ( UnsignedFile.Multi.Generic ) - skipped by user 11:50:56.0546 3032 rspndr ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:51:32.0640 2084 Deinitialize success En de ComboFix: ComboFix 13-01-26.02 - nielsho 26-01-2013 12:57:30.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.523 [GMT 1:00] Gestart vanuit: c:\documents and settings\nielsho\Bureaublad\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-12-26 to 2013-01-26 )))))))))))))))))))))))))))))) . . 2013-01-26 13:55 . 2013-01-26 13:55 -------- d-----w- C:\216b416395a91a98e494 2013-01-26 11:21 . 2013-01-26 11:21 -------- d--h--r- c:\documents and settings\nielsho\Onlangs geopend 2013-01-26 10:13 . 2013-01-26 10:13 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F6E0F18-04BA-4939-BFDB-034BA7EC37B6}\MpKsl1b87c517.sys 2013-01-26 08:22 . 2013-01-26 11:19 -------- d-----w- c:\documents and settings\nielsho\Application Data\Systweak 2013-01-26 08:22 . 2012-12-10 11:01 18360 ----a-w- c:\windows\system32\roboot.exe 2013-01-25 18:28 . 2013-01-25 18:28 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F6E0F18-04BA-4939-BFDB-034BA7EC37B6}\offreg.dll 2013-01-25 18:04 . 2013-01-08 04:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F6E0F18-04BA-4939-BFDB-034BA7EC37B6}\mpengine.dll 2013-01-24 19:33 . 2013-01-08 04:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-24 19:29 . 2013-01-25 17:44 -------- d-----w- c:\program files\CodeStuff 2013-01-24 14:45 . 2013-01-24 14:46 -------- d-----w- C:\87bc6957fc66038ef47a4ed331092c66 2013-01-20 16:23 . 2013-01-20 16:23 -------- d-----w- c:\program files\CCleaner 2013-01-13 16:11 . 2013-01-14 01:33 -------- d-----w- C:\36cd03e572844ed81686e9151e6f1f 2013-01-13 15:21 . 2013-01-14 01:33 -------- d-----w- C:\e3a056e9c5c326fc1935fb88 2013-01-09 16:43 . 2013-01-09 16:43 16369160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-12-30 15:10 . 2012-12-30 15:10 -------- d-----w- c:\documents and settings\nielsho\triplea 2012-12-29 20:41 . 2013-01-17 07:45 -------- d-----w- C:\tmp 2012-12-29 20:36 . 2012-12-29 20:36 -------- d-----w- c:\program files\TripleA . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-09 16:43 . 2012-04-01 10:51 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 16:43 . 2011-06-01 18:37 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 12:23 . 2004-08-04 08:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 15:49 . 2012-05-31 20:14 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-13 11:55 . 2004-08-04 08:00 1866496 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 02:00 . 2007-05-15 14:43 1371648 ----a-w- c:\windows\system32\msxml6.dll 2012-11-02 02:03 . 2004-08-04 08:00 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:12 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:12 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-11-01 12:12 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec 2012-01-22 10:57 . 2012-01-22 10:57 22796304 ----a-w- c:\program files\Video-Converter-Platinum.exe 2011-04-24 23:58 . 2011-04-24 23:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll 2011-04-25 00:48 . 2011-04-25 00:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2011-04-25 00:00 . 2011-04-25 00:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2011-04-24 23:59 . 2011-04-24 23:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2011-04-24 23:58 . 2011-04-24 23:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2011-04-24 23:57 . 2011-04-24 23:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2011-04-24 23:58 . 2011-04-24 23:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2011-04-24 23:58 . 2011-04-24 23:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2011-04-24 23:51 . 2011-04-24 23:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2011-04-25 00:00 . 2011-04-25 00:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192] "ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-29 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsmqIntCert"="mqrt.dll" [2008-04-14 177152] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 163840] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\BTTray.lnk backup=c:\windows\pss\BTTray.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^DVD Check.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\DVD Check.lnk backup=c:\windows\pss\DVD Check.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset] 2007-05-03 09:52 57344 ----a-w- c:\program files\Hewlett-Packard\Default Settings\Cpqset.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX7400 Series] 2007-04-12 06:00 182272 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICDE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-11-13 12:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2007-03-29 13:41 222128 ------w- c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2008-11-20 12:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2007-04-19 11:26 484904 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 17:03 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent] 2010-03-26 08:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete] 2007-05-08 06:38 331552 ----a-w- c:\program files\PDF Complete\pdfsty.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-11-04 09:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-01-29 14:43 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] 2007-05-23 10:00 192512 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2006-11-03 17:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= . R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [4-1-2011 14:29 4064] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [25-4-2011 0:49 65584] R1 MpKsl1b87c517;MpKsl1b87c517;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F6E0F18-04BA-4939-BFDB-034BA7EC37B6}\MpKsl1b87c517.sys [26-1-2013 11:13 29904] R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25-3-2010 13:39 490280] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [24-7-2007 8:14 540448] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [19-9-2006 17:58 36608] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18-12-2009 9:58 11336] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - 04385087 *NewlyCreated* - 49176666 *NewlyCreated* - MPKSL1B87C517 *Deregistered* - 04385087 *Deregistered* - 49176666 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-04-19 11:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2013-01-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 16:43] . 2013-01-26 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-29 09:59] . 2013-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 19:53] . 2013-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 19:53] . 2013-01-26 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = isa01:8080 uInternet Settings,ProxyOverride = hxxp://*.gmb.eu;<local> TCP: DhcpNameServer = 192.168.1.1 DPF: {DC8B04D7-DFBE-46B4-BAB6-61981E896C64} - hxxp://www.virtuocity.eu/download/v223/virtuocity.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-26 15:32 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(708) c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll . Voltooingstijd: 2013-01-26 15:36:40 ComboFix-quarantined-files.txt 2013-01-26 14:36 ComboFix2.txt 2013-01-24 19:14 . Pre-Run: 81.639.665.664 bytes beschikbaar Post-Run: 81.633.062.912 bytes beschikbaar . - - End Of File - - C8FA2C3498D55446CD3001CFEE9875F2 Hoop dat iemand raad heeft!
  • Net zoals ik zal je even geduld moeten hebben voordat Abraham54 een reactie kan geven. Abraham54 is heel erg druk en is ook actief op andere fora!!
  • [quote:f0fe79c883="Jos H"]Net zoals ik zal je even geduld moeten hebben voordat Abraham54 een reactie kan geven. Abraham54 is heel erg druk en is ook actief op andere fora!![/quote:f0fe79c883] Heel aardig van Jos. Donderdag mijn nieuwe notebook ontvangen, enkel had ik de grootste moeite om de LAN-verbinding te installeren! Want ik heb zelf geen WLAN! Dus was ik even heel stil. Inmiddels draait alles als een zonnetje! On Topic. Het in eigen regie tools zoals ComboFix en TDSSKiller gebruiken is af te raden! Deze tools zware tools zijn daarvoor niet bedoeld, want verkeerde beslissingen kunnen leiden tot een kapotte Windows. Doe het volgende: [b:f0fe79c883]Welk programma[/b:f0fe79c883]: [color=#008000:f0fe79c883][b:f0fe79c883]OTL.exe[/b:f0fe79c883][/color:f0fe79c883] [b:f0fe79c883]Waarvoor/waarom[/b:f0fe79c883]: multifunktioneel tool - analyse en fix [b:f0fe79c883]Moeilijkheidsgraad[/b:f0fe79c883]: geen. [b:f0fe79c883]Download[/b:f0fe79c883]: [url=http://oldtimer.geekstogo.com/OTL.exe][b:f0fe79c883][color=red:f0fe79c883]OTL.exe[/color:f0fe79c883][/b:f0fe79c883][/url] en plaats het bestand op het bureaublad. [b:f0fe79c883]Sluit voordat [color=#008000:f0fe79c883]OTL.exe[/color:f0fe79c883] gaat scannen, eerst alle andere openstaande vensters![/b:f0fe79c883] [b:f0fe79c883][color=#008000:f0fe79c883]OTL.exe[/color:f0fe79c883] gebruiken[/b:f0fe79c883]: [list:f0fe79c883][*:f0fe79c883] [b:f0fe79c883][color=#FF0000:f0fe79c883]Sluit nu eerst alle nog openstaande programmavensters![/color:f0fe79c883][/b:f0fe79c883] [list:f0fe79c883][*:f0fe79c883][b:f0fe79c883][color=#0000FF:f0fe79c883]Windows 2000[/color:f0fe79c883][/b:f0fe79c883] en [color=#0000FF:f0fe79c883][b:f0fe79c883]Windows XP[/b:f0fe79c883][/color:f0fe79c883]: dubbelklik op [color=#008000:f0fe79c883][b:f0fe79c883]OTL.exe[/b:f0fe79c883][/color:f0fe79c883]. [*:f0fe79c883][color=#0000FF:f0fe79c883][b:f0fe79c883]Windows Vista[/b:f0fe79c883][/color:f0fe79c883], [color=#0000FF:f0fe79c883][b:f0fe79c883]Windows 7[/b:f0fe79c883][/color:f0fe79c883] en [color=#0000FF:f0fe79c883][b:f0fe79c883]Windows 8[/b:f0fe79c883][/color:f0fe79c883]: via rechtsklik op [color=#008000:f0fe79c883][b:f0fe79c883]OTL.exe[/b:f0fe79c883][/color:f0fe79c883] en kies voor "Als Administrator uitvoeren".[/list:u:f0fe79c883][/list:u:f0fe79c883] [list:f0fe79c883][*:f0fe79c883]Zet een vinkje bij [color=#0000FF:f0fe79c883][b:f0fe79c883]Scan All Users[/b:f0fe79c883][/color:f0fe79c883], [color=#0000FF:f0fe79c883][b:f0fe79c883]LOP Check[/b:f0fe79c883][/color:f0fe79c883] en bij [color=#0000FF:f0fe79c883][b:f0fe79c883]PURITY Check[/b:f0fe79c883][/color:f0fe79c883]. [*:f0fe79c883]Kopieer en plak ondervermelde (vetgedrukte, blauwe tekst) in het kader onder [img:f0fe79c883]http://www.imgdumper.nl/uploads5/4f9111a6d2e57/4f9111a6d2a6c-OTL-2.png[/img:f0fe79c883] [color=#0000FF:f0fe79c883][b:f0fe79c883] services.* explorer.exe winlogon.exe Userinit.exe svchost.exe netsvcs BASESERVICES DRIVES msconfig %SYSTEMDRIVE%\*.exe %SYSTEMDRIVE%\*.* %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /mp /s %systemroot%\system32\*.sys /90 %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\System32\config\*.sav %PROGRAMFILES%\* %USERPROFILE%\..|smtmp;true;true;true /FP HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT[/color:f0fe79c883][/b:f0fe79c883] [*:f0fe79c883]Klik vervolgens op de knop [img:f0fe79c883]http://www.imgdumper.nl/uploads6/50cd93c69c626/50cd93c69be5b-OTL_-_Run_Scan_knop.jpg[/img:f0fe79c883]. [*:f0fe79c883]Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef. [*:f0fe79c883]De scan zal niet heel erg lang duren. [list:f0fe79c883][*:f0fe79c883]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: [b:f0fe79c883]OTL.Txt[/b:f0fe79c883] en [b:f0fe79c883]Extras.txt[/b:f0fe79c883]. [*:f0fe79c883]Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.[/list:u:f0fe79c883] [*:f0fe79c883][color=#008000:f0fe79c883][b:f0fe79c883]Notabene:[/b:f0fe79c883][/color:f0fe79c883] indien het log niet in één bericht past, spreidt het dan over twee of meer berichten.[/list:u:f0fe79c883]
  • Beste Abraham, Bedankt voor je reactie. Hier komen de scans van OTL: OTL logfile created on: 27-1-2013 17:22:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\nielsho\Bureaublad Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 1015,23 Mb Total Physical Memory | 590,94 Mb Available Physical Memory | 58,21% Memory free 2,38 Gb Paging File | 2,09 Gb Available in Paging File | 87,53% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111,79 Gb Total Space | 75,56 Gb Free Space | 67,59% Space Free | Partition Type: NTFS Computer Name: GMB_LT_R010 | User Name: nielsho | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717:c82db22e45]========== Processes (SafeList) ==========[/color:c82db22e45] PRC - [2013-01-27 17:16:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nielsho\Bureaublad\OTL.exe PRC - [2012-09-12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2012-09-12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2011-04-25 01:24:16 | 000,726,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe PRC - [2011-04-25 01:22:40 | 000,305,088 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe PRC - [2010-03-25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2008-08-26 19:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe PRC - [2008-04-14 18:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-05-08 07:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe PRC - [2007-03-29 14:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe PRC - [2007-01-04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006-03-30 08:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe [color=#E56717:c82db22e45]========== Modules (No Company Name) ==========[/color:c82db22e45] [color=#E56717:c82db22e45]========== Services (SafeList) ==========[/color:c82db22e45] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2013-01-09 17:43:21 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-09-12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2010-03-25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2008-08-26 19:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007-05-08 07:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2007-01-04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006-03-30 08:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8) [color=#E56717:c82db22e45]========== Driver Services (SafeList) ==========[/color:c82db22e45] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\nielsho\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Auto | Stopped] -- -- (ASPI32) DRV - [2011-04-25 00:49:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2009-12-18 09:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2009-10-26 14:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) DRV - [2008-11-21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008-05-08 15:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST) DRV - [2008-04-28 20:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2008-04-13 19:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC) DRV - [2008-03-13 02:25:36 | 002,530,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) DRV - [2007-11-05 10:56:58 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007-04-10 14:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) DRV - [2007-02-27 11:21:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007-02-14 15:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2007-02-14 15:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2007-02-14 15:20:58 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2007-02-14 15:20:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2007-02-14 15:20:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2006-11-30 10:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006-09-19 17:58:58 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2006-07-24 00:00:04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2006-07-24 00:00:04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2001-09-06 19:56:14 | 000,036,425 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [1997-06-17 04:00:00 | 000,004,064 | ---- | M] (Adobe Systems Incorporated) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ATMHELPR.SYS -- (ATMhelpr) [color=#E56717:c82db22e45]========== Standard Registry (SafeList) ==========[/color:c82db22e45] [color=#E56717:c82db22e45]========== Internet Explorer ==========[/color:c82db22e45] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE8HP&PC=DI215 IE - HKLM\..\SearchScopes,DefaultScope = {C292A838-7FA9-405E-A9EE-EB005264AEF6} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=421&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{C292A838-7FA9-405E-A9EE-EB005264AEF6}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = gmb-comm02:8080 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = gmb-comm02:8080 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2096918946-519651807-1341851483-6232\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2096918946-519651807-1341851483-6232\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-2096918946-519651807-1341851483-6232\..\SearchScopes,DefaultScope = {C292A838-7FA9-405E-A9EE-EB005264AEF6} IE - HKU\S-1-5-21-2096918946-519651807-1341851483-6232\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-2096918946-519651807-1341851483-6232\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=421&sr=0&q={searchTerms} IE - HKU\S-1-5-21-2096918946-519651807-1341851483-6232\..\SearchScopes\{C292A838-7FA9-405E-A9EE-EB005264AEF6}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_nl IE - HKU\S-1-5-21-2096918946-519651807-1341851483-6232\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2096918946-519651807-1341851483-6232\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://*.gmb.eu;<local> IE - HKU\S-1-5-21-2096918946-519651807-1341851483-6232\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = isa01:8080 [color=#E56717:c82db22e45]========== FireFox ==========[/color:c82db22e45] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) [2012-06-30 16:25:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nielsho\Application Data\Mozilla\Extensions [2011-10-31 19:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nielsho\Application Data\Mozilla\Extensions\home2@tomtom.com [2012-06-30 19:21:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nielsho\Application Data\Mozilla\Firefox\Profiles\extensions [2012-06-30 19:21:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nielsho\Application Data\Mozilla\Firefox\Profiles\extensions\extensions [2012-06-30 17:43:40 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Documents and Settings\nielsho\Application Data\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com [2012-06-30 19:21:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\nielsho\Application Data\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com [2012-06-30 17:57:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-04-17 19:44:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-08-21 18:39:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-10-18 21:05:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2012-06-30 17:57:15 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2011-04-25 00:58:10 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2011-04-25 01:00:08 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2011-04-25 00:59:06 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll [2011-04-25 00:58:38 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2010-09-15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-04-25 01:49:00 | 000,485,288 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll [2011-04-25 01:00:04 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2012-06-30 15:25:41 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012-06-30 15:22:17 | 000,002,517 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [color=#E56717:c82db22e45]========== Chrome ==========[/color:c82db22e45] CHR - homepage: http://www.google.com/ CHR - homepage: http://www.google.com/ CHR - Extension: YouTube = C:\Documents and Settings\nielsho\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: FunDial = C:\Documents and Settings\nielsho\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\1.0.1_0\ CHR - Extension: Google Zoeken = C:\Documents and Settings\nielsho\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Funmoods = C:\Documents and Settings\nielsho\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.5.1_0\ CHR - Extension: Vid-Saver = C:\Documents and Settings\nielsho\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.17.20_0\ CHR - Extension: Gmail = C:\Documents and Settings\nielsho\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013-01-24 18:26:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-2096918946-519651807-1341851483-6232\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2096918946-519651807-1341851483-6232..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) O4 - HKU\S-1-5-21-2096918946-519651807-1341851483-6232..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe () O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2096918946-519651807-1341851483-6232\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2096918946-519651807-1341851483-6232\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-21-2096918946-519651807-1341851483-6232\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2096918946-519651807-1341851483-6232\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2096918946-519651807-1341851483-6232\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB (Reg Error: Key error.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://babybeeld.st-anna.nl/cab/OCXChecker_8000.cab (OCXDownloadChecker Control) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class) O16 - DPF: {DC8B04D7-DFBE-46B4-BAB6-61981E896C64} http://www.virtuocity.eu/download/v223/virtuocity.cab (Cebra Virtuocity Client) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = middenbetuwe.nl O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5415EAC-385B-475B-96C8-8943C5C8A60D}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\nielsho\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\nielsho\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe - (InterVideo Inc.) MsConfig - StartUpReg: [b:c82db22e45]Cpqset[/b:c82db22e45] - hkey= - key= - C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe () MsConfig - StartUpReg: [b:c82db22e45]EPSON Stylus DX7400 Series[/b:c82db22e45] - hkey= - key= - File not found MsConfig - StartUpReg: [b:c82db22e45]H/PC Connection Agent[/b:c82db22e45] - hkey= - key= - C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation) MsConfig - StartUpReg: [b:c82db22e45]ISUSPM[/b:c82db22e45] - hkey= - key= - C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\isuspm.exe (Macrovision Corporation) MsConfig - StartUpReg: [b:c82db22e45]iTunesHelper[/b:c82db22e45] - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: [b:c82db22e45]LightScribe Control Panel[/b:c82db22e45] - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) MsConfig - StartUpReg: [b:c82db22e45]MSMSGS[/b:c82db22e45] - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) MsConfig - StartUpReg: [b:c82db22e45]NBAgent[/b:c82db22e45] - hkey= - key= - C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) MsConfig - StartUpReg: [b:c82db22e45]PDF Complete[/b:c82db22e45] - hkey= - key= - C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc) MsConfig - StartUpReg: [b:c82db22e45]QuickTime Task[/b:c82db22e45] - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.) MsConfig - StartUpReg: [b:c82db22e45]SunJavaUpdateSched[/b:c82db22e45] - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: [b:c82db22e45]swg[/b:c82db22e45] - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: [b:c82db22e45]WatchDog[/b:c82db22e45] - hkey= - key= - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.) MsConfig - StartUpReg: [b:c82db22e45]Windows Defender[/b:c82db22e45] - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717:c82db22e45]========== Files/Folders - Created Within 30 Days ==========[/color:c82db22e45] [2013-01-27 17:16:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\nielsho\Bureaublad\OTL.exe [2013-01-27 14:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nielsho\Local Settings\Application Data\Nero_AG [2013-01-26 16:23:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013-01-26 12:32:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013-01-26 12:32:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013-01-26 12:32:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013-01-26 12:32:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013-01-26 12:29:53 | 000,000,000 | ---D | C] -- C:\Qoobox [2013-01-26 12:21:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nielsho\Onlangs geopend [2013-01-26 11:59:37 | 005,026,751 | R--- | C] (Swearware) -- C:\Documents and Settings\nielsho\Bureaublad\ComboFix.exe [2013-01-26 11:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nielsho\Bureaublad\tdsskiller [2013-01-26 09:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nielsho\Application Data\Systweak [2013-01-26 09:22:21 | 000,018,360 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\WINDOWS\System32\roboot.exe [2013-01-24 20:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\CodeStuff [2013-01-24 18:14:32 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013-01-24 18:05:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nielsho\Menu Start\Programma's\Systeembeheer [2013-01-24 17:07:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013-01-24 15:45:40 | 000,000,000 | ---D | C] -- C:\87bc6957fc66038ef47a4ed331092c66 [2013-01-20 17:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\CCleaner [2013-01-20 17:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013-01-14 02:53:54 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013-01-13 17:11:03 | 000,000,000 | ---D | C] -- C:\36cd03e572844ed81686e9151e6f1f [2013-01-13 16:21:53 | 000,000,000 | ---D | C] -- C:\e3a056e9c5c326fc1935fb88 [2013-01-09 17:43:14 | 016,369,160 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2013-01-05 13:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nielsho\Mijn documenten\HTC Desire [2012-12-30 16:10:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nielsho\triplea [2012-12-29 21:41:20 | 000,000,000 | ---D | C] -- C:\tmp [2012-12-29 21:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nielsho\Menu Start\Programma's\TripleA [2012-12-29 21:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\TripleA [2012-01-22 11:57:36 | 022,796,304 | ---- | C] (Wondershare Software ) -- C:\Program Files\Video-Converter-Platinum.exe [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717:c82db22e45]========== Files - Modified Within 30 Days ==========[/color:c82db22e45] [2013-01-27 17:21:47 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2013-01-27 17:16:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nielsho\Bureaublad\OTL.exe [2013-01-27 17:13:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013-01-27 17:12:13 | 000,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013-01-27 17:11:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013-01-27 17:11:40 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys [2013-01-27 16:22:06 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\nielsho\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013-01-27 16:03:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013-01-27 15:43:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013-01-27 14:28:10 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2013-01-27 14:24:00 | 000,660,252 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat [2013-01-27 14:24:00 | 000,577,748 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013-01-27 14:24:00 | 000,139,342 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat [2013-01-27 14:24:00 | 000,110,612 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013-01-27 11:15:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2013-01-26 12:26:15 | 000,001,300 | ---- | M] () -- C:\Documents and Settings\nielsho\Mijn documenten\cc_20130126_122606.reg [2013-01-26 12:04:09 | 005,026,751 | R--- | M] (Swearware) -- C:\Documents and Settings\nielsho\Bureaublad\ComboFix.exe [2013-01-26 11:05:48 | 002,195,061 | ---- | M] () -- C:\Documents and Settings\nielsho\Bureaublad\tdsskiller.zip [2013-01-26 10:53:15 | 000,002,782 | ---- | M] () -- C:\Documents and Settings\nielsho\Mijn documenten\cc_20130126_105300.reg [2013-01-25 21:37:31 | 000,004,272 | ---- | M] () -- C:\Documents and Settings\nielsho\Mijn documenten\cc_20130125_213718.reg [2013-01-25 18:58:18 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\nielsho\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2013-01-25 18:54:01 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2013-01-25 18:53:58 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2013-01-25 18:53:58 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2013-01-25 16:49:54 | 000,006,516 | ---- | M] () -- C:\Documents and Settings\nielsho\Mijn documenten\cc_20130125_164941.reg [2013-01-24 20:24:06 | 000,007,444 | ---- | M] () -- C:\Documents and Settings\nielsho\Mijn documenten\cc_20130124_202403.reg [2013-01-24 20:23:48 | 000,008,204 | ---- | M] () -- C:\Documents and Settings\nielsho\Mijn documenten\cc_20130124_202344.reg [2013-01-24 20:20:32 | 000,007,444 | ---- | M] () -- C:\Documents and Settings\nielsho\Mijn documenten\cc_20130124_202029.reg [2013-01-24 20:20:13 | 000,007,444 | ---- | M] () -- C:\Documents and Settings\nielsho\Mijn documenten\cc_20130124_202010.reg [2013-01-24 20:19:52 | 000,007,444 | ---- | M] () -- C:\Documents and Settings\nielsho\Mijn documenten\cc_20130124_201949.reg [2013-01-24 20:19:36 | 000,007,734 | ---- | M] () -- C:\Documents and Settings\nielsho\Mijn documenten\cc_20130124_201933.reg [2013-01-24 20:19:18 | 000,010,332 | ---- | M] () -- C:\Documents and Settings\nielsho\Mijn documenten\cc_20130124_201914.reg [2013-01-24 20:18:41 | 000,389,330 | ---- | M] () -- C:\Documents and Settings\nielsho\Mijn documenten\cc_20130124_201811.reg [2013-01-24 18:26:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013-01-24 18:14:37 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013-01-22 09:22:04 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes Anti-Malware.lnk [2013-01-20 17:23:43 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk [2013-01-18 11:14:53 | 000,000,145 | ---- | M] () -- C:\Snelkoppeling naar Cd-rom-station.lnk [2013-01-16 20:06:01 | 000,000,186 | ---- | M] () -- C:\Documents and Settings\nielsho\Bureaublad\Snelkoppeling naar My Book (E).lnk [2013-01-14 10:43:13 | 000,002,724 | RHS- | M] () -- C:\Documents and Settings\nielsho\ntuser.pol [2013-01-09 17:43:20 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013-01-09 17:43:20 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013-01-09 17:43:15 | 016,369,160 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2013-01-06 06:33:58 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2012-12-31 18:15:31 | 140,889,832 | ---- | M] () -- C:\Documents and Settings\nielsho\Mijn documenten\Een lalala 2013 gewenst!.wmv [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717:c82db22e45]========== Files Created - No Company Name ==========[/color:c82db22e45] [2013-01-27 16:36:16 | 000,175,992 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2013-01-27 14:26:45 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2013-01-26 12:32:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013-01-26 12:32:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013-01-26 12:32:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013-01-26 12:32:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013-01-26 12:32:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013-01-26 12:26:11 | 000,001,300 | ---- | C] () -- C:\Documents and Settings\nielsho\Mijn documenten\cc_20130126_122606.reg [2013-01-26 11:04:19 | 002,195,061 | ---- | C] () -- C:\Documents and Settings\nielsho\Bureaublad\tdsskiller.zip [2013-01-26 10:53:11 | 000,002,782 | ---- | C] () -- C:\Documents and Settings\nielsho\Mijn documenten\cc_20130126_105300.reg [2013-01-25 21:37:25 | 000,004,272 | ---- | C] () -- C:\Documents and Settings\nielsho\Mijn documenten\cc_20130125_213718.reg [2013-01-25 18:53:50 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb [2013-01-25 18:53:49 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb [2013-01-25 16:49:47 | 000,006,516 | ---- | C] () -- C:\Documents and Settings\nielsho\Mijn documenten\cc_20130125_164941.reg [2013-01-24 20:24:04 | 000,007,444 | ---- | C] () -- C:\Documents and Settings\nielsho\Mijn documenten\cc_20130124_202403.reg [2013-01-24 20:23:46 | 000,008,204 | ---- | C] () -- C:\Documents and Settings\nielsho\Mijn documenten\cc_20130124_202344.reg [2013-01-24 20:20:30 | 000,007,444 | ---- | C] () -- C:\Documents and Settings\nielsho\Mijn documenten\cc_20130124_202029.reg [2013-01-24 20:20:11 | 000,007,444 | ---- | C] () -- C:\Documents and Settings\nielsho\Mijn documenten\cc_20130124_202010.reg [2013-01-24 20:19:51 | 000,007,444 | ---- | C] () -- C:\Documents and Settings\nielsho\Mijn documenten\cc_20130124_201949.reg [2013-01-24 20:19:34 | 000,007,734 | ---- | C] () -- C:\Documents and Settings\nielsho\Mijn documenten\cc_20130124_201933.reg [2013-01-24 20:19:16 | 000,010,332 | ---- | C] () -- C:\Documents and Settings\nielsho\Mijn documenten\cc_20130124_201914.reg [2013-01-24 20:18:26 | 000,389,330 | ---- | C] () -- C:\Documents and Settings\nielsho\Mijn documenten\cc_20130124_201811.reg [2013-01-24 18:14:37 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2013-01-24 18:14:34 | 000,261,936 | RHS- | C] () -- C:\cmldr [2013-01-20 17:23:43 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk [2013-01-18 11:14:53 | 000,000,145 | ---- | C] () -- C:\Snelkoppeling naar Cd-rom-station.lnk [2013-01-16 20:06:01 | 000,000,186 | ---- | C] () -- C:\Documents and Settings\nielsho\Bureaublad\Snelkoppeling naar My Book (E).lnk [2013-01-07 20:42:14 | 1064,620,032 | -HS- | C] () -- C:\hiberfil.sys [2012-12-31 18:12:44 | 140,889,832 | ---- | C] () -- C:\Documents and Settings\nielsho\Mijn documenten\Een lalala 2013 gewenst!.wmv [2012-10-04 19:55:41 | 000,133,574 | ---- | C] () -- C:\Program Files\RE - Yahoo! Mail.mht [2012-10-04 19:55:41 | 000,128,714 | ---- | C] () -- C:\Program Files\2.mht [2012-10-04 19:55:41 | 000,128,268 | ---- | C] () -- C:\Program Files\hi - Yahoo! Mail.mht [2012-10-04 19:55:41 | 000,127,926 | ---- | C] () -- C:\Program Files\[ No Subject ] - Yahoo! Mail.mht [2012-10-04 19:55:41 | 000,127,925 | ---- | C] () -- C:\Program Files\kut.mht [2012-07-20 12:17:13 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2012-06-30 19:21:31 | 000,302,425 | ---- | C] () -- C:\Documents and Settings\nielsho\Local Settings\Application Data\funmoods-speeddial.crx [2012-06-30 17:25:47 | 000,461,707 | ---- | C] () -- C:\Program Files\yDGpatch_1-2-16-14.rar [2011-05-08 18:40:57 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc [2011-05-07 21:13:57 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2011-05-07 21:13:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2011-05-07 21:13:53 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011-05-07 19:45:55 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011-03-20 15:15:42 | 000,296,641 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll [2009-01-11 20:59:40 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\nielsho\Application Data\$_hpcst$.hpc [2008-05-03 19:04:52 | 000,212,992 | ---- | C] () -- C:\Documents and Settings\nielsho\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-01-30 08:55:27 | 000,002,724 | RHS- | C] () -- C:\Documents and Settings\nielsho\ntuser.pol [2008-01-30 08:55:23 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\nielsho\Local Settings\Application Data\fusioncache.dat [2008-01-29 16:00:45 | 000,002,798 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2004-08-04 09:00:00 | 000,014,307 | R-S- | C] () -- C:\Documents and Settings\nielsho\Application Data\igfxcfg.dat [color=#E56717:c82db22e45]========== ZeroAccess Check ==========[/color:c82db22e45] [2010-12-09 16:15:34 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L [2012-06-01 12:39:23 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U [2010-12-09 16:15:34 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\nielsho\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L [2010-12-09 16:15:34 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\nielsho\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U [2004-09-08 08:50:00 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-14 18:02:39 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-02-09 11:56:06 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008-04-14 18:02:44 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717:c82db22e45]========== LOP Check ==========[/color:c82db22e45] [2008-01-29 14:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICAClient [2008-01-29 17:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView [2008-01-29 17:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MIDDENBETUWE\Application Data\SampleView [2011-12-11 18:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon [2012-06-30 16:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess [2012-05-15 20:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2008-02-29 13:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2008-09-28 11:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios [2010-07-29 13:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe [2012-09-02 08:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2011-10-31 19:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom [2008-02-29 13:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2009-01-11 21:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2008-01-29 17:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView [2011-05-05 17:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\Asfoip [2011-05-06 18:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\Asyw [2012-06-03 13:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\Azwuer [2011-12-11 18:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\Babylon [2012-05-19 17:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\Belastingdienst [2013-01-20 17:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\BitTorrent [2010-05-17 22:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\BSplayer [2010-01-09 22:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\BSplayer Pro [2011-05-09 18:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\DriverFinder [2010-02-05 12:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\DTencryptor-E [2012-05-31 20:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\ElevatedDiagnostics [2010-03-09 20:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\EPSON [2012-07-20 12:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\FreeBurner [2010-01-10 09:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\GhostFleet [2012-06-02 14:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\Gyim [2012-05-15 20:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\ICAClient [2012-06-02 23:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\Ilhao [2008-05-03 18:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\InterVideo [2012-08-08 13:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\Puta [2010-03-04 21:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\RadioBar [2008-11-21 15:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\Rioscoop [2008-01-29 17:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\SampleView [2012-07-20 12:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\searchquband [2013-01-26 12:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\Systweak [2010-04-17 14:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\The Creative Assembly [2011-10-31 19:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\TomTom [2012-08-08 13:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\Ubid [2013-01-25 16:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\uTorrent [2012-06-30 15:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\wincoreimband [2012-05-11 19:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\YourFileDownloader [2012-06-02 04:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nielsho\Application Data\Zueki [2008-01-29 17:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nielsk\Application Data\SampleView [color=#E56717:c82db22e45]========== Purity Check ==========[/color:c82db22e45] [color=#E56717:c82db22e45]========== Custom Scans ==========[/color:c82db22e45] [color=#A23BEC:c82db22e45]< services.* >[/color:c82db22e45] [2004-08-04 09:00:00 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2004-09-08 08:58:12 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2009-01-07 21:12:54 | 000,000,922 | ---- | C] () -- C:\WINDOWS\Tasks\Google Software Updater.job [2010-01-06 20:53:59 | 000,001,040 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [2010-01-06 20:53:59 | 000,001,044 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [2012-04-01 11:51:32 | 000,000,940 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [2012-10-02 19:42:32 | 000,000,386 | -H-- | C] () -- C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job [color=#A23BEC:c82db22e45]< explorer.exe >[/color:c82db22e45] [color=#A23BEC:c82db22e45]< winlogon.exe >[/color:c82db22e45] [color=#A23BEC:c82db22e45]< Userinit.exe >[/color:c82db22e45] [color=#A23BEC:c82db22e45]< svchost.exe >[/color:c82db22e45] [color=#E56717:c82db22e45]========== Base Services ==========[/color:c82db22e45] SRV - [2008-04-14 18:02:48 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG) SRV - [2008-04-14 18:02:47 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv) SRV - [2008-04-14 18:02:38 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS) SRV - [2012-07-06 14:58:53 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser) SRV - [2008-04-14 18:02:23 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc) SRV - [2008-04-14 18:02:24 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp) SRV - [2009-04-20 18:22:17 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache) SRV - [2009-02-09 12:27:40 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog) SRV - [2008-04-14 18:02:25 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost) SRV - [2009-07-28 00:19:12 | 000,135,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility) SRV - [2008-04-14 18:02:44 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2008-04-14 18:03:01 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService) SRV - [2008-04-14 18:03:02 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent) SRV - [2008-04-14 18:02:24 | 000,024,064 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver) SRV - [2008-04-14 18:02:54 | 000,225,280 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin) SRV - [2008-04-14 18:02:54 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv) SRV - [2008-04-14 18:03:02 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon) SRV - [2008-04-14 18:02:33 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman) SRV - [2008-06-20 17:04:51 | 000,247,296 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) SRV - [2009-02-09 12:27:40 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay) SRV - [2010-08-17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler) SRV - [2008-04-14 18:03:02 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage) SRV - [2008-04-14 18:02:39 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto) SRV - [2008-04-14 18:02:39 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan) SRV - [2009-02-09 11:56:07 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) SRV - [2008-04-14 18:02:34 | 000,437,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc) SRV - [2008-04-14 18:02:39 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon) SRV - [2008-04-14 18:03:02 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs) SRV - [2008-04-14 18:02:45 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc) SRV - [2010-08-27 06:55:04 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver) SRV - [2009-07-28 00:19:12 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection) SRV - [2008-04-14 18:02:44 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice) SRV - [2008-04-14 18:02:39 | 000,193,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule) SRV - [2008-04-14 18:02:29 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts) SRV - [2008-04-14 18:02:44 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv) SRV - [2008-04-14 18:02:44 | 000,297,472 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService) SRV - [2009-07-28 00:19:12 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes) SRV - [2008-04-14 18:03:17 | 000,292,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS) SRV - [2008-04-14 18:02:22 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv) SRV - [2008-04-14 18:02:28 | 000,332,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) SRV - [2008-04-14 18:02:44 | 000,334,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) SRV - [2008-05-19 00:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer) SRV - [2008-04-14 18:02:45 | 000,145,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt) SRV - [2009-02-09 11:56:07 | 000,684,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi) SRV - [2008-04-14 18:02:24 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc) SRV - [2008-04-14 18:02:47 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC) SRV - [2009-06-10 07:16:47 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation) [color=#E56717:c82db22e45]========== Drive Information ==========[/color:c82db22e45] Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media Interface type: IDE Media Type: Fixed\thard disk media Model: Hitachi HTS541612J9SA00 Partitions: 1 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 112,00GB Starting Offset: 32256 Hidden sectors: 0 [color=#A23BEC:c82db22e45]< %SYSTEMDRIVE%\*.exe >[/color:c82db22e45] [color=#A23BEC:c82db22e45]< %SYSTEMDRIVE%\*.* >[/color:c82db22e45] [2009-06-09 22:36:33 | 000,033,102 | ---- | M] () -- C:\ASLog.txt [2010-11-03 08:12:41 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2013-01-24 18:14:37 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2004-08-04 09:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2008-01-29 08:54:20 | 000,002,777 | ---- | M] () -- C:\Ciam_LogFile.log [2004-08-03 23:00:14 | 000,261,936 | RHS- | M] () -- C:\cmldr [2013-01-26 15:36:40 | 000,015,648 | ---- | M] () -- C:\ComboFix.txt [2013-01-27 17:11:40 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys [2008-07-12 17:21:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008-07-12 17:21:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004-08-04 09:00:00 | 000,047,564 | -HS- | M] () -- C:\ntdetect.com [2008-09-16 08:21:58 | 000,251,712 | -HS- | M] () -- C:\ntldr [2013-01-27 17:11:38 | 1596,821,504 | -HS- | M] () -- C:\pagefile.sys [2012-05-31 20:41:12 | 000,000,540 | ---- | M] () -- C:\rkill.log [2013-01-18 11:14:53 | 000,000,145 | ---- | M] () -- C:\Snelkoppeling naar Cd-rom-station.lnk [2012-08-08 11:27:14 | 000,000,495 | ---- | M] () -- C:\stub.log [2013-01-26 11:31:04 | 000,094,570 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_26.01.2013_11.12.46_log.txt [2013-01-26 11:51:32 | 000,094,570 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_26.01.2013_11.32.10_log.txt [2012-06-30 18:17:30 | 000,000,000 | ---- | M] () -- C:\test.txt [2012-06-30 17:57:17 | 000,001,407 | ---- | M] () -- C:\user.js [color=#A23BEC:c82db22e45]< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[/color:c82db22e45] [2004-04-23 06:00:00 | 000,017,920 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\CNMPD64.DLL [2004-04-23 06:00:00 | 000,054,272 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\CNMPP64.DLL [2008-07-06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll [2007-04-06 15:35:06 | 000,236,032 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\hpzpp07s.dll [2006-10-26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll [color=#A23BEC:c82db22e45]< %systemroot%\*. /mp /s >[/color:c82db22e45] [color=#A23BEC:c82db22e45]< %systemroot%\system32\*.sys /90 >[/color:c82db22e45] [2012-11-13 12:55:15 | 001,866,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color=#A23BEC:c82db22e45]< %systemroot%\system32\*.dll /lockedfiles >[/color:c82db22e45] [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color=#A23BEC:c82db22e45]< %systemroot%\Tasks\*.job /lockedfiles >[/color:c82db22e45] [color=#A23BEC:c82db22e45]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color:c82db22e45] [color=#A23BEC:c82db22e45]< %systemroot%\system32\*.exe /lockedfiles >[/color:c82db22e45] [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color=#A23BEC:c82db22e45]< %systemroot%\System32\config\*.sav >[/color:c82db22e45] [2004-09-08 10:31:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2004-09-08 10:31:12 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2004-09-08 10:31:12 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav [color=#A23BEC:c82db22e45]< %PROGRAMFILES%\* >[/color:c82db22e45] [2012-10-02 20:23:19 | 000,128,714 | ---- | M] () -- C:\Program Files\2.mht [2012-10-02 20:07:39 | 000,128,268 | ---- | M] () -- C:\Program Files\hi - Yahoo! Mail.mht [2012-10-02 20:10:27 | 000,127,925 | ---- | M] () -- C:\Program Files\kut.mht [2012-09-30 16:44:11 | 000,133,574 | ---- | M] () -- C:\Program Files\RE - Yahoo! Mail.mht [2012-09-30 16:49:15 | 000,001,892 | ---- | M] () -- C:\Program Files\special mail.txt [2012-01-22 11:57:39
  • .... en het laatste deel van OTL.Txt [color=#A23BEC:7cfc8a3e48]< %PROGRAMFILES%\* >[/color:7cfc8a3e48] [2012-10-02 20:23:19 | 000,128,714 | ---- | M] () -- C:\Program Files\2.mht [2012-10-02 20:07:39 | 000,128,268 | ---- | M] () -- C:\Program Files\hi - Yahoo! Mail.mht [2012-10-02 20:10:27 | 000,127,925 | ---- | M] () -- C:\Program Files\kut.mht [2012-09-30 16:44:11 | 000,133,574 | ---- | M] () -- C:\Program Files\RE - Yahoo! Mail.mht [2012-09-30 16:49:15 | 000,001,892 | ---- | M] () -- C:\Program Files\special mail.txt [2012-01-22 11:57:39 | 022,796,304 | ---- | M] (Wondershare Software ) -- C:\Program Files\Video-Converter-Platinum.exe [2012-06-30 17:25:52 | 000,461,707 | ---- | M] () -- C:\Program Files\yDGpatch_1-2-16-14.rar [2012-10-02 20:02:13 | 000,127,926 | ---- | M] () -- C:\Program Files\[ No Subject ] - Yahoo! Mail.mht [color=#A23BEC:7cfc8a3e48]< %USERPROFILE%\..|smtmp;true;true;true /FP >[/color:7cfc8a3e48] [color=#A23BEC:7cfc8a3e48]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color:7cfc8a3e48] [color=#A23BEC:7cfc8a3e48]< hklm\software\clients\startmenuinternet|command /rs >[/color:7cfc8a3e48] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012-11-01 01:35:49 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012-11-01 01:35:49 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012-11-01 01:35:49 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009-03-08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009-03-08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) [color=#A23BEC:7cfc8a3e48]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color:7cfc8a3e48] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012-11-01 01:35:49 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012-11-01 01:35:49 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012-11-01 01:35:49 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009-03-08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009-03-08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) [color=#A23BEC:7cfc8a3e48]< >[/color:7cfc8a3e48] < End of report >
  • ... en hierbij Extra.Txt: OTL Extras logfile created on: 27-1-2013 17:22:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\nielsho\Bureaublad Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 1015,23 Mb Total Physical Memory | 590,94 Mb Available Physical Memory | 58,21% Memory free 2,38 Gb Paging File | 2,09 Gb Available in Paging File | 87,53% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111,79 Gb Total Space | 75,56 Gb Free Space | 67,59% Space Free | Partition Type: NTFS Computer Name: GMB_LT_R010 | User Name: nielsho | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717:e46837a952]========== Extra Registry (SafeList) ==========[/color:e46837a952] [color=#E56717:e46837a952]========== File Associations ==========[/color:e46837a952] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-2096918946-519651807-1341851483-6232\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found [color=#E56717:e46837a952]========== Shell Spawning ==========[/color:e46837a952] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* https [open] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717:e46837a952]========== Security Center Settings ==========[/color:e46837a952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717:e46837a952]========== System Restore Settings ==========[/color:e46837a952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717:e46837a952]========== Firewall Settings ==========[/color:e46837a952] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [color=#E56717:e46837a952]========== Authorized Applications List ==========[/color:e46837a952] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Disabled:ActiveSync RAPI Manager -- (Microsoft Corporation) [color=#E56717:e46837a952]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color:e46837a952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld "{13902DA3-1CE3-47E8-A42F-440FFC2BAC2F}" = Windows Rights Management Client met Service Pack 2 "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10 "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 22 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager "{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 F2 "{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E5D6293-C0BF-48EC-A984-91932A313436}" = PANORAMO Viewer NLD "{4F2D3995-1EC5-3C05-B7E5-3449F802E6DE}" = Microsoft .NET Framework 4 Extended NLD Language Pack "{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.1 "{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix online plug-in (DV) "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{90120000-0010-0413-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Dutch) 12 "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007 "{90120000-0015-0413-0000-0000000FF1CE}_PROPLUS_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007 "{90120000-0016-0413-0000-0000000FF1CE}_PROPLUS_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007 "{90120000-0018-0413-0000-0000000FF1CE}_PROPLUS_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007 "{90120000-0019-0413-0000-0000000FF1CE}_PROPLUS_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007 "{90120000-001A-0413-0000-0000000FF1CE}_PROPLUS_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007 "{90120000-001B-0413-0000-0000000FF1CE}_PROPLUS_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007 "{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007 "{90120000-0044-0413-0000-0000000FF1CE}_PROPLUS_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007 "{90120000-006E-0413-0000-0000000FF1CE}_PROPLUS_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync "{9A1027CE-83F6-3CB2-B9BA-9DA38D0907D0}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1043-7B44-A71000000002}" = Adobe Reader 7.1.0 - Nederlands "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix online plug-in (HDX) "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix online plug-in (USB) "{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1 "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10 "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support "{EC905264-BCFE-423B-9C42-C3A106266790}" = Terugwaartse compatibiliteit van Windows Rights Management Client SP2 "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM) "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{F73EA8BF-81F5-32AF-8D8A-24F12FD23B79}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD "{F7EC885B-6F58-45B2-9E6A-D4A957EB8333}_is1" = yDGpatch v1.2 "{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel "{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime "{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix online plug-in (Web) "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "Aangifte inkomstenbelasting 2007" = Aangifte inkomstenbelasting 2007 "Aangifte inkomstenbelasting 2008" = Aangifte inkomstenbelasting 2008 "Aangifte inkomstenbelasting 2009" = Aangifte inkomstenbelasting 2009 "Aangifte inkomstenbelasting 2010" = Aangifte inkomstenbelasting 2010 "Aangifte inkomstenbelasting 2011" = Aangifte inkomstenbelasting 2011 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "CAL" = Canon Camera Access Library "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "CCleaner" = CCleaner "CitrixOnlinePluginPackWeb" = Citrix online plug-in - web "CSCLIB" = Canon Camera Support Core Library "EOS Utility" = Canon Utilities EOS Utility "EPSON Printer and Utilities" = EPSON-printersoftware "EPSON Scanner" = EPSON Scan "EPSON Stylus CX7300_CX8300_DX7400_DX8400 Gebruikershandleiding" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handboek "ExtractNow_is1" = ExtractNow "Free Easy Burner_is1" = Free Easy Burner V 5.1 "Google Updater" = Google Updater "HDMI" = Intel(R) Graphics Media Accelerator Driver "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstaCodecs_is1" = InstaCodecs "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "Kinderopvangtoeslag 2011" = Kinderopvangtoeslag 2011 "KLiteCodecPack_is1" = K-Lite Codec Pack 7.1.0 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.70.0.1100 "Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Extended - NLD "Microsoft Security Client" = Microsoft Security Essentials "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PDF Complete" = PDF Complete "PhotoStitch" = Canon Utilities PhotoStitch "PowerShell" = Windows PowerShell(TM) 1.0 "PROPLUS" = Microsoft Office Professional Plus 2007 "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX "SynTPDeinstKey" = Synaptics Pointing Device Driver "TripleAVersion1_6_1_4" = TripleA Version 1_6_1_4 "uTorrent" = µTorrent "Verzoek of wijziging voorlopige aanslag 2011" = Verzoek of wijziging voorlopige aanslag 2011 "VLC media player" = VLC media player 1.1.11 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "WGA" = Windows Genuine Advantage Validation Tool "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR 4.20 (32-bit) "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "Xvid Video Codec 1.3.1" = Xvid Video Codec "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX [color=#E56717:e46837a952]========== HKEY_USERS Uninstall List ==========[/color:e46837a952] [HKEY_USERS\S-1-5-21-2096918946-519651807-1341851483-6232\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "VirtuoCity" = VirtuoCity [color=#E56717:e46837a952]========== Last 20 Event Log Errors ==========[/color:e46837a952] [ Application Events ] Error - 26-1-2013 11:07:01 | Computer Name = GMB_LT_R010 | Source = AutoEnrollment | ID = 15 Description = De automatische certificaatinschrijving voor lokaal systeem kan geen contact krijgen met de Active Directory 0x8007054b. Het opgegeven domein bestaat niet of kan geen contact maken met dit domein. . De inschrijving wordt niet uitgevoerd. Error - 26-1-2013 19:07:01 | Computer Name = GMB_LT_R010 | Source = AutoEnrollment | ID = 15 Description = De automatische certificaatinschrijving voor lokaal systeem kan geen contact krijgen met de Active Directory 0x8007054b. Het opgegeven domein bestaat niet of kan geen contact maken met dit domein. . De inschrijving wordt niet uitgevoerd. Error - 27-1-2013 4:44:33 | Computer Name = GMB_LT_R010 | Source = Userenv | ID = 1054 Description = Kan de domeincontrollernaam voor het computernetwerk niet verkrijgen. Het opgegeven domein bestaat niet of kan geen contact maken met dit domein. . Het verwerken van het groepsbeleid wordt afgebroken. Error - 27-1-2013 4:44:34 | Computer Name = GMB_LT_R010 | Source = AutoEnrollment | ID = 15 Description = De automatische certificaatinschrijving voor lokaal systeem kan geen contact krijgen met de Active Directory 0x8007054b. Het opgegeven domein bestaat niet of kan geen contact maken met dit domein. . De inschrijving wordt niet uitgevoerd. Error - 27-1-2013 4:44:40 | Computer Name = GMB_LT_R010 | Source = Userenv | ID = 1054 Description = Kan de domeincontrollernaam voor het computernetwerk niet verkrijgen. Het opgegeven domein bestaat niet of kan geen contact maken met dit domein. . Het verwerken van het groepsbeleid wordt afgebroken. Error - 27-1-2013 4:44:58 | Computer Name = GMB_LT_R010 | Source = .NET Runtime Optimization Service | ID = 1103 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error - 27-1-2013 12:12:03 | Computer Name = GMB_LT_R010 | Source = Userenv | ID = 1054 Description = Kan de domeincontrollernaam voor het computernetwerk niet verkrijgen. Het opgegeven domein bestaat niet of kan geen contact maken met dit domein. . Het verwerken van het groepsbeleid wordt afgebroken. Error - 27-1-2013 12:12:04 | Computer Name = GMB_LT_R010 | Source = AutoEnrollment | ID = 15 Description = De automatische certificaatinschrijving voor lokaal systeem kan geen contact krijgen met de Active Directory 0x8007054b. Het opgegeven domein bestaat niet of kan geen contact maken met dit domein. . De inschrijving wordt niet uitgevoerd. Error - 27-1-2013 12:12:13 | Computer Name = GMB_LT_R010 | Source = Userenv | ID = 1054 Description = Kan de domeincontrollernaam voor het computernetwerk niet verkrijgen. Het opgegeven domein bestaat niet of kan geen contact maken met dit domein. . Het verwerken van het groepsbeleid wordt afgebroken. Error - 27-1-2013 12:13:29 | Computer Name = GMB_LT_R010 | Source = .NET Runtime Optimization Service | ID = 1103 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown [ System Events ] Error - 27-1-2013 6:29:37 | Computer Name = GMB_LT_R010 | Source = W32Time | ID = 39452701 Description = De tijdsprovider NtpClient is geconfigureerd om de tijd uit een of meer tijdsbronnen te halen. Geen van deze bronnen zijn echter toegankelijk. Er worden geen nieuwe pogingen gedaan gedurende 119 minuten. De tijdservice heeft geen nauwkeurige tijdsbron. Error - 27-1-2013 8:29:35 | Computer Name = GMB_LT_R010 | Source = W32Time | ID = 39452701 Description = De tijdsprovider NtpClient is geconfigureerd om de tijd uit een of meer tijdsbronnen te halen. Geen van deze bronnen zijn echter toegankelijk. Er worden geen nieuwe pogingen gedaan gedurende 239 minuten. De tijdservice heeft geen nauwkeurige tijdsbron. Error - 27-1-2013 9:04:10 | Computer Name = GMB_LT_R010 | Source = NETLOGON | ID = 5719 Description = Er is geen domeincontroller beschikbaar voor domein MIDDENBETUWE met als reden: %%1311. Zorg ervoor dat de computer op het netwerk is aangesloten en probeer het opnieuw. Neem contact met de domeinbeheerder op als het probleem blijft bestaan. Error - 27-1-2013 12:12:03 | Computer Name = GMB_LT_R010 | Source = NETLOGON | ID = 5719 Description = Er is geen domeincontroller beschikbaar voor domein MIDDENBETUWE met als reden: %%1311. Zorg ervoor dat de computer op het netwerk is aangesloten en probeer het opnieuw. Neem contact met de domeinbeheerder op als het probleem blijft bestaan. Error - 27-1-2013 12:12:04 | Computer Name = GMB_LT_R010 | Source = W32Time | ID = 39452701 Description = De tijdsprovider NtpClient is geconfigureerd om de tijd uit een of meer tijdsbronnen te halen. Geen van deze bronnen zijn echter toegankelijk. Er worden geen nieuwe pogingen gedaan gedurende 15 minuten. De tijdservice heeft geen nauwkeurige tijdsbron. Error - 27-1-2013 12:12:04 | Computer Name = GMB_LT_R010 | Source = W32Time | ID = 39452701 Description = De tijdsprovider NtpClient is geconfigureerd om de tijd uit een of meer tijdsbronnen te halen. Geen van deze bronnen zijn echter toegankelijk. Er worden geen nieuwe pogingen gedaan gedurende 15 minuten. De tijdservice heeft geen nauwkeurige tijdsbron. Error - 27-1-2013 12:13:25 | Computer Name = GMB_LT_R010 | Source = Service Control Manager | ID = 7000 Description = De ASPI32-service kan vanwege de volgende fout niet worden gestart: %%2 Error - 27-1-2013 12:13:38 | Computer Name = GMB_LT_R010 | Source = eabfiltr | ID = 262187 Description = De slaapbewerking van het systeem is mislukt Error - 27-1-2013 12:13:38 | Computer Name = GMB_LT_R010 | Source = W32Time | ID = 39452701 Description = De tijdsprovider NtpClient is geconfigureerd om de tijd uit een of meer tijdsbronnen te halen. Geen van deze bronnen zijn echter toegankelijk. Er worden geen nieuwe pogingen gedaan gedurende 15 minuten. De tijdservice heeft geen nauwkeurige tijdsbron. Error - 27-1-2013 12:28:41 | Computer Name = GMB_LT_R010 | Source = W32Time | ID = 39452701 Description = De tijdsprovider NtpClient is geconfigureerd om de tijd uit een of meer tijdsbronnen te halen. Geen van deze bronnen zijn echter toegankelijk. Er worden geen nieuwe pogingen gedaan gedurende 29 minuten. De tijdservice heeft geen nauwkeurige tijdsbron. < End of report >
  • Twee scans: [color=#FF0000:ce37f0f3cb][b:ce37f0f3cb]Stap •1•[/b:ce37f0f3cb][/color:ce37f0f3cb] [b:ce37f0f3cb]Welk programma[/b:ce37f0f3cb]: [color=#008000:ce37f0f3cb][b:ce37f0f3cb]AdwCleaner[/b:ce37f0f3cb][/color:ce37f0f3cb] [b:ce37f0f3cb]Waarvoor/waarom[/b:ce37f0f3cb]: Scanner om Windows op te schonen en te ontdoen van malafide toolbars. [b:ce37f0f3cb]Moeilijkheidsgraad[/b:ce37f0f3cb]: Geen. [b:ce37f0f3cb]Downloadlokatie[/b:ce37f0f3cb]: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen! [b:ce37f0f3cb]Download[/b:ce37f0f3cb]: [url=http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner][color=#FF0000:ce37f0f3cb][b:ce37f0f3cb]AdwCleaner by Xplode[/b:ce37f0f3cb][/color:ce37f0f3cb][/url]. [b:ce37f0f3cb]Opmerkingen[/b:ce37f0f3cb]: [list:ce37f0f3cb][*:ce37f0f3cb][color=#FF0000:ce37f0f3cb][b:ce37f0f3cb] Alle openstaande programma's en webpagina's dienen afgesloten te zijn[/b:ce37f0f3cb][/color:ce37f0f3cb]. [*:ce37f0f3cb]Dat na opstarten van [color=#008000:ce37f0f3cb][b:ce37f0f3cb]AdwCleaner[/b:ce37f0f3cb][/color:ce37f0f3cb] de snelkoppelingen verdwijnen van bureaublad, is normaal.[/list:u:ce37f0f3cb] [b:ce37f0f3cb][color=#008000:ce37f0f3cb]AdwCleaner[/color:ce37f0f3cb] opstarten[/b:ce37f0f3cb]: [list:ce37f0f3cb][*:ce37f0f3cb][b:ce37f0f3cb][color=#0000FF:ce37f0f3cb]Windows 2000[/color:ce37f0f3cb][/b:ce37f0f3cb] en [color=#0000FF:ce37f0f3cb][b:ce37f0f3cb]Windows XP[/b:ce37f0f3cb][/color:ce37f0f3cb]: dubbelklik op adwcleaner.exe. [*:ce37f0f3cb][color=#0000FF:ce37f0f3cb][b:ce37f0f3cb]Windows Vista[/b:ce37f0f3cb][/color:ce37f0f3cb], [color=#0000FF:ce37f0f3cb][b:ce37f0f3cb]Windows 7[/b:ce37f0f3cb][/color:ce37f0f3cb] en [color=#0000FF:ce37f0f3cb][b:ce37f0f3cb]Windows 8[/b:ce37f0f3cb][/color:ce37f0f3cb]: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".[/list:u:ce37f0f3cb] [b:ce37f0f3cb][color=#008000:ce37f0f3cb]AdwCleaner[/color:ce37f0f3cb] is opgestart[/b:ce37f0f3cb]: [list:ce37f0f3cb][*:ce37f0f3cb]Klik op de knop [color=#0000FF:ce37f0f3cb][b:ce37f0f3cb]Verwijderen[/b:ce37f0f3cb][/color:ce37f0f3cb] [*:ce37f0f3cb]Klik bij [color=#0000FF:ce37f0f3cb][b:ce37f0f3cb]AdwCleaner – Afsluiting van de programma's[/b:ce37f0f3cb][/color:ce37f0f3cb] op [b:ce37f0f3cb]OK[/b:ce37f0f3cb] [*:ce37f0f3cb]Klik bij [color=#0000FF:ce37f0f3cb][b:ce37f0f3cb]AdwCleaner – Herstarten noodzakelijk[/b:ce37f0f3cb][/color:ce37f0f3cb] op [b:ce37f0f3cb]OK[/b:ce37f0f3cb][/list:u:ce37f0f3cb] [b:ce37f0f3cb][color=#008000:ce37f0f3cb]AdwCleaner[/color:ce37f0f3cb] logbestand[/b:ce37f0f3cb]: [list:ce37f0f3cb][*:ce37f0f3cb]Nadat de PC opnieuw is opgestart, opent een logfile. [*:ce37f0f3cb]Post vervolgens de inhoud van dit log in je volgende bericht.[/list:u:ce37f0f3cb] [color=#FF0000:ce37f0f3cb][b:ce37f0f3cb]Stap •2•[/b:ce37f0f3cb][/color:ce37f0f3cb] [b:ce37f0f3cb]Welk programma[/b:ce37f0f3cb]: [color=#008000:ce37f0f3cb][b:ce37f0f3cb]ComboFix[/b:ce37f0f3cb][/color:ce37f0f3cb] [b:ce37f0f3cb]Waarvoor/waarom[/b:ce37f0f3cb]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen. [b:ce37f0f3cb]Moeilijkheidsgraad[/b:ce37f0f3cb]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:ce37f0f3cb]Downloadlokatie[/b:ce37f0f3cb]: Dit programma absoluut naar het bureaublad downloaden! [b:ce37f0f3cb]Download ComboFix via één van deze locaties[/b:ce37f0f3cb]: [list:ce37f0f3cb][*:ce37f0f3cb][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:ce37f0f3cb]Bleepingcomputer[/b:ce37f0f3cb][/url] [*:ce37f0f3cb][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:ce37f0f3cb]ForoSpyware[/b:ce37f0f3cb][/url] [*:ce37f0f3cb][url=http://subs.geekstogo.com/ComboFix.exe][b:ce37f0f3cb]Geekstogo[/b:ce37f0f3cb][/url][/list:u:ce37f0f3cb] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:ce37f0f3cb][color=#0000FF:ce37f0f3cb]Hier[/color:ce37f0f3cb][/b:ce37f0f3cb][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn! [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608][b:ce37f0f3cb][color=#0000FF:ce37f0f3cb]Hier[/color:ce37f0f3cb][/b:ce37f0f3cb][/url] en [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607][b:ce37f0f3cb][color=#0000FF:ce37f0f3cb]hier[/color:ce37f0f3cb][/b:ce37f0f3cb][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:ce37f0f3cb]Opmerkingen[/b:ce37f0f3cb]: [list:ce37f0f3cb][*:ce37f0f3cb] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:ce37f0f3cb]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:ce37f0f3cb] [b:ce37f0f3cb]ComboFix opstarten[/b:ce37f0f3cb]: [list:ce37f0f3cb][*:ce37f0f3cb][b:ce37f0f3cb][color=#0000FF:ce37f0f3cb]Windows 2000[/color:ce37f0f3cb][/b:ce37f0f3cb] en [color=#0000FF:ce37f0f3cb][b:ce37f0f3cb]Windows XP[/b:ce37f0f3cb][/color:ce37f0f3cb]: dubbelklik op ComboFix.exe. [*:ce37f0f3cb][color=#0000FF:ce37f0f3cb][b:ce37f0f3cb]Windows Vista[/b:ce37f0f3cb][/color:ce37f0f3cb] en [color=#0000FF:ce37f0f3cb][b:ce37f0f3cb]Windows 7[/b:ce37f0f3cb][/color:ce37f0f3cb]: via rechtsklik op ComboFix.exe en kies voor "Als Administrator uitvoeren".[/list:u:ce37f0f3cb] [b:ce37f0f3cb]ComboFix is opgestart[/b:ce37f0f3cb]: [list:ce37f0f3cb][*:ce37f0f3cb]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:ce37f0f3cb]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:ce37f0f3cb]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:ce37f0f3cb]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:ce37f0f3cb]Post de inhoud van dit logbestand in je volgende bericht. [*:ce37f0f3cb]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:ce37f0f3cb] [b:ce37f0f3cb]Belangrijke opmerking[/b:ce37f0f3cb]: [list:ce37f0f3cb][*:ce37f0f3cb][b:ce37f0f3cb][color=#0000FF:ce37f0f3cb]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:ce37f0f3cb][/b:ce37f0f3cb] [*:ce37f0f3cb][b:ce37f0f3cb][color=#FF0000:ce37f0f3cb]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:ce37f0f3cb][/b:ce37f0f3cb] [*:ce37f0f3cb][b:ce37f0f3cb][color=#008000:ce37f0f3cb]Start dan de computer opnieuw op.[/color:ce37f0f3cb][/b:ce37f0f3cb][/list:u:ce37f0f3cb]
  • Hierbij het logbestand van AdwCleaner: # AdwCleaner v2.109 - Verslag gemaakt op 27/01/2013 om 18:35:55 # Geactualiseerd op 26/01/2013 door Xplode # Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits) # Gebruiker : nielsho - GMB_LT_R010 # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Documents and Settings\nielsho\Bureaublad\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** File Verwijdert : C:\Documents and Settings\nielsho\Local Settings\Application Data\funmoods-speeddial.crx File Verwijdert : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml File Verwijdert : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml File Verwijdert : C:\user.js File Verwijdert : C:\WINDOWS\system32\conduitEngine.tmp Map Verwijdert : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit Map Verwijdert : C:\Documents and Settings\All Users\Application Data\Babylon Map Verwijdert : C:\Documents and Settings\All Users\Application Data\boost_interprocess Map Verwijdert : C:\Documents and Settings\All Users\Application Data\Tarma Installer Map Verwijdert : C:\Documents and Settings\nielsho\Application Data\Babylon Map Verwijdert : C:\Documents and Settings\nielsho\Application Data\searchquband Map Verwijdert : C:\Documents and Settings\nielsho\Application Data\yourfiledownloader Map Verwijdert : C:\Documents and Settings\nielsho\Local Settings\Application Data\Babylon Map Verwijdert : C:\Documents and Settings\nielsho\Local Settings\Application Data\Conduit Map Verwijdert : C:\Documents and Settings\Nielsk\Local Settings\Application Data\Conduit Map Verwijdert : C:\Program Files\1ClickDownload Map Verwijdert : C:\Program Files\Conduit Map Verwijdert : C:\Program Files\Free Offers from Freeze.com Map Verwijdert : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com Map Verwijdert : C:\Program Files\OApps Verwijdert bij het opstarten : C:\Documents and Settings\nielsho\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj Verwijdert bij het opstarten : C:\Documents and Settings\nielsho\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki ***** [Register] ***** Sleutel Verwijdert : HKCU\Software\1ClickDownload Sleutel Verwijdert : HKCU\Software\AppDataLow\AskToolbarInfo Sleutel Verwijdert : HKCU\Software\Ask.com Sleutel Verwijdert : HKCU\Software\AskToolbar Sleutel Verwijdert : HKCU\Software\Conduit Sleutel Verwijdert : HKCU\Software\Crossrider Sleutel Verwijdert : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{82EA3E77-7BD2-4744-A8F2-670770767EC5} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Sleutel Verwijdert : HKCU\Software\Need2Find Sleutel Verwijdert : HKCU\Software\YourFileDownloader Sleutel Verwijdert : HKLM\Software\Babylon Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escort.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Conduit.Engine Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Prod.cap Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT1750559 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 Sleutel Verwijdert : HKLM\Software\Conduit Sleutel Verwijdert : HKLM\Software\Freeze.com Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco Sleutel Verwijdert : HKLM\Software\Iminent Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods Sleutel Verwijdert : HKLM\Software\Need2Find Sleutel Verwijdert : HKLM\Software\P2P Networking Sleutel Verwijdert : HKLM\Software\YourFileDownloader Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] ***** [Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Google Chrome v [Onmogelijk de versie te verkrijgen] File : C:\Documents and Settings\nielsho\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[S1].txt - [6173 octets] - [27/01/2013 18:35:55] ########## EOF - C:\AdwCleaner[S1].txt - [6233 octets] ##########
  • Goed gedaan, datr ruimt al op. Nu ComboFix doen.
  • ... en tenslotte het CombiFix log bestand: ComboFix 13-01-27.03 - nielsho 27-01-2013 19:02:07.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.583 [GMT 1:00] Gestart vanuit: c:\documents and settings\nielsho\Bureaublad\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-12-27 to 2013-01-27 )))))))))))))))))))))))))))))) . . 2013-01-27 13:28 . 2013-01-27 13:28 -------- d-----w- c:\documents and settings\nielsho\Local Settings\Application Data\Nero_AG 2013-01-26 19:12 . 2013-01-08 04:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BE839BB-19D9-45B6-B246-F8DBE18D479B}\mpengine.dll 2013-01-26 11:21 . 2013-01-27 15:22 -------- d--h--r- c:\documents and settings\nielsho\Onlangs geopend 2013-01-26 08:22 . 2013-01-26 11:19 -------- d-----w- c:\documents and settings\nielsho\Application Data\Systweak 2013-01-26 08:22 . 2012-12-10 11:01 18360 ----a-w- c:\windows\system32\roboot.exe 2013-01-25 18:04 . 2013-01-08 04:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-24 19:29 . 2013-01-25 17:44 -------- d-----w- c:\program files\CodeStuff 2013-01-24 14:45 . 2013-01-24 14:46 -------- d-----w- C:\87bc6957fc66038ef47a4ed331092c66 2013-01-20 16:23 . 2013-01-20 16:23 -------- d-----w- c:\program files\CCleaner 2013-01-13 16:11 . 2013-01-14 01:33 -------- d-----w- C:\36cd03e572844ed81686e9151e6f1f 2013-01-13 15:21 . 2013-01-14 01:33 -------- d-----w- C:\e3a056e9c5c326fc1935fb88 2013-01-09 16:43 . 2013-01-09 16:43 16369160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-12-30 15:10 . 2012-12-30 15:10 -------- d-----w- c:\documents and settings\nielsho\triplea 2012-12-29 20:41 . 2013-01-17 07:45 -------- d-----w- C:\tmp 2012-12-29 20:36 . 2012-12-29 20:36 -------- d-----w- c:\program files\TripleA . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-09 16:43 . 2012-04-01 10:51 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 16:43 . 2011-06-01 18:37 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 12:23 . 2004-08-04 08:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 15:49 . 2012-05-31 20:14 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-13 11:55 . 2004-08-04 08:00 1866496 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 02:00 . 2007-05-15 14:43 1371648 ----a-w- c:\windows\system32\msxml6.dll 2012-11-02 02:03 . 2004-08-04 08:00 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:12 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:12 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-11-01 12:12 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec 2012-01-22 10:57 . 2012-01-22 10:57 22796304 ----a-w- c:\program files\Video-Converter-Platinum.exe 2011-04-24 23:58 . 2011-04-24 23:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll 2011-04-25 00:48 . 2011-04-25 00:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2011-04-25 00:00 . 2011-04-25 00:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2011-04-24 23:59 . 2011-04-24 23:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2011-04-24 23:58 . 2011-04-24 23:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2011-04-24 23:57 . 2011-04-24 23:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2011-04-24 23:58 . 2011-04-24 23:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2011-04-24 23:58 . 2011-04-24 23:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2011-04-24 23:51 . 2011-04-24 23:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2011-04-25 00:00 . 2011-04-25 00:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192] "ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-29 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsmqIntCert"="mqrt.dll" [2008-04-14 177152] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 163840] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\BTTray.lnk backup=c:\windows\pss\BTTray.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^DVD Check.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\DVD Check.lnk backup=c:\windows\pss\DVD Check.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset] 2007-05-03 09:52 57344 ----a-w- c:\program files\Hewlett-Packard\Default Settings\Cpqset.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX7400 Series] 2007-04-12 06:00 182272 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICDE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-11-13 12:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2007-03-29 13:41 222128 ------w- c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2008-11-20 12:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2007-04-19 11:26 484904 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 17:03 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent] 2010-03-26 08:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete] 2007-05-08 06:38 331552 ----a-w- c:\program files\PDF Complete\pdfsty.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-11-04 09:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-01-29 14:43 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] 2007-05-23 10:00 192512 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2006-11-03 17:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= . R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [4-1-2011 14:29 4064] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [25-4-2011 0:49 65584] R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25-3-2010 13:39 490280] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [24-7-2007 8:14 540448] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [19-9-2006 17:58 36608] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18-12-2009 9:58 11336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-04-19 11:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2013-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 16:43] . 2013-01-27 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-29 09:59] . 2013-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 19:53] . 2013-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 19:53] . 2013-01-27 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = isa01:8080 uInternet Settings,ProxyOverride = hxxp://*.gmb.eu;<local> TCP: DhcpNameServer = 192.168.1.1 DPF: {DC8B04D7-DFBE-46B4-BAB6-61981E896C64} - hxxp://www.virtuocity.eu/download/v223/virtuocity.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-27 19:10 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(1100) c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll . Voltooingstijd: 2013-01-27 19:12:21 ComboFix-quarantined-files.txt 2013-01-27 18:12 ComboFix2.txt 2013-01-26 14:36 ComboFix3.txt 2013-01-24 19:14 . Pre-Run: 81.213.210.624 bytes beschikbaar Post-Run: 81.443.635.200 bytes beschikbaar . - - End Of File - - 97746AC91D3908C23E0C91F8561D2796
  • Download naar je bureaublad [url=http://screen317.spywareinfoforum.org/SecurityCheck.exe][b:5235811bb5][color=#0000FF:5235811bb5]Security Check[/color:5235811bb5][/b:5235811bb5][/url]. [list:5235811bb5][*:5235811bb5] Klik/dubbelklik op [b:5235811bb5]SecurityCheck.exe[/b:5235811bb5] en let op de instrukties in het zwarte venster. [*:5235811bb5] Een Kladblok document genaamd [b:5235811bb5]checkup.txt[/b:5235811bb5] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad. [*:5235811bb5] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:5235811bb5] Post de inhoud van [b:5235811bb5]checkup.txt [/b:5235811bb5]in je volgende post.
  • Hallo Abraham, Hierbij de Security Check: Results of screen317's Security Check version 0.99.57 Windows XP Service Pack 3 x86 Internet Explorer 8 [b:19c4e42c8d][u:19c4e42c8d]``````````````Antivirus/Firewall Check:``````````````[/b:19c4e42c8d][/u:19c4e42c8d] [color=red:19c4e42c8d][b:19c4e42c8d]Windows Security Center service is not running! This report may not be accurate![/b:19c4e42c8d][/color:19c4e42c8d] Microsoft Security Essentials Antivirus up to date! [b:19c4e42c8d][u:19c4e42c8d]`````````Anti-malware/Other Utilities Check:`````````[/b:19c4e42c8d][/u:19c4e42c8d] Windows Defender Malwarebytes Anti-Malware versie 1.70.0.1100 CCleaner Java(TM) 6 Update 22 Java(TM) SE Runtime Environment 6 Java(TM) 6 Update 3 Java(TM) 6 Update 5 Java(TM) 6 Update 7 [color=red:19c4e42c8d][b:19c4e42c8d]Java version out of Date![/b:19c4e42c8d][/color:19c4e42c8d] Adobe Flash Player 11.5.502.146 Adobe Reader 7 [color=red:19c4e42c8d][b:19c4e42c8d]Adobe Reader out of Date![/b:19c4e42c8d][/color:19c4e42c8d] [b:19c4e42c8d][u:19c4e42c8d]````````Process Check: objlist.exe by Laurent````````[/b:19c4e42c8d][/u:19c4e42c8d] Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe [b:19c4e42c8d][u:19c4e42c8d]`````````````````System Health check`````````````````[/b:19c4e42c8d][/u:19c4e42c8d] Total Fragmentation on Drive C:: [b:19c4e42c8d][u:19c4e42c8d]````````````````````End of Log``````````````````````[/b:19c4e42c8d][/u:19c4e42c8d]

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.