Vraag & Antwoord

Beveiliging & privacy

startsear.ch verwijderen lukt me niet

Anoniem
None
19 antwoorden
  • Hallo,

    Ik had op dit fora een begeleidende oplossing gezien om startsear.ch te verwijderen. Is er misschien iemand die daarbij wil helpen - vermits er blijkbaar gewerkt wordt aan de hand van logfiles e.d.?

    Alvast bedankt, beste groeten
  • [b:f5fe4ebd0a]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:f5fe4ebd0a]
  • Bedankt Abraham54.

    Heb de twee logfiles, maar had daarstraks, nog voor m'n vraag, zelf al via hjt (had dat programma al langer) de betrokken startsearch-entries gewist (echter zonder resultaat). Had zelfs de hjt-backups van deze entries ook al verwijderd. Dus van die file ga je misschien niet veel wijzer worden? Dien de entries dan over te typen van een print-screen die ik gemaakt had voor het verwijderen, tenzij ikl die wordfile bij u kan krijgen via 'n mailtje?

    Grts - hier de 2 files alvast

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Databaseversie: 8308

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    4/12/2011 17:09:13
    mbam-log-2011-12-04 (17-09-13).txt

    Scantype: Snelle scan
    Objecten gescand: 168511
    Verstreken tijd: 7 minuut/minuten, 1 seconde(n)

    Geheugenprocessen geпnfecteerd: 0
    Geheugenmodulen geпnfecteerd: 0
    Registersleutels geпnfecteerd: 0
    Registerwaarden geпnfecteerd: 1
    Registerdata geпnfecteerd: 4
    Mappen geпnfecteerd: 0
    Bestanden geпnfecteerd: 1

    Geheugenprocessen geпnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geпnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geпnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geпnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.

    Registerdata geпnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Mappen geпnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geпnfecteerd:
    d:\mijn documenten\downloads\Unibet.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:58:14, on 4/12/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
    C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    D:\Program Files\UberIcon\UberIcon Manager.exe
    D:\Program Files\ResizeEnable\ResizeEnableRunner.exe
    C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe
    C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\VisualTaskTips\VisualTaskTips.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
    C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\Integrator.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
    C:\WINDOWS\System32\TUProgSt.exe
    C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Ad-Aware WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\Lavasoft\Ad-Aware Total Security\WebFilter\AvkWebIE.dll
    O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
    O3 - Toolbar: Ad-Aware WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\Lavasoft\Ad-Aware Total Security\WebFilter\AvkWebIE.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKLM\..\Run: [UberIcon Manager.exe] "D:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKLM\..\Run: [ResizeEnableRunner.exe] "D:\Program Files\ResizeEnable\ResizeEnableRunner.exe"
    O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe
    O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
    O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
    O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277494496484
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieen - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ad-Aware Total Security Proxy (AVKProxy) - Lavasoft AB - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
    O23 - Service: Ad-Aware Scheduler (AVKService) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe
    O23 - Service: Ad-Aware Bestandssysteembewaker (AVKWCtl) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtl.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Ad-Aware Backup Service (GDBackupSvc) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe
    O23 - Service: Ad-Aware Persoonlijke Firewall (GDFwSvc) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvc.exe
    O23 - Service: Ad-Aware Scanner (GDScan) - Lavasoft AB - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
    O23 - Service: Ad-Aware Tuner Service (GDTunerSvc) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ToolTipFixer - NeoSmart Technologies - C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe


    End of file - 11071 bytes
  • Je mag het volgende gaan doen:

  • okidoki - thanks again

    20:29:36.0515 4596 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
    20:29:36.0796 4596 ============================================================
    20:29:36.0796 4596 Current date / time: 2011/12/04 20:29:36.0796
    20:29:36.0796 4596 SystemInfo:
    20:29:36.0796 4596
    20:29:36.0796 4596 OS Version: 5.1.2600 ServicePack: 3.0
    20:29:36.0796 4596 Product type: Workstation
    20:29:36.0796 4596 ComputerName: LACASA-0F273AC4
    20:29:36.0796 4596 UserName: Lacasa
    20:29:36.0796 4596 Windows directory: C:\WINDOWS
    20:29:36.0796 4596 System windows directory: C:\WINDOWS
    20:29:36.0796 4596 Processor architecture: Intel x86
    20:29:36.0796 4596 Number of processors: 2
    20:29:36.0796 4596 Page size: 0x1000
    20:29:36.0796 4596 Boot type: Normal boot
    20:29:36.0796 4596 ============================================================
    20:29:37.0046 4596 Initialize success
    20:29:40.0000 5464 ============================================================
    20:29:40.0000 5464 Scan started
    20:29:40.0000 5464 Mode: Manual;
    20:29:40.0000 5464 ============================================================
    20:29:40.0625 5464 Abiosdsk - ok
    20:29:40.0640 5464 abp480n5 - ok
    20:29:40.0718 5464 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    20:29:40.0718 5464 ACPI - ok
    20:29:40.0812 5464 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
    20:29:40.0812 5464 ACPIEC - ok
    20:29:40.0828 5464 adpu160m - ok
    20:29:40.0875 5464 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    20:29:40.0875 5464 aec - ok
    20:29:40.0968 5464 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    20:29:40.0984 5464 AFD - ok
    20:29:40.0984 5464 Aha154x - ok
    20:29:41.0000 5464 aic78u2 - ok
    20:29:41.0000 5464 aic78xx - ok
    20:29:41.0031 5464 AliIde - ok
    20:29:41.0031 5464 amsint - ok
    20:29:41.0046 5464 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    20:29:41.0062 5464 Arp1394 - ok
    20:29:41.0062 5464 asc - ok
    20:29:41.0078 5464 asc3350p - ok
    20:29:41.0078 5464 asc3550 - ok
    20:29:41.0140 5464 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    20:29:41.0140 5464 AsyncMac - ok
    20:29:41.0156 5464 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    20:29:41.0156 5464 atapi - ok
    20:29:41.0171 5464 Atdisk - ok
    20:29:41.0187 5464 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    20:29:41.0187 5464 Atmarpc - ok
    20:29:41.0250 5464 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    20:29:41.0250 5464 audstub - ok
    20:29:41.0328 5464 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    20:29:41.0328 5464 Beep - ok
    20:29:41.0359 5464 Bulk (94723797133972cc73d0bb622b258088) C:\WINDOWS\system32\Drivers\HDJBulk.sys
    20:29:41.0359 5464 Bulk - ok
    20:29:41.0421 5464 catchme - ok
    20:29:41.0468 5464 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    20:29:41.0468 5464 cbidf2k - ok
    20:29:41.0484 5464 cd20xrnt - ok
    20:29:41.0515 5464 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    20:29:41.0515 5464 Cdaudio - ok
    20:29:41.0562 5464 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    20:29:41.0562 5464 Cdfs - ok
    20:29:41.0593 5464 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    20:29:41.0593 5464 Cdrom - ok
    20:29:41.0625 5464 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
    20:29:41.0625 5464 cercsr6 - ok
    20:29:41.0656 5464 Changer - ok
    20:29:41.0687 5464 CmdIde - ok
    20:29:41.0703 5464 Cpqarray - ok
    20:29:41.0765 5464 ctac32k (177bc4ee3840119a780eafad5a010f8f) C:\WINDOWS\system32\drivers\ctac32k.sys
    20:29:41.0765 5464 ctac32k - ok
    20:29:41.0796 5464 ctaud2k (eb0c0d62d8d2b8f41da149c866e93397) C:\WINDOWS\system32\drivers\ctaud2k.sys
    20:29:41.0796 5464 ctaud2k - ok
    20:29:41.0843 5464 ctdvda2k (5a0eeb00b02fc78605aa9d3590b24978) C:\WINDOWS\system32\drivers\ctdvda2k.sys
    20:29:41.0843 5464 ctdvda2k - ok
    20:29:41.0859 5464 ctprxy2k (7d7eea7ffbc19e1b712d241490be51ed) C:\WINDOWS\system32\drivers\ctprxy2k.sys
    20:29:41.0859 5464 ctprxy2k - ok
    20:29:41.0890 5464 ctsfm2k (538122d33dd4b04cc189d5ca72bd6706) C:\WINDOWS\system32\drivers\ctsfm2k.sys
    20:29:41.0890 5464 ctsfm2k - ok
    20:29:41.0906 5464 dac2w2k - ok
    20:29:41.0906 5464 dac960nt - ok
    20:29:41.0953 5464 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    20:29:41.0953 5464 Disk - ok
    20:29:42.0015 5464 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
    20:29:42.0031 5464 dmboot - ok
    20:29:42.0062 5464 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
    20:29:42.0078 5464 dmio - ok
    20:29:42.0078 5464 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    20:29:42.0078 5464 dmload - ok
    20:29:42.0109 5464 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    20:29:42.0109 5464 DMusic - ok
    20:29:42.0125 5464 dpti2o - ok
    20:29:42.0140 5464 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    20:29:42.0140 5464 drmkaud - ok
    20:29:42.0187 5464 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    20:29:42.0187 5464 e1express - ok
    20:29:42.0234 5464 emupia (8e0eb62be9f9bee7c2e4c50685038e8d) C:\WINDOWS\system32\drivers\emupia2k.sys
    20:29:42.0234 5464 emupia - ok
    20:29:42.0296 5464 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    20:29:42.0296 5464 Fastfat - ok
    20:29:42.0312 5464 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    20:29:42.0328 5464 Fdc - ok
    20:29:42.0343 5464 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
    20:29:42.0343 5464 Fips - ok
    20:29:42.0375 5464 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    20:29:42.0375 5464 Flpydisk - ok
    20:29:42.0390 5464 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    20:29:42.0390 5464 FltMgr - ok
    20:29:42.0421 5464 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    20:29:42.0421 5464 Fs_Rec - ok
    20:29:42.0437 5464 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    20:29:42.0437 5464 Ftdisk - ok
    20:29:42.0468 5464 GDBehave (f074fc0594e6e0bf1f6dd197c7c1e141) C:\WINDOWS\system32\drivers\GDBehave.sys
    20:29:42.0468 5464 GDBehave - ok
    20:29:42.0484 5464 GDMnIcpt (ce8deffa86465d6acb61c0952c9a524a) C:\WINDOWS\system32\drivers\MiniIcpt.sys
    20:29:42.0484 5464 GDMnIcpt - ok
    20:29:42.0484 5464 GDNdisIc (d5dc02aa98917f8e5ee8777f82fc7148) C:\WINDOWS\system32\drivers\GDNdisIc.sys
    20:29:42.0500 5464 GDNdisIc - ok
    20:29:42.0515 5464 GDTdiInterceptor (051f27f0aa00612407b58eb22d35fd5c) C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
    20:29:42.0531 5464 GDTdiInterceptor - ok
    20:29:42.0578 5464 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    20:29:42.0578 5464 GEARAspiWDM - ok
    20:29:42.0625 5464 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    20:29:42.0625 5464 Gpc - ok
    20:29:42.0640 5464 GRD (9a912682d2f1990ff9cffcf9a3fff506) C:\WINDOWS\system32\drivers\GRD.sys
    20:29:42.0640 5464 GRD - ok
    20:29:42.0703 5464 ha20x2k (f2607d0d89f57d3564cf65a61a237f1a) C:\WINDOWS\system32\drivers\ha20x2k.sys
    20:29:42.0703 5464 ha20x2k - ok
    20:29:42.0750 5464 HDJAsioK (f341ff91ef043ab9a0e5ff8e29732026) C:\WINDOWS\system32\Drivers\HDJAsioK.sys
    20:29:42.0750 5464 HDJAsioK - ok
    20:29:42.0781 5464 HDJMidi (f90be5d5d6c26b8a5caa9712273631cd) C:\WINDOWS\system32\DRIVERS\HDJMidi.sys
    20:29:42.0781 5464 HDJMidi - ok
    20:29:42.0796 5464 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    20:29:42.0812 5464 hidusb - ok
    20:29:42.0859 5464 HookCentre (cb44a699b8d2a494ffd19dbd9bedfe84) C:\WINDOWS\system32\drivers\HookCentre.sys
    20:29:42.0859 5464 HookCentre - ok
    20:29:42.0875 5464 hpn - ok
    20:29:42.0906 5464 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    20:29:42.0906 5464 HPZid412 - ok
    20:29:42.0937 5464 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    20:29:42.0937 5464 HPZipr12 - ok
    20:29:42.0953 5464 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    20:29:42.0953 5464 HPZius12 - ok
    20:29:42.0984 5464 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    20:29:43.0000 5464 HTTP - ok
    20:29:43.0015 5464 i2omgmt - ok
    20:29:43.0015 5464 i2omp - ok
    20:29:43.0062 5464 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\drivers\i8042prt.sys
    20:29:43.0062 5464 i8042prt - ok
    20:29:43.0093 5464 iastor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\DRIVERS\iaStor.sys
    20:29:43.0109 5464 iastor - ok
    20:29:43.0125 5464 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    20:29:43.0125 5464 Imapi - ok
    20:29:43.0156 5464 ini910u - ok
    20:29:43.0171 5464 IntelIde - ok
    20:29:43.0218 5464 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    20:29:43.0218 5464 intelppm - ok
    20:29:43.0250 5464 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    20:29:43.0250 5464 Ip6Fw - ok
    20:29:43.0281 5464 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    20:29:43.0281 5464 IpFilterDriver - ok
    20:29:43.0312 5464 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    20:29:43.0312 5464 IpInIp - ok
    20:29:43.0343 5464 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    20:29:43.0343 5464 IpNat - ok
    20:29:43.0375 5464 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    20:29:43.0375 5464 IPSec - ok
    20:29:43.0406 5464 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    20:29:43.0406 5464 IRENUM - ok
    20:29:43.0437 5464 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    20:29:43.0437 5464 isapnp - ok
    20:29:43.0468 5464 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    20:29:43.0468 5464 Kbdclass - ok
    20:29:43.0500 5464 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    20:29:43.0515 5464 kbdhid - ok
    20:29:43.0531 5464 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    20:29:43.0531 5464 kmixer - ok
    20:29:43.0562 5464 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    20:29:43.0562 5464 KSecDD - ok
    20:29:43.0578 5464 lbrtfdc - ok
    20:29:43.0593 5464 MBAMSwissArmy - ok
    20:29:43.0625 5464 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    20:29:43.0625 5464 mnmdd - ok
    20:29:43.0656 5464 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
    20:29:43.0656 5464 Modem - ok
    20:29:43.0671 5464 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    20:29:43.0671 5464 Mouclass - ok
    20:29:43.0703 5464 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    20:29:43.0703 5464 mouhid - ok
    20:29:43.0703 5464 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    20:29:43.0718 5464 MountMgr - ok
    20:29:43.0750 5464 MQAC (eee50bf24caeedb515a8f3b22756d3bb) C:\WINDOWS\system32\drivers\mqac.sys
    20:29:43.0750 5464 MQAC - ok
    20:29:43.0765 5464 mraid35x - ok
    20:29:43.0796 5464 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    20:29:43.0796 5464 MRxDAV - ok
    20:29:43.0890 5464 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    20:29:43.0890 5464 MRxSmb - ok
    20:29:43.0906 5464 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    20:29:43.0906 5464 Msfs - ok
    20:29:43.0953 5464 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    20:29:43.0953 5464 MSKSSRV - ok
    20:29:44.0015 5464 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    20:29:44.0015 5464 MSPCLOCK - ok
    20:29:44.0031 5464 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    20:29:44.0046 5464 MSPQM - ok
    20:29:44.0078 5464 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    20:29:44.0078 5464 mssmbios - ok
    20:29:44.0078 5464 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    20:29:44.0093 5464 Mup - ok
    20:29:44.0125 5464 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    20:29:44.0125 5464 NDIS - ok
    20:29:44.0140 5464 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    20:29:44.0140 5464 NdisTapi - ok
    20:29:44.0187 5464 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    20:29:44.0187 5464 Ndisuio - ok
    20:29:44.0203 5464 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    20:29:44.0218 5464 NdisWan - ok
    20:29:44.0234 5464 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    20:29:44.0234 5464 NDProxy - ok
    20:29:44.0234 5464 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    20:29:44.0234 5464 NetBIOS - ok
    20:29:44.0265 5464 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    20:29:44.0265 5464 NetBT - ok
    20:29:44.0328 5464 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    20:29:44.0328 5464 NIC1394 - ok
    20:29:44.0390 5464 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    20:29:44.0390 5464 Npfs - ok
    20:29:44.0468 5464 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    20:29:44.0468 5464 Ntfs - ok
    20:29:44.0484 5464 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    20:29:44.0500 5464 Null - ok
    20:29:44.0671 5464 nv (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    20:29:44.0718 5464 nv - ok
    20:29:44.0796 5464 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    20:29:44.0796 5464 NwlnkFlt - ok
    20:29:44.0812 5464 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    20:29:44.0812 5464 NwlnkFwd - ok
    20:29:44.0843 5464 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    20:29:44.0859 5464 ohci1394 - ok
    20:29:44.0890 5464 ossrv (611b58c2fd89aa9e80743a197ba62277) C:\WINDOWS\system32\drivers\ctoss2k.sys
    20:29:44.0890 5464 ossrv - ok
    20:29:44.0921 5464 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
    20:29:44.0921 5464 Parport - ok
    20:29:44.0937 5464 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    20:29:44.0937 5464 PartMgr - ok
    20:29:44.0968 5464 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
    20:29:44.0984 5464 ParVdm - ok
    20:29:44.0984 5464 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
    20:29:44.0984 5464 PCI - ok
    20:29:45.0000 5464 PCIDump - ok
    20:29:45.0031 5464 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
    20:29:45.0031 5464 PCIIde - ok
    20:29:45.0046 5464 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
    20:29:45.0046 5464 Pcmcia - ok
    20:29:45.0062 5464 PDCOMP - ok
    20:29:45.0062 5464 PDFRAME - ok
    20:29:45.0078 5464 PDRELI - ok
    20:29:45.0093 5464 PDRFRAME - ok
    20:29:45.0093 5464 perc2 - ok
    20:29:45.0109 5464 perc2hib - ok
    20:29:45.0140 5464 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    20:29:45.0140 5464 PptpMiniport - ok
    20:29:45.0171 5464 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    20:29:45.0171 5464 PSched - ok
    20:29:45.0203 5464 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    20:29:45.0203 5464 Ptilink - ok
    20:29:45.0234 5464 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    20:29:45.0234 5464 PxHelp20 - ok
    20:29:45.0359 5464 ql1080 - ok
    20:29:45.0375 5464 Ql10wnt - ok
    20:29:45.0390 5464 ql12160 - ok
    20:29:45.0406 5464 ql1240 - ok
    20:29:45.0406 5464 ql1280 - ok
    20:29:45.0437 5464 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    20:29:45.0437 5464 RasAcd - ok
    20:29:45.0468 5464 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    20:29:45.0468 5464 Rasl2tp - ok
    20:29:45.0484 5464 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    20:29:45.0484 5464 RasPppoe - ok
    20:29:45.0500 5464 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    20:29:45.0500 5464 Raspti - ok
    20:29:45.0531 5464 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    20:29:45.0531 5464 Rdbss - ok
    20:29:45.0546 5464 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    20:29:45.0546 5464 RDPCDD - ok
    20:29:45.0562 5464 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    20:29:45.0562 5464 rdpdr - ok
    20:29:45.0593 5464 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    20:29:45.0593 5464 RDPWD - ok
    20:29:45.0625 5464 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
    20:29:45.0625 5464 redbook - ok
    20:29:45.0671 5464 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
    20:29:45.0671 5464 RMCAST - ok
    20:29:45.0734 5464 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    20:29:45.0734 5464 Secdrv - ok
    20:29:45.0765 5464 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys
    20:29:45.0781 5464 Serial - ok
    20:29:45.0843 5464 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    20:29:45.0843 5464 Sfloppy - ok
    20:29:45.0859 5464 Simbad - ok
    20:29:45.0875 5464 Sparrow - ok
    20:29:45.0906 5464 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    20:29:45.0906 5464 splitter - ok
    20:29:45.0921 5464 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
    20:29:45.0937 5464 sr - ok
    20:29:45.0968 5464 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
    20:29:45.0968 5464 Srv - ok
    20:29:45.0984 5464 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
    20:29:45.0984 5464 StarOpen - ok
    20:29:46.0015 5464 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    20:29:46.0015 5464 swenum - ok
    20:29:46.0031 5464 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    20:29:46.0031 5464 swmidi - ok
    20:29:46.0046 5464 symc810 - ok
    20:29:46.0062 5464 symc8xx - ok
    20:29:46.0062 5464 sym_hi - ok
    20:29:46.0078 5464 sym_u3 - ok
    20:29:46.0093 5464 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    20:29:46.0093 5464 sysaudio - ok
    20:29:46.0156 5464 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    20:29:46.0156 5464 Tcpip - ok
    20:29:46.0171 5464 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    20:29:46.0187 5464 TDPIPE - ok
    20:29:46.0250 5464 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    20:29:46.0250 5464 TDTCP - ok
    20:29:46.0265 5464 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    20:29:46.0281 5464 TermDD - ok
    20:29:46.0296 5464 TosIde - ok
    20:29:46.0343 5464 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    20:29:46.0343 5464 Udfs - ok
    20:29:46.0359 5464 ultra - ok
    20:29:46.0406 5464 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    20:29:46.0406 5464 Update - ok
    20:29:46.0468 5464 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
    20:29:46.0468 5464 USBAAPL - ok
    20:29:46.0500 5464 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    20:29:46.0515 5464 usbaudio - ok
    20:29:46.0531 5464 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    20:29:46.0531 5464 usbccgp - ok
    20:29:46.0562 5464 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    20:29:46.0562 5464 usbehci - ok
    20:29:46.0578 5464 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    20:29:46.0593 5464 usbhub - ok
    20:29:46.0640 5464 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    20:29:46.0640 5464 usbprint - ok
    20:29:46.0671 5464 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    20:29:46.0687 5464 usbscan - ok
    20:29:46.0687 5464 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    20:29:46.0687 5464 usbstor - ok
    20:29:46.0703 5464 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    20:29:46.0703 5464 usbuhci - ok
    20:29:46.0734 5464 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    20:29:46.0734 5464 VgaSave - ok
    20:29:46.0750 5464 ViaIde - ok
    20:29:46.0796 5464 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
    20:29:46.0796 5464 VolSnap - ok
    20:29:46.0828 5464 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    20:29:46.0828 5464 Wanarp - ok
    20:29:46.0828 5464 WDICA - ok
    20:29:46.0875 5464 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    20:29:46.0875 5464 wdmaud - ok
    20:29:46.0968 5464 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    20:29:46.0984 5464 WudfPf - ok
    20:29:46.0984 5464 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    20:29:46.0984 5464 WudfRd - ok
    20:29:47.0031 5464 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
    20:29:47.0125 5464 \Device\Harddisk0\DR0 - ok
    20:29:47.0125 5464 Boot (0x1200) (8ba678d147c37147297ab2ed5385e00e) \Device\Harddisk0\DR0\Partition0
    20:29:47.0125 5464 \Device\Harddisk0\DR0\Partition0 - ok
    20:29:47.0156 5464 Boot (0x1200) (f852c439068ac92afd191105269a5c99) \Device\Harddisk0\DR0\Partition1
    20:29:47.0156 5464 \Device\Harddisk0\DR0\Partition1 - ok
    20:29:47.0171 5464 ============================================================
    20:29:47.0171 5464 Scan finished
    20:29:47.0171 5464 ============================================================
    20:29:47.0171 0844 Detected object count: 0
    20:29:47.0171 0844 Actual detected object count: 0


    ComboFix 11-12-04.03 - Lacasa 04/12/2011 20:16:23.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.3326.2558 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Lacasa\Bureaublad\ComboFix.exe
    AV: Ad-Aware Total Security *Disabled/Updated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
    FW: Ad-Aware Persoonlijke Firewall *Disabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Lacasa\Application Data\dach100.dll
    c:\documents and settings\Lacasa\Application Data\Local
    c:\documents and settings\Lacasa\Application Data\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
    c:\documents and settings\Lacasa\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
    c:\program files\StartSearch plugin
    c:\program files\StartSearch plugin\vshareplg.crx
    c:\windows\system32\Cache
    c:\windows\system32\drivers\1028_DELL_XPS_Dell DXP051 .MRK
    c:\windows\system32\drivers\DELL_XPS_Dell DXP051 .MRK
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-11-04 to 2011-12-04 ))))))))))))))))))))))))))))))
    .
    .
    2011-12-04 18:57 . 2011-12-04 18:57 ——– d–h–r- c:\documents and settings\Lacasa\Onlangs geopend
    2011-12-04 15:40 . 2011-12-04 15:40 ——– d—–w- c:\documents and settings\Lacasa\Application Data\Malwarebytes
    2011-12-04 15:40 . 2011-12-04 15:40 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-12-04 15:40 . 2011-08-31 16:00 22216 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-04 15:40 . 2011-12-04 15:40 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-04 15:26 . 2011-12-04 15:26 ——– d—–w- c:\windows\system32\wbem\Repository
    2011-11-24 12:27 . 2011-11-24 12:27 ——– d—–w- c:\documents and settings\NetworkService\Application Data\Apple Computer
    2011-11-24 09:57 . 2011-11-24 09:57 ——– d—–w- c:\program files\iPod
    2011-11-24 09:57 . 2011-11-24 09:58 ——– d—–w- c:\program files\iTunes
    2011-11-24 09:53 . 2011-11-24 09:53 ——– d—–w- c:\documents and settings\LocalService\Application Data\Apple Computer
    2011-11-24 09:52 . 2011-11-24 09:52 ——– d—–w- c:\program files\Bonjour
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-15 07:46 . 2011-05-17 16:13 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-20 20:42 . 2011-09-20 20:42 68976 —-a-w- c:\windows\system32\drivers\GRD.sys
    2011-09-20 20:31 . 2011-09-20 20:31 51400 —-a-w- c:\windows\system32\drivers\GDTdiIcpt.sys
    2011-09-20 20:31 . 2011-09-20 20:31 29640 —-a-w- c:\windows\system32\drivers\GDNdisIc.sys
    2011-09-20 20:31 . 2011-09-20 20:31 62024 —-a-w- c:\windows\system32\drivers\MiniIcpt.sys
    2011-09-20 20:31 . 2011-09-20 20:31 38600 —-a-w- c:\windows\system32\drivers\HookCentre.sys
    2011-09-20 20:31 . 2011-09-20 20:31 33480 —-a-w- c:\windows\system32\drivers\GDBehave.sys
    2011-09-20 20:29 . 2011-09-20 20:32 15880 —-a-w- c:\windows\system32\lsdelete.exe
    2011-11-24 14:35 . 2011-05-08 07:25 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyA1.dll" [2010-06-26 2515552]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
    "CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
    "UberIcon Manager.exe"="d:\program files\UberIcon\UberIcon Manager.exe" [2007-08-17 159744]
    "DJ Console Mk2"="c:\program files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe" [2005-11-14 212992]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
    "G Data AntiVirus Tray Application"="c:\program files\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe" [2010-06-29 981504]
    "GDFirewallTray"="c:\program files\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe" [2010-06-29 1550576]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
    .
    c:\documents and settings\Lacasa\Menu Start\Programma's\Opstarten\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    AntiCrash.lnk - c:\program files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 2301798]
    Hare.lnk - c:\program files\Dachshund Software\Hare\Hare.exe [2002-9-21 1874381]
    Zoom.lnk - c:\program files\Dachshund Software\Zoom\Zoom.exe [2002-9-21 1446302]
    .
    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "MaxRecentDocs"= 74 (0x4a)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
    "NoAutoUpdate"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiSpyWareDisableNotify"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\mqsvc.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [20/09/2011 21:31 33480]
    R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [20/09/2011 21:31 29640]
    R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [20/09/2011 21:31 62024]
    R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [20/09/2011 21:42 68976]
    R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [20/09/2011 21:31 38600]
    R2 AVKProxy;Ad-Aware Total Security Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [29/06/2010 16:22 1081384]
    R2 AVKService;Ad-Aware Scheduler;c:\program files\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe [29/06/2010 16:22 412944]
    R2 AVKWCtl;Ad-Aware Bestandssysteembewaker;c:\program files\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtl.exe [23/06/2010 11:35 1635672]
    R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [20/09/2011 21:31 51400]
    R2 ToolTipFixer;ToolTipFixer;c:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [14/10/2008 18:33 61952]
    R3 Bulk;HDJBulk;c:\windows\system32\drivers\HDJBulk.sys [7/07/2010 21:56 43136]
    R3 GDFwSvc;Ad-Aware Persoonlijke Firewall;c:\program files\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvc.exe [15/06/2010 10:14 1834432]
    R3 GDScan;Ad-Aware Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [29/06/2010 16:16 624064]
    R3 HDJAsioK;HDJAsioK;c:\windows\system32\drivers\HDJASIOK.sys [7/07/2010 21:56 127104]
    R3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\hdjmidi.sys [7/07/2010 21:56 39424]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 13:51 135664]
    S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [6/05/2009 08:08 104272]
    S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe [26/06/2010 09:46 406016]
    S3 GDBackupSvc;Ad-Aware Backup Service;c:\program files\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe [29/06/2010 16:15 911976]
    S3 GDTunerSvc;Ad-Aware Tuner Service;c:\program files\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe [29/06/2010 16:15 1234896]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 13:51 135664]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys –> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - 09197175
    *Deregistered* - 09197175
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-12-01 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 14:54]
    .
    2011-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
    .
    2011-12-04 c:\windows\Tasks\GlaryInitialize.job
    - d:\program files\Glary Utilities\initialize.exe [2010-06-21 09:14]
    .
    2011-11-14 c:\windows\Tasks\GlaryOneClickOptimizer.job
    - d:\program files\Glary Utilities\oneclickoptimizer.exe [2010-06-21 09:14]
    .
    2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 12:51]
    .
    2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 12:51]
    .
    2011-10-01 c:\windows\Tasks\Lavasoft Registry Tuner.job
    - c:\program files\Lavasoft\Lavasoft Registry Tuner\Lavasoft Registry Tuner.exe [2011-04-13 17:02]
    .
    2011-12-04 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.be/
    uInternet Settings,ProxyOverride = <local>;*.local
    TCP: DhcpNameServer = 195.130.131.132 195.130.130.4
    FF - ProfilePath - c:\documents and settings\Lacasa\Application Data\Mozilla\Firefox\Profiles\r40n3ric.default\
    FF - prefs.js: browser.search.selectedEngine - Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=2&cf=32217d96-1e7e-11e1-a604-00123f7d9a42
    FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=2&src=sp&cf=32217d96-1e7e-11e1-a604-00123f7d9a42&q=
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-04 20:24
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-12-04 20:27:54
    ComboFix-quarantined-files.txt 2011-12-04 19:27
    .
    Pre-Run: 42.247.659.520 bytes beschikbaar
    Post-Run: 42.419.101.696 bytes beschikbaar
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - D655115AAB7D4CD15A78E2E7EE4D25C9
  • We gaan nu ComboFix middels een script gebruiken.

    Zorg ervoor dat alle openstaande webbrowservensters gesloten zijn.
    Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:88eb821d76]Kladblok (of Notepad)[/b:88eb821d76]". .

    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:88eb821d76]
  • Here it is:

    ComboFix 11-12-04.03 - Lacasa 04/12/2011 21:24:35.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.3326.2737 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Lacasa\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Lacasa\Bureaublad\CFScript.txt
    AV: Ad-Aware Total Security *Disabled/Updated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
    FW: Ad-Aware Persoonlijke Firewall *Disabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Lacasa\Application Data\dach100.dll
    c:\windows\EventSystem.log
    c:\windows\system32\Branded.scr
    c:\windows\system32\Branded.scr.manifest
    c:\windows\system32\usmt\migwiz_a.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-11-04 to 2011-12-04 ))))))))))))))))))))))))))))))
    .
    .
    2011-12-04 18:57 . 2011-12-04 18:57 ——– d–h–r- c:\documents and settings\Lacasa\Onlangs geopend
    2011-12-04 15:40 . 2011-12-04 15:40 ——– d—–w- c:\documents and settings\Lacasa\Application Data\Malwarebytes
    2011-12-04 15:40 . 2011-12-04 15:40 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-12-04 15:40 . 2011-08-31 16:00 22216 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-04 15:40 . 2011-12-04 15:40 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-04 15:26 . 2011-12-04 15:26 ——– d—–w- c:\windows\system32\wbem\Repository
    2011-11-24 12:27 . 2011-11-24 12:27 ——– d—–w- c:\documents and settings\NetworkService\Application Data\Apple Computer
    2011-11-24 09:57 . 2011-11-24 09:57 ——– d—–w- c:\program files\iPod
    2011-11-24 09:57 . 2011-11-24 09:58 ——– d—–w- c:\program files\iTunes
    2011-11-24 09:53 . 2011-11-24 09:53 ——– d—–w- c:\documents and settings\LocalService\Application Data\Apple Computer
    2011-11-24 09:52 . 2011-11-24 09:52 ——– d—–w- c:\program files\Bonjour
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-15 07:46 . 2011-05-17 16:13 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-20 20:42 . 2011-09-20 20:42 68976 —-a-w- c:\windows\system32\drivers\GRD.sys
    2011-09-20 20:31 . 2011-09-20 20:31 51400 —-a-w- c:\windows\system32\drivers\GDTdiIcpt.sys
    2011-09-20 20:31 . 2011-09-20 20:31 29640 —-a-w- c:\windows\system32\drivers\GDNdisIc.sys
    2011-09-20 20:31 . 2011-09-20 20:31 62024 —-a-w- c:\windows\system32\drivers\MiniIcpt.sys
    2011-09-20 20:31 . 2011-09-20 20:31 38600 —-a-w- c:\windows\system32\drivers\HookCentre.sys
    2011-09-20 20:31 . 2011-09-20 20:31 33480 —-a-w- c:\windows\system32\drivers\GDBehave.sys
    2011-09-20 20:29 . 2011-09-20 20:32 15880 —-a-w- c:\windows\system32\lsdelete.exe
    2011-11-24 14:35 . 2011-05-08 07:25 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-12-04_19.24.19 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-12-04 20:32 . 2011-12-04 20:32 16384 c:\windows\temp\Perflib_Perfdata_b24.dat
    + 2011-12-04 20:32 . 2011-12-04 20:32 16384 c:\windows\temp\Perflib_Perfdata_780.dat
    + 2011-12-01 17:29 . 2011-12-04 20:32 227712 c:\windows\system32\inetsrv\MetaBase.bin
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyA1.dll" [2010-06-26 2515552]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
    "CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
    "UberIcon Manager.exe"="d:\program files\UberIcon\UberIcon Manager.exe" [2007-08-17 159744]
    "DJ Console Mk2"="c:\program files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe" [2005-11-14 212992]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
    "G Data AntiVirus Tray Application"="c:\program files\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe" [2010-06-29 981504]
    "GDFirewallTray"="c:\program files\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe" [2010-06-29 1550576]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
    .
    c:\documents and settings\Lacasa\Menu Start\Programma's\Opstarten\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    AntiCrash.lnk - c:\program files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 2301798]
    Hare.lnk - c:\program files\Dachshund Software\Hare\Hare.exe [2002-9-21 1874381]
    Zoom.lnk - c:\program files\Dachshund Software\Zoom\Zoom.exe [2002-9-21 1446302]
    .
    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "MaxRecentDocs"= 74 (0x4a)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
    "NoAutoUpdate"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiSpyWareDisableNotify"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\mqsvc.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [20/09/2011 21:31 33480]
    R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [20/09/2011 21:31 29640]
    R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [20/09/2011 21:31 62024]
    R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [20/09/2011 21:42 68976]
    R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [20/09/2011 21:31 38600]
    R2 AVKProxy;Ad-Aware Total Security Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [29/06/2010 16:22 1081384]
    R2 AVKService;Ad-Aware Scheduler;c:\program files\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe [29/06/2010 16:22 412944]
    R2 AVKWCtl;Ad-Aware Bestandssysteembewaker;c:\program files\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtl.exe [23/06/2010 11:35 1635672]
    R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [20/09/2011 21:31 51400]
    R2 ToolTipFixer;ToolTipFixer;c:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [14/10/2008 18:33 61952]
    R3 Bulk;HDJBulk;c:\windows\system32\drivers\HDJBulk.sys [7/07/2010 21:56 43136]
    R3 GDFwSvc;Ad-Aware Persoonlijke Firewall;c:\program files\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvc.exe [15/06/2010 10:14 1834432]
    R3 GDScan;Ad-Aware Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [29/06/2010 16:16 624064]
    R3 HDJAsioK;HDJAsioK;c:\windows\system32\drivers\HDJASIOK.sys [7/07/2010 21:56 127104]
    R3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\hdjmidi.sys [7/07/2010 21:56 39424]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 13:51 135664]
    S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [6/05/2009 08:08 104272]
    S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe [26/06/2010 09:46 406016]
    S3 GDBackupSvc;Ad-Aware Backup Service;c:\program files\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe [29/06/2010 16:15 911976]
    S3 GDTunerSvc;Ad-Aware Tuner Service;c:\program files\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe [29/06/2010 16:15 1234896]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 13:51 135664]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys –> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-12-01 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 14:54]
    .
    2011-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
    .
    2011-12-04 c:\windows\Tasks\GlaryInitialize.job
    - d:\program files\Glary Utilities\initialize.exe [2010-06-21 09:14]
    .
    2011-11-14 c:\windows\Tasks\GlaryOneClickOptimizer.job
    - d:\program files\Glary Utilities\oneclickoptimizer.exe [2010-06-21 09:14]
    .
    2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 12:51]
    .
    2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 12:51]
    .
    2011-10-01 c:\windows\Tasks\Lavasoft Registry Tuner.job
    - c:\program files\Lavasoft\Lavasoft Registry Tuner\Lavasoft Registry Tuner.exe [2011-04-13 17:02]
    .
    2011-12-04 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.be/
    uInternet Settings,ProxyOverride = <local>;*.local
    TCP: DhcpNameServer = 195.130.131.132 195.130.130.4
    FF - ProfilePath - c:\documents and settings\Lacasa\Application Data\Mozilla\Firefox\Profiles\r40n3ric.default\
    FF - prefs.js: browser.search.selectedEngine - Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=2&cf=32217d96-1e7e-11e1-a604-00123f7d9a42
    FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=2&src=sp&cf=32217d96-1e7e-11e1-a604-00123f7d9a42&q=
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-04 21:32
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'explorer.exe'(3892)
    c:\program files\VisualTaskTips\VttHooks.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\msdtc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\CDBurnerXP\NMSAccessU.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\System32\snmp.exe
    c:\windows\Integrator.exe
    c:\windows\System32\TUProgSt.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-12-04 21:40:14 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-12-04 20:40
    ComboFix2.txt 2011-12-04 19:27
    .
    Pre-Run: 42.421.551.104 bytes beschikbaar
    Post-Run: 42.391.523.328 bytes beschikbaar
    .
    - - End Of File - - 921935EF580B04C97A7E8552E70A38F8
  • Volgende ronde:

    Zorg ervoor dat alle openstaande webbrowservensters gesloten zijn.
    Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:5bf946c6b0]Kladblok (of Notepad)[/b:5bf946c6b0]". .

    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:5bf946c6b0]
  • amai - hopelijk gaat dat ding k.o binnen een paar ronden

    ComboFix 11-12-04.03 - Lacasa 04/12/2011 22:19:11.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.3326.2779 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Lacasa\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Lacasa\Bureaublad\CFScript.txt.txt
    AV: Ad-Aware Total Security *Disabled/Updated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
    FW: Ad-Aware Persoonlijke Firewall *Disabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082}
    .
    FILE ::
    "c:\windows\system32\inetsrv\MetaBase.bin"
    "c:\windows\temp\Perflib_Perfdata_780.dat"
    "c:\windows\temp\Perflib_Perfdata_b24.dat"
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-11-04 to 2011-12-04 ))))))))))))))))))))))))))))))
    .
    .
    2011-12-04 21:30 . 2011-12-04 21:30 64512 —ha-w- c:\documents and settings\Lacasa\Application Data\dach100.dll
    2011-12-04 21:29 . 2011-12-04 21:29 ——– d–h–r- c:\documents and settings\Lacasa\Onlangs geopend
    2011-12-04 15:40 . 2011-12-04 15:40 ——– d—–w- c:\documents and settings\Lacasa\Application Data\Malwarebytes
    2011-12-04 15:40 . 2011-12-04 15:40 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-12-04 15:40 . 2011-08-31 16:00 22216 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-04 15:40 . 2011-12-04 15:40 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-04 15:26 . 2011-12-04 15:26 ——– d—–w- c:\windows\system32\wbem\Repository
    2011-11-24 12:27 . 2011-11-24 12:27 ——– d—–w- c:\documents and settings\NetworkService\Application Data\Apple Computer
    2011-11-24 09:57 . 2011-11-24 09:57 ——– d—–w- c:\program files\iPod
    2011-11-24 09:57 . 2011-11-24 09:58 ——– d—–w- c:\program files\iTunes
    2011-11-24 09:53 . 2011-11-24 09:53 ——– d—–w- c:\documents and settings\LocalService\Application Data\Apple Computer
    2011-11-24 09:52 . 2011-11-24 09:52 ——– d—–w- c:\program files\Bonjour
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-15 07:46 . 2011-05-17 16:13 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-20 20:42 . 2011-09-20 20:42 68976 —-a-w- c:\windows\system32\drivers\GRD.sys
    2011-09-20 20:31 . 2011-09-20 20:31 51400 —-a-w- c:\windows\system32\drivers\GDTdiIcpt.sys
    2011-09-20 20:31 . 2011-09-20 20:31 29640 —-a-w- c:\windows\system32\drivers\GDNdisIc.sys
    2011-09-20 20:31 . 2011-09-20 20:31 62024 —-a-w- c:\windows\system32\drivers\MiniIcpt.sys
    2011-09-20 20:31 . 2011-09-20 20:31 38600 —-a-w- c:\windows\system32\drivers\HookCentre.sys
    2011-09-20 20:31 . 2011-09-20 20:31 33480 —-a-w- c:\windows\system32\drivers\GDBehave.sys
    2011-09-20 20:29 . 2011-09-20 20:32 15880 —-a-w- c:\windows\system32\lsdelete.exe
    2011-11-24 14:35 . 2011-05-08 07:25 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-12-04_19.24.19 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-12-04 21:30 . 2011-12-04 21:30 16384 c:\windows\temp\Perflib_Perfdata_a2c.dat
    + 2011-12-04 21:30 . 2011-12-04 21:30 16384 c:\windows\temp\Perflib_Perfdata_458.dat
    + 2011-12-01 17:29 . 2011-12-04 21:30 227713 c:\windows\system32\inetsrv\MetaBase.bin
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyA1.dll" [2010-06-26 2515552]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
    "CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
    "UberIcon Manager.exe"="d:\program files\UberIcon\UberIcon Manager.exe" [2007-08-17 159744]
    "DJ Console Mk2"="c:\program files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe" [2005-11-14 212992]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
    "G Data AntiVirus Tray Application"="c:\program files\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe" [2010-06-29 981504]
    "GDFirewallTray"="c:\program files\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe" [2010-06-29 1550576]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
    .
    c:\documents and settings\Lacasa\Menu Start\Programma's\Opstarten\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    AntiCrash.lnk - c:\program files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 2301798]
    Hare.lnk - c:\program files\Dachshund Software\Hare\Hare.exe [2002-9-21 1874381]
    Zoom.lnk - c:\program files\Dachshund Software\Zoom\Zoom.exe [2002-9-21 1446302]
    .
    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "MaxRecentDocs"= 74 (0x4a)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
    "NoAutoUpdate"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiSpyWareDisableNotify"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\mqsvc.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [20/09/2011 21:31 33480]
    R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [20/09/2011 21:31 29640]
    R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [20/09/2011 21:31 62024]
    R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [20/09/2011 21:42 68976]
    R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [20/09/2011 21:31 38600]
    R2 AVKProxy;Ad-Aware Total Security Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [29/06/2010 16:22 1081384]
    R2 AVKService;Ad-Aware Scheduler;c:\program files\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe [29/06/2010 16:22 412944]
    R2 AVKWCtl;Ad-Aware Bestandssysteembewaker;c:\program files\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtl.exe [23/06/2010 11:35 1635672]
    R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [20/09/2011 21:31 51400]
    R2 ToolTipFixer;ToolTipFixer;c:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [14/10/2008 18:33 61952]
    R3 Bulk;HDJBulk;c:\windows\system32\drivers\HDJBulk.sys [7/07/2010 21:56 43136]
    R3 GDFwSvc;Ad-Aware Persoonlijke Firewall;c:\program files\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvc.exe [15/06/2010 10:14 1834432]
    R3 GDScan;Ad-Aware Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [29/06/2010 16:16 624064]
    R3 HDJAsioK;HDJAsioK;c:\windows\system32\drivers\HDJASIOK.sys [7/07/2010 21:56 127104]
    R3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\hdjmidi.sys [7/07/2010 21:56 39424]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 13:51 135664]
    S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [6/05/2009 08:08 104272]
    S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe [26/06/2010 09:46 406016]
    S3 GDBackupSvc;Ad-Aware Backup Service;c:\program files\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe [29/06/2010 16:15 911976]
    S3 GDTunerSvc;Ad-Aware Tuner Service;c:\program files\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe [29/06/2010 16:15 1234896]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 13:51 135664]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys –> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-12-01 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 14:54]
    .
    2011-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
    .
    2011-12-04 c:\windows\Tasks\GlaryInitialize.job
    - d:\program files\Glary Utilities\initialize.exe [2010-06-21 09:14]
    .
    2011-11-14 c:\windows\Tasks\GlaryOneClickOptimizer.job
    - d:\program files\Glary Utilities\oneclickoptimizer.exe [2010-06-21 09:14]
    .
    2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 12:51]
    .
    2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 12:51]
    .
    2011-10-01 c:\windows\Tasks\Lavasoft Registry Tuner.job
    - c:\program files\Lavasoft\Lavasoft Registry Tuner\Lavasoft Registry Tuner.exe [2011-04-13 17:02]
    .
    2011-12-04 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.be/
    uInternet Settings,ProxyOverride = <local>;*.local
    TCP: DhcpNameServer = 195.130.131.132 195.130.130.4
    FF - ProfilePath - c:\documents and settings\Lacasa\Application Data\Mozilla\Firefox\Profiles\r40n3ric.default\
    FF - prefs.js: browser.search.selectedEngine - Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=2&cf=32217d96-1e7e-11e1-a604-00123f7d9a42
    FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=2&src=sp&cf=32217d96-1e7e-11e1-a604-00123f7d9a42&q=
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-04 22:30
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'explorer.exe'(5488)
    c:\program files\VisualTaskTips\VttHooks.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\msdtc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\CDBurnerXP\NMSAccessU.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\System32\snmp.exe
    c:\windows\System32\TUProgSt.exe
    c:\windows\Integrator.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Lavasoft\Ad-Aware Total Security\Firewall\GDFwAdmin.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-12-04 22:34:37 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-12-04 21:34
    ComboFix2.txt 2011-12-04 20:40
    ComboFix3.txt 2011-12-04 19:27
    .
    Pre-Run: 42.474.004.480 bytes beschikbaar
    Post-Run: 42.449.457.152 bytes beschikbaar
    .
    - - End Of File - - CCB224F1BCE82F3772BF6F2617A9FD4B
    :x :x
  • Hmm, ComboFix schijnt de twee searchearls in Firefox niet te kunnen verwijderen.

    Dus dat proberen we nogmaals:

    Zorg ervoor dat alle openstaande webbrowservensters gesloten zijn.
    Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:14f9609bd6]Kladblok (of Notepad)[/b:14f9609bd6]". .

    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:14f9609bd6]
  • Ok bedankt - ik had je bericht nog niet gezien, geen waarschuwing meer ontvangen via mail, vreemd.

    Heb in m'n AdAware alles uitgeschakeld en 'n combofix-update gedaan. Wel is het zo dat ik, nog voor ik op dit forum terechtkwam, via hjt zelf de startsear.ch entries heb verwijderd - hopelijk ligt het hier niet aan…


    ComboFix 11-12-06.01 - Lacasa 07/12/2011 9:19.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.3326.2702 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Lacasa\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Lacasa\Bureaublad\CFScript.txt
    AV: Ad-Aware Total Security *Disabled/Updated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
    FW: Ad-Aware Persoonlijke Firewall *Disabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Lacasa\Application Data\dach100.dll
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-11-07 to 2011-12-07 ))))))))))))))))))))))))))))))
    .
    .
    2011-12-06 23:42 . 2011-12-06 23:42 ——– d–h–r- c:\documents and settings\Lacasa\Onlangs geopend
    2011-12-06 17:25 . 2001-09-06 20:27 5632 —-a-w- c:\windows\system32\ptpusb.dll
    2011-12-06 17:25 . 2008-04-14 18:02 159232 —-a-w- c:\windows\system32\ptpusd.dll
    2011-12-04 15:40 . 2011-12-04 15:40 ——– d—–w- c:\documents and settings\Lacasa\Application Data\Malwarebytes
    2011-12-04 15:40 . 2011-12-04 15:40 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-12-04 15:40 . 2011-08-31 16:00 22216 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-04 15:40 . 2011-12-04 15:40 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-04 15:26 . 2011-12-04 15:26 ——– d—–w- c:\windows\system32\wbem\Repository
    2011-11-24 12:27 . 2011-11-24 12:27 ——– d—–w- c:\documents and settings\NetworkService\Application Data\Apple Computer
    2011-11-24 09:57 . 2011-11-24 09:57 ——– d—–w- c:\program files\iPod
    2011-11-24 09:57 . 2011-11-24 09:58 ——– d—–w- c:\program files\iTunes
    2011-11-24 09:53 . 2011-11-24 09:53 ——– d—–w- c:\documents and settings\LocalService\Application Data\Apple Computer
    2011-11-24 09:52 . 2011-11-24 09:52 ——– d—–w- c:\program files\Bonjour
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-15 07:46 . 2011-05-17 16:13 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-20 20:42 . 2011-09-20 20:42 68976 —-a-w- c:\windows\system32\drivers\GRD.sys
    2011-09-20 20:31 . 2011-09-20 20:31 51400 —-a-w- c:\windows\system32\drivers\GDTdiIcpt.sys
    2011-09-20 20:31 . 2011-09-20 20:31 29640 —-a-w- c:\windows\system32\drivers\GDNdisIc.sys
    2011-09-20 20:31 . 2011-09-20 20:31 62024 —-a-w- c:\windows\system32\drivers\MiniIcpt.sys
    2011-09-20 20:31 . 2011-09-20 20:31 38600 —-a-w- c:\windows\system32\drivers\HookCentre.sys
    2011-09-20 20:31 . 2011-09-20 20:31 33480 —-a-w- c:\windows\system32\drivers\GDBehave.sys
    2011-09-20 20:29 . 2011-09-20 20:32 15880 —-a-w- c:\windows\system32\lsdelete.exe
    2011-11-24 14:35 . 2011-05-08 07:25 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyA1.dll" [2010-06-26 2515552]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
    "CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
    "UberIcon Manager.exe"="d:\program files\UberIcon\UberIcon Manager.exe" [2007-08-17 159744]
    "DJ Console Mk2"="c:\program files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe" [2005-11-14 212992]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
    "G Data AntiVirus Tray Application"="c:\program files\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe" [2010-06-29 981504]
    "GDFirewallTray"="c:\program files\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe" [2010-06-29 1550576]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
    .
    c:\documents and settings\Lacasa\Menu Start\Programma's\Opstarten\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    AntiCrash.lnk - c:\program files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 2301798]
    Hare.lnk - c:\program files\Dachshund Software\Hare\Hare.exe [2002-9-21 1874381]
    Zoom.lnk - c:\program files\Dachshund Software\Zoom\Zoom.exe [2002-9-21 1446302]
    .
    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "MaxRecentDocs"= 74 (0x4a)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
    "NoAutoUpdate"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiSpyWareDisableNotify"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\mqsvc.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [20/09/2011 21:31 33480]
    R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [20/09/2011 21:31 29640]
    R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [20/09/2011 21:31 62024]
    R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [20/09/2011 21:42 68976]
    R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [20/09/2011 21:31 38600]
    R2 AVKProxy;Ad-Aware Total Security Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [29/06/2010 16:22 1081384]
    R2 AVKService;Ad-Aware Scheduler;c:\program files\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe [29/06/2010 16:22 412944]
    R2 AVKWCtl;Ad-Aware Bestandssysteembewaker;c:\program files\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtl.exe [23/06/2010 11:35 1635672]
    R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [20/09/2011 21:31 51400]
    R2 ToolTipFixer;ToolTipFixer;c:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [14/10/2008 18:33 61952]
    R3 Bulk;HDJBulk;c:\windows\system32\drivers\HDJBulk.sys [7/07/2010 21:56 43136]
    R3 GDFwSvc;Ad-Aware Persoonlijke Firewall;c:\program files\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvc.exe [15/06/2010 10:14 1834432]
    R3 GDScan;Ad-Aware Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [29/06/2010 16:16 624064]
    R3 HDJAsioK;HDJAsioK;c:\windows\system32\drivers\HDJASIOK.sys [7/07/2010 21:56 127104]
    R3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\hdjmidi.sys [7/07/2010 21:56 39424]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 13:51 135664]
    S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [6/05/2009 08:08 104272]
    S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe [26/06/2010 09:46 406016]
    S3 GDBackupSvc;Ad-Aware Backup Service;c:\program files\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe [29/06/2010 16:15 911976]
    S3 GDTunerSvc;Ad-Aware Tuner Service;c:\program files\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe [29/06/2010 16:15 1234896]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 13:51 135664]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys –> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-12-01 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 14:54]
    .
    2011-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
    .
    2011-12-07 c:\windows\Tasks\GlaryInitialize.job
    - d:\program files\Glary Utilities\initialize.exe [2010-06-21 09:14]
    .
    2011-12-05 c:\windows\Tasks\GlaryOneClickOptimizer.job
    - d:\program files\Glary Utilities\oneclickoptimizer.exe [2010-06-21 09:14]
    .
    2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 12:51]
    .
    2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 12:51]
    .
    2011-10-01 c:\windows\Tasks\Lavasoft Registry Tuner.job
    - c:\program files\Lavasoft\Lavasoft Registry Tuner\Lavasoft Registry Tuner.exe [2011-04-13 17:02]
    .
    2011-12-07 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.be/
    uInternet Settings,ProxyOverride = <local>;*.local
    TCP: DhcpNameServer = 195.130.131.132 195.130.130.4
    FF - ProfilePath - c:\documents and settings\Lacasa\Application Data\Mozilla\Firefox\Profiles\r40n3ric.default\
    FF - prefs.js: browser.search.selectedEngine - Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=2&cf=32217d96-1e7e-11e1-a604-00123f7d9a42
    FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=2&src=sp&cf=32217d96-1e7e-11e1-a604-00123f7d9a42&q=
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-07 09:30
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'explorer.exe'(5260)
    c:\program files\VisualTaskTips\VttHooks.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\msdtc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\CDBurnerXP\NMSAccessU.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\System32\snmp.exe
    c:\windows\Integrator.exe
    c:\windows\System32\TUProgSt.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-12-07 09:33:53 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-12-07 08:33
    ComboFix2.txt 2011-12-04 21:34
    ComboFix3.txt 2011-12-04 20:40
    ComboFix4.txt 2011-12-04 19:27
    .
    Pre-Run: 42.098.487.296 bytes beschikbaar
    Post-Run: 42.199.265.280 bytes beschikbaar
    .
    - - End Of File - - 26007C032196F8882FB2490B092F6083
  • ComboFix blijft misgaan als het om het verwijderen van Startsearch gaat in Firefox.

    Gebruik jij Firefox wel?
    Welke versie is het dan?
  • Ik gebruik bijna enkel Firefox - soms IE (ik krijg bv geen radioplayer open in Firefox) maar dat is zelden. Zal ik anders Firefox eens her-installeren?
  • Sla dan eerst je bookmarks op als HTML-bestand en deïnstalleer Firefox vervolgens.

    Herstart je PC en installeer Firefox vervolgens opnieuw en importeer dan je favorieten opnieuw.

    Je wil radio horen via jouw PC?
    En wil je zelfs de mogelijkheid hebben om muziek als MP3 te kunnen opnemen?
    Kijk dan eens naar "ScreamerRadio"

    http://www.screamer-radio.com/features/
  • thanks a bunch
  • Blij nu?
  • Net terug heropgestart maar helaas, no joy (wat me wel opvalt is dat m'n bookmarks niet verdwenen zijn maar dat leek me een keuzemogelijkheid bij de-installatie..)
  • Jammer, had dan alles laten verwijderen, dan was je dat Startsearch nu kwijt geweest!

    En ScreamerRadio, heb je die al en ook uitgeprobeert?
  • Voilà, Startsear.ch is weg! Al kan ik google.be niet meer als startpagina krijgen - hij komt altijd op 'n mozillapage met link naar google terecht - lijkt heel hard op google maar is het niet. Kan je me zeggen, Abraham54, wat die combofix en die scripts dan eigenlijk hebben gedaan tijdens deze procedure, is dat iets ingewikkeld? Alvast bedankt.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.