Ga naar inhoud

elboujoufi

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    68

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door elboujoufi

  1. elboujoufi
    [ATTACH]32889[/ATTACH]Hallo kape hier is het logje AdwCleaner[S0].txt
  2. elboujoufi
    [ATTACH]32871[/ATTACH]hallo kape er is in ieder geval een hoop troep verwijdert, want ik nu sneller internetten hier het logje zoek-results.log
  3. elboujoufi
    [ATTACH]32821[/ATTACH] log.txt
  4. elboujoufi
    Hallo Kape Hier volgt het logje Logfile of random's system information tool 1.10 (written by random/random) Run by mebec at 2014-06-11 12:37:22 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 70 GB (61%) free of 116 GB Total RAM: 1022 MB (29% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:38:08, on 11-6-2014 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16545) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Windows\System32\SysMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\mobsync.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\mebec\Downloads\RSIT.exe C:\Program Files\trend micro\mebec.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De eerste stap naar succes op het Internet begint hier : Weblinker.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com O1 - Hosts: ::1 localhost O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
  5. elboujoufi
    Hallo ter aanvulling, hier de resultaten van malewarebytes Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Databaseversie: v2013.04.04.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 mebec :: PC_VAN_MEBEC [administrator] 11-6-2014 1:36:58 mbam-log-2014-06-11 (01-36-58).txt Scan type: Volledige scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 319149 Verstreken tijd: 1 uur/uren, 2 minuut/minuten, 12 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde)
  6. elboujoufi
    beste medewerkers mijn computer is de laatse dagen zeer langzaam geworden, de wwebsites die ik klik komen pas na 20 seconden online , en ben bang dat er iets kwaadaardigs op mijn pc is terechtgekomen, ik heb hierbij het Hijacklogje toegevoegd mvg Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:00:20, on 11-6-2014 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16545) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Windows\System32\SysMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\System32\mobsync.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\mebec\Desktop\OVERIGE\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De eerste stap naar succes op het Internet begint hier : Weblinker.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com O1 - Hosts: ::1 localhost O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 4704 bytes
  7. elboujoufi
    Hallo Kape Ik heb in ieder geval gemerkt dat mijn Gmail weer normaal opstart, dat duidt op verbetering Vriendelijk bedankt mebec
  8. elboujoufi
    Hallo Kape Het is denk ik niet helemaal goed verlopen, gelijk bij het scannen kreeg ik dit logje, mijn pc is niet opnieuw opgestart # AdwCleaner v2.001 - Verslag gemaakt op 09/15/2012 om 15:03:18 # Geactualiseerd op 09/09/2012 door Xplode # Besturingssysteem : Windows Vista Home Premium Service Pack 2 (32 bits) # Gebruiker : mebec - PC_VAN_MEBEC # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\mebec\Desktop\adwcleaner.exe # Optie [Zoeken] ***** [Diensten] ***** ***** [Files / Mappen] ***** File Aanwezig : C:\user.js File Aanwezig : C:\Windows\system32\conduitEngine.tmp Map Aanwezig : C:\Program Files\DealPly Map Aanwezig : C:\ProgramData\Ask Map Aanwezig : C:\ProgramData\Babylon Map Aanwezig : C:\ProgramData\Browser Manager Map Aanwezig : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly Map Aanwezig : C:\Users\mebec\AppData\Local\Conduit Map Aanwezig : C:\Users\mebec\AppData\Local\TempDir Map Aanwezig : C:\Users\mebec\AppData\LocalLow\BabylonToolbar Map Aanwezig : C:\Users\mebec\AppData\LocalLow\bbrs_002.tb Map Aanwezig : C:\Users\mebec\AppData\LocalLow\Conduit Map Aanwezig : C:\Users\mebec\AppData\Roaming\Babylon ***** [Register] ***** Data Aanwezig : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\Conduit Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\Mediabarsh Sleutel Aanwezig : HKCU\Software\BrowserMngr Sleutel Aanwezig : HKCU\Software\DataMngr Sleutel Aanwezig : HKCU\Software\DealPly Sleutel Aanwezig : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Sleutel Aanwezig : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Sleutel Aanwezig : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserCompanion Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Sleutel Aanwezig : HKLM\Software\Babylon Sleutel Aanwezig : HKLM\Software\BrowserCompanion Sleutel Aanwezig : HKLM\Software\BrowserMngr Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Conduit.Engine Sleutel Aanwezig : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery Sleutel Aanwezig : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1 Sleutel Aanwezig : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Sleutel Aanwezig : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Sleutel Aanwezig : HKLM\SOFTWARE\Classes\imweb.imwebcontrol Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Toolbar.CT2776682 Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B} Sleutel Aanwezig : HKLM\Software\Conduit Sleutel Aanwezig : HKLM\Software\DataMngr Sleutel Aanwezig : HKLM\Software\DealPly Sleutel Aanwezig : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92} Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD} Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly Sleutel Aanwezig : HKU\S-1-5-21-1859406639-702596590-2520636958-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Sleutel Aanwezig : HKU\S-1-5-21-1859406639-702596590-2520636958-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Waarde Aanwezig : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Waarde Aanwezig : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] ***** [browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=115300&tt=120912_ccp_3712_1&babsrc=NT_ss&mntrId=5418a96000000000000000064f47f019 ************************* AdwCleaner[R1].txt - [8550 octets] - [15/09/2012 15:03:18] ########## EOF - C:\AdwCleaner[R1].txt - [8610 octets] ##########
  9. elboujoufi
    Hallo Kape Het lijkt erop dat de bestanden verwijderd zijn, hier het logje Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:37:30, on 15-9-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16448) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De eerste stap naar succes op het Internet begint hier : Weblinker.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 4613 bytes m.v.g. mebec
  10. elboujoufi
    Hallo Kape Hierbij de 2 scripts Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 mebec :: PC_VAN_MEBEC [administrator] 15-9-2012 8:59:27 mbam-log-2012-09-15 (08-59-27).txt Scantype: Volledige scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 289521 Verstreken tijd: 40 minuut/minuten, 42 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:44:27, on 15-9-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16448) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\SysMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Windows\System32\mobsync.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De eerste stap naar succes op het Internet begint hier : Weblinker.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing) O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing) O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file) O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKUS\S-1-5-21-1859406639-702596590-2520636958-1002\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1859406639-702596590-2520636958-1002\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'UpdatusUser') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O20 - AppInit_DLLs: c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 6251 bytes m.v.g. mebec
  11. elboujoufi
    Hallo Kape Correct, ik hijackThis als administrator uitgevoerd, en daarna alle aangegeven bestanden verwijderd, ook heb ik bestand Ask Toolbar verwijderd uit mijn computer
  12. elboujoufi
    Hallo ik realiseer me dat het logje van eerder op de dag nog had van MBAM Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Databaseversie: v2012.09.07.13 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 mebec :: PC_VAN_MEBEC [administrator] 14-9-2012 12:29:04 mbam-log-2012-09-14 (12-29-04).txt Scantype: Volledige scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 288822 Verstreken tijd: 45 minuut/minuten, 44 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 1 C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Zal worden verwijderd tijdens het herstarten. Registersleutels gedetecteerd: 22 HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 3 HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 1 C:\Program Files\BrowserCompanion (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. Bestanden gedetecteerd: 13 C:\Program Files\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\mebec\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\mebec\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\BrowserCompanion\updater.ini (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. (einde)
  13. elboujoufi
    Hallo Kape Ik heb alvast HijackThis log meegestuurd, MBAM ga ik later op de avond nog een keer scannen, dan stuur ik het logje later wel op Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:51:06, on 14-9-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16448) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\SysMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe C:\Windows\System32\mobsync.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conime.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De eerste stap naar succes op het Internet begint hier : Weblinker.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing) O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing) O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file) O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O20 - AppInit_DLLs: c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 5885 bytes m.v.g.
  14. elboujoufi
    Hallo Jion Snelle reactie, bedankt Hieronder het script Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:49:10, on 14-9-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16448) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\SysMonitor.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Users\mebec\AppData\Roaming\BrowserCompanion\tcbhn.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\taskeng.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De eerste stap naar succes op het Internet begint hier : Weblinker.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file) O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKUS\S-1-5-21-1859406639-702596590-2520636958-1002\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1859406639-702596590-2520636958-1002\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'UpdatusUser') O4 - Startup: tcbhn.lnk = C:\Users\mebec\AppData\Roaming\BrowserCompanion\tcbhn.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O20 - AppInit_DLLs: c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 6398 bytes
  15. elboujoufi
    Hallo Hierbij zoek ik nog een keer uw hulp, vanwege een spam-bericht die ik 2 dagen geleden had ontvangen m.b.t. het voordoen of ik een geldbedrag heb gewonnen op het Internet, sinds ik gereageerd heb op dat mailtje doet mijn pc heel erg raar, ik kan mijn Gmail-account niet meer openen, heb wel mailwarebytes toegepast, daarbij zijn er 40 virussen ondekt. daarna de pc weer opgestart, maar nog steeds kan ik mijn gmail niet openen ik heb deze oplichters opgezocht via Google, en precies ervaren wat andere mensen hadden meegemaakt, en wil dus hierbij direct andere mensen waarschuwen hier niet mee in zee te gaan, anders zit je met de gebakken peren DIT IS DE MAILTJE DIE IK HEB ONTVANGEN Gefeliciteerd! Facebook PROMOTIE VAN: het bureau van de vice-president. INTERNATIONALE AANBIEDINGEN / Uitreiking. BATCH NO: FLNL/009842/04. REF. NR. FLNL/107654/04 U bent tussen de 200 gelukkige winnaars geselecteerd voor Facebook 2012 promotie award. Uw Facebook naam werd willekeurig geselecteerd door de Facebook-CEO (Mark Zuckerberg) en de som van honderd vijftig duizend dollar ($ 150.000,00) werd toegekend aan uw naam. Neem contact op met uw Facebook-fondsen Manager met een bewijs van identificatie voor claim. Richard Moore Facebook Fondsen Manager. E-Mail: facebookpromotionaward0012@consultant.com Wij raden u aan de Manager contact opnemen met de leiding zo snel mogelijk op het hierboven vermelde e-mail, kan niet om dit te doen leiden tot zijn fondsen terug opgeëist. Dank U Facebook Team. Volgende mailtje na mijn reactie Bedankt voor om terug naar ons .. Deze actie is echt en het is wettelijk goedgekeurd door de Raad van Bestuur van Facebook. Uw naam werd officieel geselecteerd door de heer Mark Zuckerberg de CEO van Facebook (oprichter en Chief Executive Officer). Deze promotie is gemaakt om enkele Facebook gebruiker voordeel te halen uit de winst van het bedrijf gemaakt. Facebook is een van de eerste en ooit de grootste middel om te voorzien zowel oude als nieuwe vriend. Uw Gewonnen geld is doorgestuurd naar ons hier voor ons om het aan u te leveren zo snel mogelijk en effectief. U wordt geadviseerd om de betaling afdeling hier contact met de onderstaande gegevens zodra u deze aanmelding ontvangen. Vul het onderstaande: 1. Volledige naam: 2. Volledige Adres: 3. Burgerlijke staat: 4. Beroep: 5. Leeftijd: 6. geslacht: 7. nationaliteit: 8. Land: 9. telefoon: 10. personen met een handicap: 11. BACTH NO: 12. REF NR : Once Again Gefeliciteerd .. met vriendelijke groeten Mebec
  16. elboujoufi
    Ok, ben desondanks niet 100% loopt wel tevredenen, wil hierbij je bedanken voor je tijd en inspanning, en kan deze topic volgens mij gesloten worden
  17. elboujoufi
    Hallo Kape Het gaat met de dag beter met de snelheid van mijn computer, dat is alleen maar winst, TDSSkiller heeft niets kunnen vinden op de pc, dat is een goed teken, maar opstarten gaat nu redelijk snel, alleen op het internet zouden een aantal verebeteringen van pas kunnen komen hier is het script van TDSSkiller 02:09:46.0531 2624 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05 02:09:47.0312 2624 ============================================================ 02:09:47.0312 2624 Current date / time: 2012/04/17 02:09:47.0312 02:09:47.0312 2624 SystemInfo: 02:09:47.0312 2624 02:09:47.0312 2624 OS Version: 5.1.2600 ServicePack: 3.0 02:09:47.0312 2624 Product type: Workstation 02:09:47.0312 2624 ComputerName: SN5019387044 02:09:47.0312 2624 UserName: mohamed 02:09:47.0312 2624 Windows directory: C:\WINDOWS 02:09:47.0312 2624 System windows directory: C:\WINDOWS 02:09:47.0312 2624 Processor architecture: Intel x86 02:09:47.0312 2624 Number of processors: 1 02:09:47.0312 2624 Page size: 0x1000 02:09:47.0312 2624 Boot type: Normal boot 02:09:47.0312 2624 ============================================================ 02:09:56.0609 2624 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 02:09:57.0187 2624 \Device\Harddisk0\DR0: 02:09:57.0203 2624 MBR used 02:09:57.0203 2624 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3E823F, BlocksNum 0xDBA76C1 02:09:57.0593 2624 Initialize success 02:09:57.0593 2624 ============================================================ 02:10:03.0421 0532 ============================================================ 02:10:03.0421 0532 Scan started 02:10:03.0421 0532 Mode: Manual; 02:10:03.0421 0532 ============================================================ 02:10:04.0984 0532 Abiosdsk - ok 02:10:05.0203 0532 abp480n5 - ok 02:10:05.0546 0532 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 02:10:05.0578 0532 ACPI - ok 02:10:05.0890 0532 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys 02:10:05.0921 0532 ACPIEC - ok 02:10:06.0093 0532 adpu160m - ok 02:10:06.0343 0532 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 02:10:06.0375 0532 aec - ok 02:10:07.0296 0532 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys 02:10:07.0312 0532 Afc - ok 02:10:07.0531 0532 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 02:10:07.0546 0532 AFD - ok 02:10:07.0828 0532 Aha154x - ok 02:10:08.0046 0532 aic78u2 - ok 02:10:08.0312 0532 aic78xx - ok 02:10:08.0531 0532 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll 02:10:08.0531 0532 Alerter - ok 02:10:08.0671 0532 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe 02:10:08.0703 0532 ALG - ok 02:10:08.0859 0532 AliIde - ok 02:10:09.0062 0532 amsint - ok 02:10:09.0171 0532 Apple Mobile Device (8c34ffa452d0680ffaa02a6982a930b7) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 02:10:09.0203 0532 Apple Mobile Device - ok 02:10:09.0437 0532 AppMgmt - ok 02:10:09.0640 0532 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 02:10:09.0671 0532 Arp1394 - ok 02:10:09.0875 0532 asc - ok 02:10:10.0156 0532 asc3350p - ok 02:10:10.0375 0532 asc3550 - ok 02:10:10.0812 0532 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys 02:10:10.0828 0532 Aspi32 - ok 02:10:11.0046 0532 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 02:10:11.0093 0532 aspnet_state - ok 02:10:11.0421 0532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 02:10:11.0421 0532 AsyncMac - ok 02:10:11.0718 0532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 02:10:11.0718 0532 atapi - ok 02:10:12.0015 0532 Atdisk - ok 02:10:12.0375 0532 Ati HotKey Poller (bba22521d24625c7a7b8d57fb20a812e) C:\WINDOWS\system32\Ati2evxx.exe 02:10:12.0421 0532 Ati HotKey Poller - ok 02:10:13.0062 0532 ati2mtag (07ac9a98ea70b5a6655a5797174bd282) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 02:10:13.0812 0532 ati2mtag - ok 02:10:14.0171 0532 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 02:10:14.0171 0532 Atmarpc - ok 02:10:14.0437 0532 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll 02:10:14.0468 0532 AudioSrv - ok 02:10:14.0703 0532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 02:10:14.0703 0532 audstub - ok 02:10:15.0046 0532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 02:10:15.0062 0532 Beep - ok 02:10:15.0390 0532 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll 02:10:15.0515 0532 BITS - ok 02:10:15.0812 0532 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll 02:10:15.0812 0532 Browser - ok 02:10:16.0031 0532 catchme - ok 02:10:16.0343 0532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 02:10:16.0375 0532 cbidf2k - ok 02:10:17.0031 0532 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 02:10:17.0031 0532 CCDECODE - ok 02:10:17.0296 0532 cd20xrnt - ok 02:10:17.0500 0532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 02:10:17.0562 0532 Cdaudio - ok 02:10:17.0875 0532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 02:10:17.0906 0532 Cdfs - ok 02:10:18.0218 0532 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 02:10:18.0218 0532 Cdrom - ok 02:10:18.0437 0532 Changer - ok 02:10:18.0703 0532 cisvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe 02:10:18.0718 0532 cisvc - ok 02:10:18.0968 0532 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe 02:10:18.0968 0532 ClipSrv - ok 02:10:19.0125 0532 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 02:10:19.0453 0532 clr_optimization_v2.0.50727_32 - ok 02:10:19.0718 0532 CmdIde - ok 02:10:19.0984 0532 COMSysApp - ok 02:10:20.0187 0532 Cpqarray - ok 02:10:20.0484 0532 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll 02:10:20.0515 0532 CryptSvc - ok 02:10:20.0687 0532 dac2w2k - ok 02:10:20.0859 0532 dac960nt - ok 02:10:21.0031 0532 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll 02:10:21.0093 0532 DcomLaunch - ok 02:10:21.0328 0532 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll 02:10:21.0343 0532 Dhcp - ok 02:10:21.0578 0532 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 02:10:21.0609 0532 Disk - ok 02:10:21.0812 0532 dmadmin - ok 02:10:22.0078 0532 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys 02:10:22.0187 0532 dmboot - ok 02:10:22.0453 0532 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys 02:10:22.0468 0532 dmio - ok 02:10:22.0671 0532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 02:10:22.0687 0532 dmload - ok 02:10:22.0843 0532 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll 02:10:22.0843 0532 dmserver - ok 02:10:23.0078 0532 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 02:10:23.0093 0532 DMusic - ok 02:10:23.0328 0532 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll 02:10:23.0359 0532 Dnscache - ok 02:10:23.0515 0532 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll 02:10:23.0531 0532 Dot3svc - ok 02:10:23.0734 0532 dpti2o - ok 02:10:24.0171 0532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 02:10:24.0250 0532 drmkaud - ok 02:10:24.0515 0532 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll 02:10:24.0531 0532 EapHost - ok 02:10:24.0890 0532 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll 02:10:24.0906 0532 ERSvc - ok 02:10:25.0250 0532 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe 02:10:25.0265 0532 Eventlog - ok 02:10:25.0500 0532 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\System32\es.dll 02:10:25.0546 0532 EventSystem - ok 02:10:25.0875 0532 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 02:10:25.0906 0532 Fastfat - ok 02:10:26.0156 0532 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 02:10:26.0171 0532 FastUserSwitchingCompatibility - ok 02:10:26.0531 0532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 02:10:26.0546 0532 Fdc - ok 02:10:27.0328 0532 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys 02:10:27.0390 0532 Fips - ok 02:10:28.0015 0532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 02:10:28.0031 0532 Flpydisk - ok 02:10:28.0656 0532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 02:10:28.0734 0532 FltMgr - ok 02:10:29.0203 0532 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 02:10:29.0281 0532 FontCache3.0.0.0 - ok 02:10:29.0906 0532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 02:10:29.0937 0532 Fs_Rec - ok 02:10:30.0484 0532 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 02:10:30.0515 0532 Ftdisk - ok 02:10:30.0875 0532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 02:10:30.0890 0532 Gpc - ok 02:10:31.0078 0532 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 02:10:31.0078 0532 helpsvc - ok 02:10:31.0281 0532 HidServ (10003105aab8d5a7db51a9cb3d9f55a3) C:\WINDOWS\System32\hidserv.dll 02:10:31.0281 0532 HidServ - ok 02:10:31.0609 0532 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 02:10:31.0625 0532 hidusb - ok 02:10:31.0953 0532 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll 02:10:31.0968 0532 hkmsvc - ok 02:10:32.0218 0532 hpn - ok 02:10:32.0359 0532 hpt3xx - ok 02:10:32.0781 0532 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 02:10:32.0843 0532 HTTP - ok 02:10:33.0109 0532 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll 02:10:33.0125 0532 HTTPFilter - ok 02:10:33.0359 0532 i2omgmt - ok 02:10:33.0703 0532 i2omp - ok 02:10:34.0078 0532 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 02:10:34.0093 0532 i8042prt - ok 02:10:34.0406 0532 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 02:10:34.0593 0532 idsvc - ok 02:10:34.0968 0532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 02:10:34.0984 0532 Imapi - ok 02:10:35.0156 0532 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe 02:10:35.0171 0532 ImapiService - ok 02:10:35.0468 0532 ini910u - ok 02:10:35.0687 0532 IntelIde - ok 02:10:36.0125 0532 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys 02:10:36.0156 0532 intelppm - ok 02:10:36.0359 0532 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 02:10:36.0359 0532 ip6fw - ok 02:10:36.0734 0532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 02:10:36.0750 0532 IpFilterDriver - ok 02:10:37.0093 0532 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 02:10:37.0296 0532 IpInIp - ok 02:10:37.0687 0532 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 02:10:37.0703 0532 IpNat - ok 02:10:38.0078 0532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 02:10:38.0078 0532 IPSec - ok 02:10:38.0406 0532 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys 02:10:38.0421 0532 irda - ok 02:10:38.0750 0532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 02:10:38.0765 0532 IRENUM - ok 02:10:39.0109 0532 Irmon (44b0d4c4a7696b901ebcb50e67ec2489) C:\WINDOWS\System32\irmon.dll 02:10:39.0125 0532 Irmon - ok 02:10:39.0578 0532 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys 02:10:39.0593 0532 irsir - ok 02:10:39.0921 0532 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys 02:10:39.0937 0532 isapnp - ok 02:10:40.0078 0532 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe 02:10:40.0140 0532 JavaQuickStarterService - ok 02:10:40.0500 0532 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 02:10:40.0515 0532 Kbdclass - ok 02:10:40.0796 0532 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 02:10:40.0812 0532 kbdhid - ok 02:10:41.0203 0532 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 02:10:41.0234 0532 kmixer - ok 02:10:41.0515 0532 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 02:10:41.0515 0532 KSecDD - ok 02:10:41.0859 0532 lanmanserver (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll 02:10:41.0875 0532 lanmanserver - ok 02:10:42.0046 0532 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll 02:10:42.0046 0532 lanmanworkstation - ok 02:10:42.0265 0532 lbrtfdc - ok 02:10:42.0484 0532 LCcfltr (ba0436f386ce97d578d2c043aa21ca73) C:\WINDOWS\system32\drivers\lccfltr.sys 02:10:42.0500 0532 LCcfltr - ok 02:10:42.0671 0532 LHidUsb (3507a4a7c7a5884535f362095548cc20) C:\WINDOWS\system32\drivers\lhidusb.sys 02:10:42.0671 0532 LHidUsb - ok 02:10:42.0875 0532 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll 02:10:42.0875 0532 LmHosts - ok 02:10:43.0031 0532 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe 02:10:43.0062 0532 MDM - ok 02:10:43.0265 0532 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll 02:10:43.0265 0532 Messenger - ok 02:10:43.0468 0532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 02:10:43.0468 0532 mnmdd - ok 02:10:43.0687 0532 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\System32\mnmsrvc.exe 02:10:43.0718 0532 mnmsrvc - ok 02:10:44.0078 0532 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys 02:10:44.0078 0532 Modem - ok 02:10:44.0421 0532 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 02:10:44.0421 0532 MODEMCSA - ok 02:10:44.0718 0532 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys 02:10:44.0734 0532 Mouclass - ok 02:10:45.0093 0532 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys 02:10:45.0125 0532 mouhid - ok 02:10:45.0468 0532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 02:10:45.0484 0532 MountMgr - ok 02:10:45.0734 0532 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 02:10:45.0750 0532 MpFilter - ok 02:10:45.0937 0532 mraid35x - ok 02:10:46.0093 0532 MRENDIS5 - ok 02:10:46.0468 0532 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 02:10:46.0484 0532 MRxDAV - ok 02:10:47.0000 0532 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 02:10:47.0046 0532 MRxSmb - ok 02:10:47.0453 0532 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\System32\msdtc.exe 02:10:47.0468 0532 MSDTC - ok 02:10:47.0828 0532 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 02:10:47.0843 0532 Msfs - ok 02:10:48.0093 0532 msikbd2k (877ffd0fb093b80f5ed6ba64d7921881) C:\WINDOWS\system32\DRIVERS\msikbd2k.sys 02:10:49.0015 0532 msikbd2k - ok 02:10:49.0171 0532 MSIServer - ok 02:10:49.0437 0532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 02:10:49.0437 0532 MSKSSRV - ok 02:10:49.0625 0532 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe 02:10:49.0656 0532 MsMpSvc - ok 02:10:49.0968 0532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 02:10:49.0984 0532 MSPCLOCK - ok 02:10:50.0187 0532 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 02:10:50.0203 0532 MSPQM - ok 02:10:50.0468 0532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 02:10:50.0484 0532 mssmbios - ok 02:10:50.0875 0532 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 02:10:50.0890 0532 MSTEE - ok 02:10:51.0234 0532 Mtlmnt5 (c53775780148884ac87c455489a0c070) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys 02:10:51.0234 0532 Mtlmnt5 - ok 02:10:51.0531 0532 Mtlstrm (54886a652bf5685192141df304e923fd) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys 02:10:51.0734 0532 Mtlstrm - ok 02:10:51.0968 0532 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 02:10:52.0000 0532 Mup - ok 02:10:52.0359 0532 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 02:10:52.0421 0532 NABTSFEC - ok 02:10:52.0781 0532 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll 02:10:52.0828 0532 napagent - ok 02:10:53.0015 0532 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 02:10:53.0015 0532 NDIS - ok 02:10:53.0218 0532 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 02:10:53.0218 0532 NdisIP - ok 02:10:53.0437 0532 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 02:10:53.0437 0532 NdisTapi - ok 02:10:53.0671 0532 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 02:10:53.0671 0532 Ndisuio - ok 02:10:53.0937 0532 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 02:10:53.0968 0532 NdisWan - ok 02:10:54.0281 0532 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 02:10:54.0296 0532 NDProxy - ok 02:10:54.0515 0532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 02:10:54.0515 0532 NetBIOS - ok 02:10:54.0781 0532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 02:10:54.0812 0532 NetBT - ok 02:10:55.0000 0532 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe 02:10:55.0000 0532 NetDDE - ok 02:10:55.0015 0532 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe 02:10:55.0031 0532 NetDDEdsdm - ok 02:10:55.0359 0532 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 02:10:55.0375 0532 Netlogon - ok 02:10:55.0546 0532 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll 02:10:55.0593 0532 Netman - ok 02:10:55.0843 0532 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 02:10:55.0843 0532 NetTcpPortSharing - ok 02:10:55.0937 0532 nhksrv (d368a8a0fb5db8b86bbc9b97efbdb64e) C:\Apps\ActivBoard\nhksrv.exe 02:10:55.0937 0532 nhksrv - ok 02:10:56.0156 0532 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 02:10:56.0187 0532 NIC1394 - ok 02:10:56.0390 0532 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll 02:10:56.0390 0532 Nla - ok 02:10:56.0609 0532 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 02:10:56.0625 0532 Npfs - ok 02:10:56.0875 0532 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 02:10:56.0953 0532 Ntfs - ok 02:10:57.0093 0532 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\System32\lsass.exe 02:10:57.0093 0532 NtLmSsp - ok 02:10:57.0281 0532 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll 02:10:57.0343 0532 NtmsSvc - ok 02:10:57.0515 0532 NtMtlFax (576b34ceae5b7e5d9fd2775e93b3db53) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys 02:10:57.0531 0532 NtMtlFax - ok 02:10:57.0671 0532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 02:10:57.0687 0532 Null - ok 02:10:57.0843 0532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 02:10:57.0859 0532 NwlnkFlt - ok 02:10:58.0000 0532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 02:10:58.0000 0532 NwlnkFwd - ok 02:10:58.0187 0532 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 02:10:58.0187 0532 ohci1394 - ok 02:10:58.0375 0532 PAC207 - ok 02:10:58.0515 0532 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys 02:10:58.0531 0532 Parport - ok 02:10:58.0750 0532 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 02:10:58.0781 0532 PartMgr - ok 02:10:58.0984 0532 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys 02:10:58.0984 0532 ParVdm - ok 02:10:59.0171 0532 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys 02:10:59.0187 0532 PCI - ok 02:10:59.0312 0532 PCIDump - ok 02:10:59.0468 0532 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys 02:10:59.0484 0532 PCIIde - ok 02:10:59.0718 0532 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys 02:10:59.0734 0532 Pcmcia - ok 02:10:59.0906 0532 PDCOMP - ok 02:11:00.0031 0532 PDFRAME - ok 02:11:00.0265 0532 PDRELI - ok 02:11:00.0328 0532 PDRFRAME - ok 02:11:00.0453 0532 perc2 - ok 02:11:00.0500 0532 perc2hib - ok 02:11:00.0765 0532 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys 02:11:08.0968 0532 pfc - ok 02:11:09.0218 0532 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe 02:11:09.0234 0532 PlugPlay - ok 02:11:09.0546 0532 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 02:11:09.0546 0532 PolicyAgent - ok 02:11:09.0734 0532 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 02:11:09.0734 0532 PptpMiniport - ok 02:11:09.0968 0532 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys 02:11:09.0968 0532 Processor - ok 02:11:10.0125 0532 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 02:11:10.0125 0532 ProtectedStorage - ok 02:11:10.0250 0532 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 02:11:10.0265 0532 PSched - ok 02:11:10.0437 0532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 02:11:10.0484 0532 Ptilink - ok 02:11:10.0625 0532 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys 02:11:10.0625 0532 PxHelp20 - ok 02:11:10.0703 0532 ql1080 - ok 02:11:10.0765 0532 Ql10wnt - ok 02:11:10.0859 0532 ql12160 - ok 02:11:11.0015 0532 ql1240 - ok 02:11:11.0109 0532 ql1280 - ok 02:11:11.0218 0532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 02:11:11.0218 0532 RasAcd - ok 02:11:11.0359 0532 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll 02:11:11.0359 0532 RasAuto - ok 02:11:11.0593 0532 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys 02:11:11.0593 0532 Rasirda - ok 02:11:11.0734 0532 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 02:11:11.0734 0532 Rasl2tp - ok 02:11:11.0921 0532 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll 02:11:11.0937 0532 RasMan - ok 02:11:12.0093 0532 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 02:11:12.0109 0532 RasPppoe - ok 02:11:12.0375 0532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 02:11:12.0390 0532 Raspti - ok 02:11:12.0890 0532 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 02:11:12.0921 0532 Rdbss - ok 02:11:13.0171 0532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 02:11:13.0203 0532 RDPCDD - ok 02:11:13.0406 0532 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 02:11:13.0406 0532 RDPWD - ok 02:11:13.0671 0532 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe 02:11:13.0687 0532 RDSessMgr - ok 02:11:13.0921 0532 RecAgent (e9aaa0092d74a9d371659c4c38882e12) C:\WINDOWS\system32\DRIVERS\RecAgent.sys 02:11:13.0921 0532 RecAgent - ok 02:11:14.0093 0532 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys 02:11:14.0109 0532 redbook - ok 02:11:14.0390 0532 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll 02:11:14.0406 0532 RemoteAccess - ok 02:11:14.0640 0532 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 02:11:14.0640 0532 ROOTMODEM - ok 02:11:14.0968 0532 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\System32\locator.exe 02:11:14.0984 0532 RpcLocator - ok 02:11:15.0406 0532 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\System32\rpcss.dll 02:11:15.0453 0532 RpcSs - ok 02:11:15.0640 0532 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\System32\rsvp.exe 02:11:15.0656 0532 RSVP - ok 02:11:16.0000 0532 rtl8139 (d4453c6b7f627786bafc5ac5149b3a39) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS 02:11:16.0015 0532 rtl8139 - ok 02:11:16.0218 0532 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe 02:11:16.0218 0532 SamSs - ok 02:11:16.0421 0532 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe 02:11:16.0437 0532 SCardSvr - ok 02:11:16.0703 0532 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll 02:11:16.0718 0532 Schedule - ok 02:11:16.0921 0532 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 02:11:16.0921 0532 Secdrv - ok 02:11:17.0062 0532 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll 02:11:17.0062 0532 seclogon - ok 02:11:17.0250 0532 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll 02:11:17.0265 0532 SENS - ok 02:11:17.0468 0532 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 02:11:17.0484 0532 serenum - ok 02:11:17.0687 0532 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys 02:11:17.0687 0532 Serial - ok 02:11:17.0921 0532 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 02:11:17.0937 0532 Sfloppy - ok 02:11:18.0156 0532 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll 02:11:18.0187 0532 SharedAccess - ok 02:11:18.0375 0532 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 02:11:18.0375 0532 ShellHWDetection - ok 02:11:18.0562 0532 Simbad - ok 02:11:18.0828 0532 sisagp (497ce69d7222df2758bec383cfd3638f) C:\WINDOWS\system32\DRIVERS\sisagp.sys 02:11:18.0875 0532 sisagp - ok 02:11:19.0187 0532 SiSide (8e94bfed1e595cfb8709de694088f25b) C:\WINDOWS\system32\DRIVERS\siside.sys 02:11:19.0203 0532 SiSide - ok 02:11:19.0625 0532 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 02:11:19.0640 0532 SLIP - ok 02:11:20.0171 0532 Slntamr (2c1779c0feb1f4a6033600305eba623a) C:\WINDOWS\system32\DRIVERS\slntamr.sys 02:11:20.0296 0532 Slntamr - ok 02:11:20.0625 0532 SlNtHal (f9b8e30e82ee95cf3e1d3e495599b99c) C:\WINDOWS\system32\DRIVERS\Slnthal.sys 02:11:20.0640 0532 SlNtHal - ok 02:11:20.0656 0532 SLService - ok 02:11:20.0875 0532 SlWdmSup (db56bb2c55723815cf549d7fc50cfceb) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys 02:11:20.0875 0532 SlWdmSup - ok 02:11:21.0140 0532 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 02:11:21.0171 0532 Sparrow - ok 02:11:21.0421 0532 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 02:11:21.0421 0532 splitter - ok 02:11:21.0578 0532 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 02:11:21.0578 0532 Spooler - ok 02:11:21.0796 0532 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\System32\DRIVERS\sr.sys 02:11:21.0828 0532 sr - ok 02:11:22.0421 0532 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll 02:11:22.0453 0532 srservice - ok 02:11:23.0093 0532 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 02:11:23.0218 0532 Srv - ok 02:11:23.0500 0532 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll 02:11:23.0531 0532 SSDPSRV - ok 02:11:23.0968 0532 STAC97NA (0fbaff0e2f6977b19dd8f2ee11931f8b) C:\WINDOWS\system32\drivers\stac97na.sys 02:11:24.0015 0532 STAC97NA - ok 02:11:24.0328 0532 STAC97NH (9709f9292e951f7ee8f73469b998b7ba) C:\WINDOWS\system32\drivers\stac97nh.sys 02:11:24.0375 0532 STAC97NH - ok 02:11:24.0671 0532 STI Simulator (ed78dfad8efcdfbc89500492c4d14645) C:\WINDOWS\System32\PAStiSvc.exe 02:11:24.0703 0532 STI Simulator - ok 02:11:25.0062 0532 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll 02:11:25.0156 0532 stisvc - ok 02:11:25.0500 0532 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 02:11:25.0515 0532 streamip - ok 02:11:25.0781 0532 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 02:11:25.0796 0532 swenum - ok 02:11:26.0421 0532 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 02:11:26.0625 0532 swmidi - ok 02:11:26.0890 0532 SwPrv - ok 02:11:27.0031 0532 symc810 - ok 02:11:27.0359 0532 symc8xx - ok 02:11:27.0687 0532 sym_hi - ok 02:11:28.0031 0532 sym_u3 - ok 02:11:28.0343 0532 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 02:11:28.0359 0532 sysaudio - ok 02:11:28.0640 0532 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe 02:11:28.0671 0532 SysmonLog - ok 02:11:29.0015 0532 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll 02:11:29.0109 0532 TapiSrv - ok 02:11:29.0593 0532 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 02:11:29.0640 0532 Tcpip - ok 02:11:30.0000 0532 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 02:11:30.0046 0532 TDPIPE - ok 02:11:30.0421 0532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 02:11:30.0437 0532 TDTCP - ok 02:11:30.0734 0532 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 02:11:30.0750 0532 TermDD - ok 02:11:31.0265 0532 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll 02:11:31.0343 0532 TermService - ok 02:11:31.0640 0532 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll 02:11:31.0640 0532 Themes - ok 02:11:31.0937 0532 TMBUS - ok 02:11:32.0296 0532 TMKEmu - ok 02:11:32.0625 0532 TMMEmu - ok 02:11:33.0687 0532 TosIde - ok 02:11:34.0187 0532 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll 02:11:34.0234 0532 TrkWks - ok 02:11:34.0546 0532 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 02:11:34.0578 0532 Udfs - ok 02:11:34.0796 0532 ultra - ok 02:11:35.0359 0532 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 02:11:35.0484 0532 Update - ok 02:11:35.0953 0532 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll 02:11:35.0968 0532 upnphost - ok 02:11:36.0359 0532 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe 02:11:36.0375 0532 UPS - ok 02:11:36.0703 0532 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 02:11:36.0734 0532 usbccgp - ok 02:11:37.0234 0532 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 02:11:37.0250 0532 usbehci - ok 02:11:37.0828 0532 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 02:11:37.0843 0532 usbhub - ok 02:11:38.0593 0532 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 02:11:38.0640 0532 usbohci - ok 02:11:39.0296 0532 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 02:11:39.0343 0532 usbprint - ok 02:11:40.0078 0532 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 02:11:40.0109 0532 usbscan - ok 02:11:40.0609 0532 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 02:11:40.0671 0532 USBSTOR - ok 02:11:41.0515 0532 V90drv (4a55bdd4a1ffe650c3c2f8687c2ea4c2) C:\WINDOWS\system32\DRIVERS\v90drv.sys 02:11:41.0812 0532 V90drv - ok 02:11:42.0187 0532 vcsmpdrv (ca231d0694a381e76ac892a4c8c4033e) C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys 02:11:47.0125 0532 vcsmpdrv - ok 02:11:47.0250 0532 VCSSecS (8c7579c9e29fb3430ef5ac8c09a71211) C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe 02:11:47.0250 0532 VCSSecS - ok 02:11:47.0703 0532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 02:11:47.0718 0532 VgaSave - ok 02:11:47.0921 0532 ViaIde - ok 02:11:48.0203 0532 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys 02:11:48.0218 0532 VolSnap - ok 02:11:48.0359 0532 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe 02:11:48.0390 0532 VSS - ok 02:11:48.0656 0532 W32Time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll 02:11:48.0671 0532 W32Time - ok 02:11:48.0984 0532 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 02:11:48.0984 0532 Wanarp - ok 02:11:49.0234 0532 wceusbsh (dc7f91b2ed24a738c807ea07f298928c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 02:11:49.0250 0532 wceusbsh - ok 02:11:49.0500 0532 WDICA - ok 02:11:49.0687 0532 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 02:11:49.0718 0532 wdmaud - ok 02:11:50.0046 0532 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll 02:11:50.0078 0532 WebClient - ok 02:11:50.0343 0532 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll 02:11:50.0343 0532 winmgmt - ok 02:11:50.0812 0532 WinRM (250f8d15406269cb3a690b4a4859d92d) C:\WINDOWS\system32\WsmSvc.dll 02:11:51.0062 0532 WinRM - ok 02:11:51.0515 0532 WmBEnum (7ef08e65a586ea95c5b80190a9cfebe6) C:\WINDOWS\system32\drivers\WmBEnum.sys 02:11:51.0531 0532 WmBEnum - ok 02:11:51.0718 0532 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 02:11:51.0734 0532 WmdmPmSN - ok 02:11:52.0093 0532 WmFilter (24369b35c89f36ab3226022b1137bd4c) C:\WINDOWS\system32\drivers\WmFilter.sys 02:11:52.0093 0532 WmFilter - ok 02:11:52.0468 0532 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\System32\wbem\wmiapsrv.exe 02:11:52.0468 0532 WmiApSrv - ok 02:11:52.0890 0532 WMPNetworkSvc (79a01acd485687ee602411a06b63a9a5) C:\Program Files\Windows Media Player\WMPNetwk.exe 02:11:53.0218 0532 WMPNetworkSvc - ok 02:11:53.0546 0532 WmVirHid (0be14bb79e41feafcce33714e4176ae8) C:\WINDOWS\system32\drivers\WmVirHid.sys 02:11:53.0562 0532 WmVirHid - ok 02:11:53.0921 0532 WmXlCore (0638cd7c72f5b026638221dc2e84d448) C:\WINDOWS\system32\drivers\WmXlCore.sys 02:11:53.0937 0532 WmXlCore - ok 02:11:54.0250 0532 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 02:11:54.0265 0532 WS2IFSL - ok 02:11:54.0531 0532 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll 02:11:54.0546 0532 wscsvc - ok 02:11:54.0859 0532 WSearch - ok 02:11:55.0312 0532 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 02:11:55.0312 0532 WSTCODEC - ok 02:11:55.0593 0532 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll 02:11:55.0625 0532 wuauserv - ok 02:11:55.0765 0532 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 02:11:55.0781 0532 WudfPf - ok 02:11:55.0953 0532 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 02:11:55.0953 0532 WudfSvc - ok 02:11:56.0187 0532 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll 02:11:56.0421 0532 WZCSVC - ok 02:11:56.0750 0532 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll 02:11:56.0765 0532 xmlprov - ok 02:11:57.0031 0532 zntport - ok 02:11:57.0093 0532 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0 02:11:57.0515 0532 \Device\Harddisk0\DR0 - ok 02:11:57.0531 0532 Boot (0x1200) (213974315894a87ef8910afedaf22d55) \Device\Harddisk0\DR0\Partition0 02:11:57.0531 0532 \Device\Harddisk0\DR0\Partition0 - ok 02:11:57.0546 0532 ============================================================ 02:11:57.0546 0532 Scan finished 02:11:57.0546 0532 ============================================================ 02:11:57.0562 3772 Detected object count: 0 02:11:57.0562 3772 Actual detected object count: 0
  18. elboujoufi
    Hallo Kape Scannen is gelukt, zie hieronder het script Emsisoft Emergency Kit - Versie 1.0 Laatste Update: 16-4-2012 14:16:20 Scaninstellingen: Scantype: Diepe Scan Objecten: Geheugen, Sporen, Cookies, C:\ Scan archieven: Aan Heuristieken: Uit ADS Scan: Aan Scan gestart: 16-4-2012 14:16:35 c:\program files\Ares Ontdekt: Trace.Directory.Ares!A2 c:\program files\Ares\tcpip_patcher.sys Ontdekt: Trace.File.Ares!A2 c:\program files\Ares\TcpIpPatcherDll.dll Ontdekt: Trace.File.Ares!A2 Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol Ontdekt: Trace.Registry.Ares Galaxy P2P Plus!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\arlnk --> URL Protocol Ontdekt: Trace.Registry.Ares Galaxy P2P Plus!A2 Value: HKEY_CURRENT_USER\Software\RegistrySmart\RegistrySmart\RegistrySmart --> checkdbupdate Ontdekt: Trace.Registry.RegistrySmart!A2 Value: HKEY_CURRENT_USER\Software\RegistrySmart\RegistrySmart\RegistrySmart --> scanonstartup Ontdekt: Trace.Registry.RegistrySmart!A2 C:\APPS\HOMEPAGE\HOMEPGUI.EXE Ontdekt: Virus.Win32.Trojan!IK C:\Documents and Settings\mohamed\Mijn documenten\keygen.rar/Keygen.exe Ontdekt: Trojan.SuspectCRC!IK C:\gendel32.exe Ontdekt: Trojan.Win32.Gendel.AMN!A2 C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE Ontdekt: Riskware.NetTool.Win32.PsKill.AMN!A2 Gescand Bestanden: 204209 Sporen: 445943 Cookies: 69 Processen: 40 Gevonden Bestanden: 4 Sporen: 7 Cookies: 0 Processen: 0 Registersleutels: 0 Scan Geëindigd: 16-4-2012 17:07:06 Scantijd: 2:50:31 C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE Verwijderd Riskware.NetTool.Win32.PsKill.AMN!A2 C:\gendel32.exe Verwijderd Trojan.Win32.Gendel.AMN!A2 C:\Documents and Settings\mohamed\Mijn documenten\keygen.rar/Keygen.exe Verwijderd Trojan.SuspectCRC!IK C:\APPS\HOMEPAGE\HOMEPGUI.EXE Verwijderd Virus.Win32.Trojan!IK Value: HKEY_CURRENT_USER\Software\RegistrySmart\RegistrySmart\RegistrySmart --> checkdbupdate Verwijderd Trace.Registry.RegistrySmart!A2 Value: HKEY_CURRENT_USER\Software\RegistrySmart\RegistrySmart\RegistrySmart --> scanonstartup Verwijderd Trace.Registry.RegistrySmart!A2 Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol Verwijderd Trace.Registry.Ares Galaxy P2P Plus!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\arlnk --> URL Protocol Verwijderd Trace.Registry.Ares Galaxy P2P Plus!A2 c:\program files\Ares\tcpip_patcher.sys Verwijderd Trace.File.Ares!A2 c:\program files\Ares\TcpIpPatcherDll.dll Verwijderd Trace.File.Ares!A2 c:\program files\Ares Verwijderd Trace.Directory.Ares!A2 Verwijderd Bestanden: 4 Sporen: 7 Cookies: 0
  19. elboujoufi
    Hallo Kape Bedankt voor je hulp, mijn computer is ietsje sneller nu, maar nog niet helemaal hieronder heb ik het script geplaatst ComboFix 12-04-15.02 - mohamed 16-04-2012 13:04:32.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.244 [GMT 2:00] Gestart vanuit: c:\documents and settings\mohamed\Mijn documenten\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\mohamed\Bureaublad\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\b84c4b9c3e0aaba50c c:\b84c4b9c3e0aaba50c\amd64\filterpipelineprintproc.dll c:\b84c4b9c3e0aaba50c\amd64\msxpsdrv.cat c:\b84c4b9c3e0aaba50c\amd64\msxpsdrv.inf c:\b84c4b9c3e0aaba50c\amd64\msxpsinc.gpd c:\b84c4b9c3e0aaba50c\amd64\msxpsinc.ppd c:\b84c4b9c3e0aaba50c\amd64\mxdwdrv.dll c:\b84c4b9c3e0aaba50c\amd64\xpssvcs.dll c:\b84c4b9c3e0aaba50c\i386\filterpipelineprintproc.dll c:\b84c4b9c3e0aaba50c\i386\msxpsdrv.cat c:\b84c4b9c3e0aaba50c\i386\msxpsdrv.inf c:\b84c4b9c3e0aaba50c\i386\msxpsinc.gpd c:\b84c4b9c3e0aaba50c\i386\msxpsinc.ppd c:\b84c4b9c3e0aaba50c\i386\mxdwdrv.dll c:\b84c4b9c3e0aaba50c\i386\xpssvcs.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))) . . 2012-04-16 09:10 . 2012-04-16 09:10 -------- d-----w- C:\BJPrinter 2012-04-16 09:07 . 2012-04-16 09:07 -------- d-----w- c:\documents and settings\mohamed\Application Data\ScanSoft 2012-04-16 09:07 . 2012-04-16 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SSScanWizard 2012-04-16 09:07 . 2012-04-16 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SSScanAppDataDir 2012-04-16 09:06 . 2012-04-16 09:07 -------- d-----w- c:\program files\Common Files\ScanSoft Shared 2012-04-16 09:04 . 2012-04-16 09:04 -------- d-----w- c:\program files\ArcSoft 2012-04-16 09:00 . 2012-04-16 09:09 -------- d-----w- c:\windows\LastGood 2012-04-16 08:59 . 2012-04-16 08:59 -------- d-----w- C:\CanonMP 2012-04-16 08:56 . 2012-04-16 09:04 -------- d-----w- c:\program files\Canon 2012-04-16 08:31 . 2012-04-16 09:45 -------- d--h--r- c:\documents and settings\mohamed\Onlangs geopend 2012-04-16 08:08 . 2012-04-16 08:08 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0D0A7D8-4A3D-4378-AB3D-B860CF488B41}\offreg.dll 2012-04-16 08:08 . 2012-04-16 08:08 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0D0A7D8-4A3D-4378-AB3D-B860CF488B41}\MpKsla59c4b33.sys 2012-04-16 07:58 . 2012-03-13 17:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-04-16 07:53 . 2012-03-13 17:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0D0A7D8-4A3D-4378-AB3D-B860CF488B41}\mpengine.dll 2012-04-15 16:56 . 2012-04-15 16:56 -------- d-----w- c:\program files\CCleaner 2012-04-15 14:10 . 2012-04-15 14:10 -------- d-----w- c:\program files\Common Files\Windows Live 2012-04-15 14:08 . 2012-04-15 14:08 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2012-04-15 14:06 . 2012-04-15 14:06 -------- d-----w- c:\windows\system32\winrm 2012-04-15 14:05 . 2012-04-15 14:07 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$ 2012-04-15 14:00 . 2012-04-15 14:00 -------- d-----w- c:\documents and settings\mohamed\Application Data\Windows Desktop Search 2012-04-15 13:57 . 2012-04-15 14:33 -------- d-----w- c:\program files\Windows Desktop Search 2012-04-15 13:49 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll 2012-04-15 13:49 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll 2012-04-15 13:49 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll 2012-04-14 20:25 . 2012-04-14 20:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2012-04-14 19:35 . 2012-01-09 16:20 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys 2012-04-14 19:34 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll 2012-04-14 19:34 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\dllcache\iacenc.dll 2012-04-14 19:29 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys 2012-04-14 19:28 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys 2012-04-14 19:22 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2012-04-14 19:22 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe 2012-04-14 19:21 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2012-04-14 19:21 . 2011-02-08 13:33 978944 ------w- c:\windows\system32\dllcache\mfc42.dll 2012-04-14 19:20 . 2010-08-23 16:13 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2012-04-14 18:23 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-04-14 18:17 . 2012-04-14 18:18 -------- d-----w- c:\program files\Microsoft Security Client 2012-04-14 18:01 . 2012-04-14 18:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2012-04-14 17:41 . 2012-04-14 17:41 -------- d-----w- c:\windows\l2schemas 2012-04-14 17:41 . 2012-04-14 17:41 -------- d-----w- c:\windows\system32\nl 2012-04-14 17:07 . 2012-04-14 17:07 -------- d-sh--w- c:\documents and settings\mohamed\IECompatCache 2012-04-14 17:06 . 2012-04-14 17:06 -------- d-sh--w- c:\documents and settings\mohamed\PrivacIE 2012-04-14 17:05 . 2012-04-14 17:05 -------- d-sh--w- c:\documents and settings\mohamed\IETldCache 2012-04-14 16:58 . 2012-04-14 17:00 -------- dc-h--w- c:\windows\ie8 2012-04-14 16:55 . 2012-04-14 16:54 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-14 16:52 . 2012-03-01 11:00 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2012-04-14 16:52 . 2012-03-01 11:00 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2012-04-14 16:52 . 2012-03-01 11:00 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2012-04-14 13:32 . 2011-02-17 13:18 357888 ------w- c:\windows\system32\dllcache\srv.sys 2012-04-14 13:31 . 2011-07-15 13:29 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2012-04-14 13:31 . 2009-11-21 16:03 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2012-04-14 13:31 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2012-04-14 13:31 . 2010-08-27 08:03 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2012-04-14 13:31 . 2009-10-15 16:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2012-04-14 13:30 . 2009-06-21 21:49 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2012-04-14 13:30 . 2009-06-10 07:22 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll 2012-04-14 13:29 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2012-04-14 13:28 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2012-04-14 13:28 . 2011-10-26 10:50 2197120 ------w- c:\windows\system32\dllcache\ntoskrnl.exe 2012-04-14 13:28 . 2009-03-06 14:23 285696 ------w- c:\windows\system32\dllcache\pdh.dll 2012-04-14 13:28 . 2009-02-09 11:27 111104 ------w- c:\windows\system32\dllcache\services.exe 2012-04-14 13:28 . 2009-02-09 10:56 684544 ------w- c:\windows\system32\dllcache\advapi32.dll 2012-04-14 13:28 . 2009-02-09 10:56 401408 ------w- c:\windows\system32\dllcache\rpcss.dll 2012-04-14 13:28 . 2009-02-09 10:56 473600 ------w- c:\windows\system32\dllcache\fastprox.dll 2012-04-14 13:28 . 2011-10-26 10:50 2153472 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe 2012-04-14 13:28 . 2010-12-20 17:25 735232 ------w- c:\windows\system32\dllcache\lsasrv.dll 2012-04-14 13:28 . 2010-12-09 15:15 739328 ------w- c:\windows\system32\dllcache\ntdll.dll 2012-04-14 13:28 . 2009-02-09 10:56 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2012-04-14 13:28 . 2011-10-26 10:50 2031616 ------w- c:\windows\system32\dllcache\ntkrpamp.exe 2012-04-14 13:26 . 2008-10-15 16:37 337408 ------w- c:\windows\system32\dllcache\netapi32.dll 2012-04-14 13:25 . 2010-07-16 11:58 221184 ------w- c:\windows\system32\dllcache\wordpad.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-14 16:54 . 2007-06-23 20:02 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-03-01 11:00 . 2004-08-23 17:17 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:00 . 1979-12-31 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-01 11:00 . 1979-12-31 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 1979-12-31 23:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 1979-12-31 23:00 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec 2012-02-03 09:57 . 1979-12-31 23:00 1860224 ----a-w- c:\windows\system32\win32k.sys 2002-09-24 20:01 . 2002-09-24 20:01 245760 -c--a-w- c:\program files\opera\program\plugins\dapop.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-04-15_19.25.42 ))))))))))))))))))))))))))))))))))))))))) . + 2012-04-16 08:59 . 2003-08-05 19:44 86016 c:\windows\twain_32\MP110\SCRPRMV.DLL + 2012-04-16 08:59 . 2004-02-04 22:01 77824 c:\windows\twain_32\MP110\RSTCOL.DLL + 2012-04-16 08:59 . 2001-09-10 16:44 98304 c:\windows\twain_32\MP110\RMSLANTC.DLL + 2012-04-16 08:59 . 2001-09-10 16:44 36864 c:\windows\twain_32\MP110\NBS4MB.DLL + 2012-04-16 08:59 . 2003-08-21 19:55 24576 c:\windows\twain_32\MP110\JDA_CIMG.DLL + 2012-04-16 08:59 . 1998-06-17 01:14 45056 c:\windows\twain_32\MP110\CANOIT32.EXE + 2012-04-16 09:01 . 2004-07-12 12:54 81920 c:\windows\twain_32\CNQSG\SGSTRES.dll + 2012-04-16 09:01 . 1996-04-26 03:23 25600 c:\windows\twain_32\CNQSG\Iffpcx32.dll + 2012-04-16 09:01 . 1996-04-26 03:24 83968 c:\windows\twain_32\CNQSG\Iffjpg32.dll + 2012-04-16 09:01 . 1996-04-26 03:21 20992 c:\windows\twain_32\CNQSG\Hiffl32.dll + 2012-04-16 09:01 . 2001-03-02 23:34 49152 c:\windows\twain_32\CNQSG\ExtDDI.dll + 2012-04-16 09:01 . 1997-11-17 00:30 87552 c:\windows\twain_32\CNQSG\Cfpapi.dll + 2012-04-16 08:03 . 2012-04-16 08:04 16384 c:\windows\Temp\Perflib_Perfdata_3b0.dat + 2012-04-16 09:09 . 2004-09-07 15:22 94208 c:\windows\LastGood\system32\CNCL110.DLL + 2012-04-16 09:09 . 2004-10-26 05:15 49152 c:\windows\LastGood\system32\cncisco.dll + 2012-04-16 09:09 . 2004-10-26 05:03 90112 c:\windows\LastGood\system32\CNCI110.DLL + 2012-04-16 09:07 . 2012-04-16 09:07 53248 c:\windows\Installer\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}\_17B2407FE16E_4666_99A0_2FFCA0A8D3BA.exe + 2012-04-16 08:59 . 2004-02-19 09:23 6973 c:\windows\twain_32\MP110\CNCS110.DAT + 2012-04-16 09:07 . 2012-04-16 09:07 4710 c:\windows\Installer\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}\Op.exe + 2012-04-16 08:59 . 2004-10-26 05:00 671744 c:\windows\twain_32\MP110\TPM.DLL + 2012-04-16 08:59 . 2004-09-07 00:36 794624 c:\windows\twain_32\MP110\SGUI.dll + 2012-04-16 08:59 . 2004-09-07 00:34 126976 c:\windows\twain_32\MP110\SCANINTF.DLL + 2012-04-16 08:59 . 2001-09-10 16:44 479232 c:\windows\twain_32\MP110\NBSCOR4M.DLL + 2012-04-16 08:59 . 1998-06-17 01:14 119808 c:\windows\twain_32\MP110\ITLIB32.DLL + 2012-04-16 08:59 . 2004-09-07 00:34 151552 c:\windows\twain_32\MP110\IOP.DLL + 2012-04-16 08:59 . 2004-09-09 06:14 966656 c:\windows\twain_32\MP110\CSUI_RES.DLL + 2012-04-16 09:01 . 2002-05-24 01:04 389180 c:\windows\twain_32\CNQSG\Ucs32P.dll + 2012-04-16 09:01 . 2003-04-28 12:32 151552 c:\windows\twain_32\CNQSG\PCAT.dll + 2012-04-16 09:01 . 2003-05-12 15:00 110592 c:\windows\twain_32\CNQSG\paftopdf.dll + 2012-04-16 09:01 . 2000-03-08 02:28 270336 c:\windows\twain_32\CNQSG\libtiff.dll + 2012-04-16 09:01 . 1995-07-17 00:13 118272 c:\windows\twain_32\CNQSG\Ifftif32.dll + 2012-04-16 09:01 . 1997-11-07 02:55 112128 c:\windows\twain_32\CNQSG\cfpJpeg.dll + 2012-04-16 09:01 . 1997-11-17 00:26 468992 c:\windows\twain_32\CNQSG\CEFPIX.DLL + 2012-04-16 09:09 . 2004-10-26 05:04 557056 c:\windows\LastGood\system32\CNCC110.DLL + 2012-04-16 08:59 . 2004-09-07 00:36 1622016 c:\windows\twain_32\MP110\CSUI.DLL + 2012-04-16 08:59 . 2004-08-24 12:20 1048800 c:\windows\twain_32\MP110\CNC110R.DAT + 2012-04-16 08:59 . 2004-08-25 06:26 1601424 c:\windows\twain_32\MP110\CNC110.DAT + 2012-04-16 09:01 . 2004-09-24 17:01 1257472 c:\windows\twain_32\CNQSG\SGST.exe + 2012-04-16 09:01 . 2004-03-04 12:01 1966080 c:\windows\twain_32\CNQSG\pafcv2.dll + 2012-04-16 09:01 . 2001-08-23 14:25 1706800 c:\windows\twain_32\CNQSG\gdiplus.dll + 2012-04-16 09:07 . 2012-04-16 09:07 2914304 c:\windows\Installer\394545.msi . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-08-31 185632] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "ScanGearStarter"="c:\windows\twain_32\CNQSG\SGST.exe" [2004-09-24 1257472] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^KODAK Picture Transfer Software.lnk] backup=c:\windows\pss\KODAK Picture Transfer Software.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^KODAK Software Updater.lnk] backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] 2001-07-25 09:00 188472 -c--a-w- c:\program files\Microsoft Money\System\Money Express.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell] 2001-07-25 09:00 188472 -c--a-w- c:\program files\Microsoft Money\System\Money Express.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2007-08-31 20:11 185632 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Service] 2007-08-31 20:11 185632 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCSPlayer] 2002-06-07 11:34 299008 -c--a-w- c:\program files\Virtual CD v4 SDK\System\vcsplay.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-11-02 21:53 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "86:TCP"= 86:TCP:BroadCam Web Server "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R1 MpKsla59c4b33;MpKsla59c4b33;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0D0A7D8-4A3D-4378-AB3D-B860CF488B41}\MpKsla59c4b33.sys [16-4-2012 10:08 29904] R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [22-12-2006 22:24 6942] R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\drivers\vcsmpdrv.sys [22-12-2006 22:28 49232] R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\System\vcssecs.exe [22-12-2006 22:28 139264] R3 STAC97NA;SigmaTel 3D Environmental Audio;c:\windows\system32\drivers\stac97na.sys [20-9-2002 19:42 296179] R3 STAC97NH;STAC97NH;c:\windows\system32\drivers\stac97nh.sys [1-1-1980 1:00 231983] S2 nhksrv;Netropa NHK Server;c:\apps\ActivBoard\nhksrv.exe [22-12-2006 22:24 28672] S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?] S3 V90drv;v90drv;c:\windows\system32\drivers\v90drv.sys [29-11-2001 17:09 1432836] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [1-1-1980 1:00 14336] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - MPKSLA59C4B33 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Inhoud van de 'Gedeelde Taken' map . 2008-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57] . 2012-04-16 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39] . 2012-04-15 c:\windows\Tasks\User_Feed_Synchronization-{5140E06D-E1AE-4DDC-9B17-F78C9F6F9A84}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.mebec.weblinker.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = 127.0.0.1 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html IE: {{1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - c:\apps\IECustom\script.htm Trusted Zone: imageshack.us\toolbar TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-04-16 13:12 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-725345543-1292428093-682003330-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44DDD7DB-C851-F5D8-43BBD1CB976AABCC}\{47326943-CE6C-E3D1-74FCCAE0772B4FAB}\{FA8F0E33-B888-6EFF-6240990870DDF055}*] "S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50, 9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHôwæ*] "DisplayName"="\09" "DeviceDesc"="\09" "ProviderName"="" "MFG"="?" "ReinstallString"="2002, 6.13.10.6166" "DeviceInstanceIds"=multi:"\00" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(588) c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2012-04-16 13:16:24 ComboFix-quarantined-files.txt 2012-04-16 11:16 ComboFix2.txt 2012-04-15 19:34 . Pre-Run: 98.817.708.032 bytes beschikbaar Post-Run: 98.867.204.096 bytes beschikbaar . - - End Of File - - D95C9F959D825F83E79A3BA0E4FEC82B
  20. elboujoufi
    Hoi Kape Hier het bestandje, maar vooraf wil je vertellen dat ik wanneer ik de pc heb gekocht Norton Antivirus vooraf geinstalleerd is, maar wanneer ik deze niet nodig had, deze niet kon verwijderen, wellicht dat hier iets mee te mazken had !! Alvast Bedankt !! ComboFix 12-04-15.02 - mohamed 15-04-2012 21:05:56.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.259 [GMT 2:00] Gestart vanuit: c:\documents and settings\mohamed\Mijn documenten\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Default User\WINDOWS c:\documents and settings\mohamed\Application Data\RegistrySmart c:\documents and settings\mohamed\Application Data\RegistrySmart\Errors.stg c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 11 - 05_04_46 PM_953.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 11 - 05_04_48 PM_578.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 12 - 03_38_49 AM_859.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 12 - 08_12_43 AM_109.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 12 - 11_53_30 AM_640.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 13 - 05_44_56 PM_781.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 13 - 08_32_28 AM_218.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 14 - 10_54_21 AM_781.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 15 - 07_41_12 PM_002.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 15 - 12_31_36 PM_625.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 16 - 01_06_20 PM_093.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 16 - 06_25_10 PM_609.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 16 - 07_35_55 PM_453.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 16 - 08_32_31 AM_484.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 17 - 03_24_52 AM_812.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 17 - 03_30_04 AM_359.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 17 - 07_43_53 PM_281.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 17 - 08_54_03 AM_687.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 18 - 03_28_30 AM_234.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 18 - 06_32_51 PM_000.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 19 - 09_02_17 AM_593.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 20 - 03_30_00 AM_578.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 20 - 11_25_59 AM_859.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 21 - 08_19_54 PM_437.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 21 - 11_06_24 AM_312.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 22 - 07_34_57 PM_546.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 22 - 10_48_43 AM_046.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 23 - 03_29_04 AM_250.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 23 - 06_10_49 PM_296.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Jul 23 - 08_59_05 AM_359.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Sep 03 - 12_33_28 PM_671.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Log\2007 Sep 03 - 12_33_41 PM_937.log c:\documents and settings\mohamed\Application Data\RegistrySmart\Registry Backups\2007-07-11_17-12-53.reg c:\documents and settings\mohamed\Application Data\RegistrySmart\Registry Backups\2007-07-13_08-50-42.reg c:\documents and settings\mohamed\Application Data\RegistrySmart\Registry Backups\2007-07-16_20-05-12.reg c:\documents and settings\mohamed\Application Data\RegistrySmart\Registry Backups\2007-07-17_03-37-22.reg c:\documents and settings\mohamed\Application Data\RegistrySmart\Registry Backups\2007-07-17_03-37-38.reg c:\documents and settings\mohamed\Application Data\RegistrySmart\Registry Backups\2007-07-20_03-32-12.reg c:\documents and settings\mohamed\Application Data\RegistrySmart\Registry Backups\2007-07-20_11-39-59.reg c:\documents and settings\mohamed\Application Data\RegistrySmart\Registry Backups\2007-07-20_11-40-21.reg c:\documents and settings\mohamed\Application Data\RegistrySmart\Results.stg c:\documents and settings\mohamed\WINDOWS c:\program files\A.ico c:\program files\a.zip c:\program files\B.ico c:\program files\b.zip c:\program files\c.zip c:\program files\Conference c:\program files\Conference\Conference.exe c:\program files\Internet Explorer\SET114.tmp c:\program files\Internet Explorer\SET115.tmp c:\program files\Internet Explorer\SET117.tmp c:\program files\Internet Explorer\SETA5.tmp c:\program files\Internet Explorer\SETA6.tmp c:\program files\Internet Explorer\SETA8.tmp c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI c:\windows\IsUn0413.exe c:\windows\SwSys1.bmp c:\windows\SwSys2.bmp c:\windows\system32\bqgrrkol.ini c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\dllcache\wmpvis.dll c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\ghkmp.bak1 c:\windows\system32\ghkmp.bak2 c:\windows\system32\ghkmp.ini c:\windows\system32\ghkmp.ini2 c:\windows\system32\ghkmp.tmp c:\windows\system32\help.chm c:\windows\system32\hrskikbv.ini c:\windows\system32\icclwnit.ini c:\windows\system32\iddnityw.ini c:\windows\system32\iohsvmne.ini c:\windows\system32\PowerToyReadme.htm c:\windows\system32\qskrrspf.ini c:\windows\system32\rnaph.dll c:\windows\system32\SET121.tmp c:\windows\system32\SET122.tmp c:\windows\system32\SET124.tmp c:\windows\system32\SET125.tmp c:\windows\system32\SET126.tmp c:\windows\system32\SET127.tmp c:\windows\system32\SET128.tmp c:\windows\system32\SET12A.tmp c:\windows\system32\SET12C.tmp c:\windows\system32\SET12D.tmp c:\windows\system32\SET12E.tmp c:\windows\system32\SET131.tmp c:\windows\system32\SET132.tmp c:\windows\system32\SET135.tmp c:\windows\system32\SET136.tmp c:\windows\system32\SET138.tmp c:\windows\system32\SET13B.tmp c:\windows\system32\SET13C.tmp c:\windows\system32\SET13D.tmp c:\windows\system32\SET13E.tmp c:\windows\system32\SET13F.tmp c:\windows\system32\SET140.tmp c:\windows\system32\SET144.tmp c:\windows\system32\SET145.tmp c:\windows\system32\SET146.tmp c:\windows\system32\SET147.tmp c:\windows\system32\SET148.tmp c:\windows\system32\SET149.tmp c:\windows\system32\SET14A.tmp c:\windows\system32\SET14B.tmp c:\windows\system32\SET14C.tmp c:\windows\system32\SET14D.tmp c:\windows\system32\SET14E.tmp c:\windows\system32\SET150.tmp c:\windows\system32\SET151.tmp c:\windows\system32\SET152.tmp c:\windows\system32\SET153.tmp c:\windows\system32\SET3E.tmp c:\windows\system32\SETB2.tmp c:\windows\system32\SETB3.tmp c:\windows\system32\SETB5.tmp c:\windows\system32\SETB6.tmp c:\windows\system32\SETB7.tmp c:\windows\system32\SETB8.tmp c:\windows\system32\SETB9.tmp c:\windows\system32\SETBB.tmp c:\windows\system32\SETBD.tmp c:\windows\system32\SETBE.tmp c:\windows\system32\SETBF.tmp c:\windows\system32\SETC2.tmp c:\windows\system32\SETC3.tmp c:\windows\system32\SETC6.tmp c:\windows\system32\SETC7.tmp c:\windows\system32\SETC9.tmp c:\windows\system32\SETCC.tmp c:\windows\system32\SETCD.tmp c:\windows\system32\SETCE.tmp c:\windows\system32\SETCF.tmp c:\windows\system32\SETD0.tmp c:\windows\system32\SETD1.tmp c:\windows\system32\SETD5.tmp c:\windows\system32\SETD6.tmp c:\windows\system32\SETD7.tmp c:\windows\system32\SETD8.tmp c:\windows\system32\SETD9.tmp c:\windows\system32\SETDA.tmp c:\windows\system32\SETDB.tmp c:\windows\system32\SETDC.tmp c:\windows\system32\SETDD.tmp c:\windows\system32\SETDE.tmp c:\windows\system32\SETDF.tmp c:\windows\system32\SETE1.tmp c:\windows\system32\SETE2.tmp c:\windows\system32\SETE3.tmp c:\windows\system32\SETE4.tmp c:\windows\system32\ufujwpkf.ini c:\windows\system32\x.exe c:\windows\ZZZ8F.tmp c:\windows\ZZZ90.tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))) . . 2012-04-15 18:55 . 2012-04-15 18:55 -------- d--h--r- c:\documents and settings\mohamed\Onlangs geopend 2012-04-15 18:25 . 2012-04-15 18:25 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20C0BEA7-5929-4FB6-BD7E-88FB1D40E3F9}\MpKsl7d8264f5.sys 2012-04-15 16:56 . 2012-04-15 16:56 -------- d-----w- c:\program files\CCleaner 2012-04-15 14:10 . 2012-04-15 14:10 -------- d-----w- c:\program files\Common Files\Windows Live 2012-04-15 14:08 . 2012-04-15 14:08 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2012-04-15 14:06 . 2012-04-15 14:06 -------- d-----w- c:\windows\system32\winrm 2012-04-15 14:05 . 2012-04-15 14:07 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$ 2012-04-15 14:00 . 2012-04-15 14:00 -------- d-----w- c:\documents and settings\mohamed\Application Data\Windows Desktop Search 2012-04-15 13:57 . 2012-04-15 14:33 -------- d-----w- c:\program files\Windows Desktop Search 2012-04-15 13:49 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll 2012-04-15 13:49 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll 2012-04-15 13:49 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll 2012-04-15 12:53 . 2012-04-15 17:23 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20C0BEA7-5929-4FB6-BD7E-88FB1D40E3F9}\offreg.dll 2012-04-14 20:38 . 2012-04-14 20:40 -------- d-----w- C:\b84c4b9c3e0aaba50c 2012-04-14 20:25 . 2012-04-14 20:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2012-04-14 19:35 . 2012-01-09 16:20 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys 2012-04-14 19:34 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll 2012-04-14 19:34 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\dllcache\iacenc.dll 2012-04-14 19:29 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys 2012-04-14 19:28 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys 2012-04-14 19:22 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2012-04-14 19:22 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe 2012-04-14 19:21 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2012-04-14 19:21 . 2011-02-08 13:33 978944 ------w- c:\windows\system32\dllcache\mfc42.dll 2012-04-14 19:20 . 2010-08-23 16:13 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2012-04-14 18:24 . 2012-03-13 17:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20C0BEA7-5929-4FB6-BD7E-88FB1D40E3F9}\mpengine.dll 2012-04-14 18:23 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-04-14 18:17 . 2012-04-14 18:18 -------- d-----w- c:\program files\Microsoft Security Client 2012-04-14 18:01 . 2012-04-14 18:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2012-04-14 17:41 . 2012-04-14 17:41 -------- d-----w- c:\windows\l2schemas 2012-04-14 17:41 . 2012-04-14 17:41 -------- d-----w- c:\windows\system32\nl 2012-04-14 17:07 . 2012-04-14 17:07 -------- d-sh--w- c:\documents and settings\mohamed\IECompatCache 2012-04-14 17:06 . 2012-04-14 17:06 -------- d-sh--w- c:\documents and settings\mohamed\PrivacIE 2012-04-14 17:05 . 2012-04-14 17:05 -------- d-sh--w- c:\documents and settings\mohamed\IETldCache 2012-04-14 16:58 . 2012-04-14 17:00 -------- dc-h--w- c:\windows\ie8 2012-04-14 16:55 . 2012-04-14 16:54 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-14 16:52 . 2012-03-01 11:00 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2012-04-14 16:52 . 2012-03-01 11:00 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2012-04-14 16:52 . 2012-03-01 11:00 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2012-04-14 13:32 . 2011-02-17 13:18 357888 ------w- c:\windows\system32\dllcache\srv.sys 2012-04-14 13:31 . 2011-07-15 13:29 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2012-04-14 13:31 . 2009-11-21 16:03 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2012-04-14 13:31 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2012-04-14 13:31 . 2010-08-27 08:03 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2012-04-14 13:31 . 2009-10-15 16:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2012-04-14 13:30 . 2009-06-21 21:49 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2012-04-14 13:30 . 2009-06-10 07:22 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll 2012-04-14 13:29 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2012-04-14 13:28 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2012-04-14 13:28 . 2011-10-26 10:50 2197120 ------w- c:\windows\system32\dllcache\ntoskrnl.exe 2012-04-14 13:28 . 2009-03-06 14:23 285696 ------w- c:\windows\system32\dllcache\pdh.dll 2012-04-14 13:28 . 2009-02-09 11:27 111104 ------w- c:\windows\system32\dllcache\services.exe 2012-04-14 13:28 . 2009-02-09 10:56 684544 ------w- c:\windows\system32\dllcache\advapi32.dll 2012-04-14 13:28 . 2009-02-09 10:56 401408 ------w- c:\windows\system32\dllcache\rpcss.dll 2012-04-14 13:28 . 2009-02-09 10:56 473600 ------w- c:\windows\system32\dllcache\fastprox.dll 2012-04-14 13:28 . 2011-10-26 10:50 2153472 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe 2012-04-14 13:28 . 2010-12-20 17:25 735232 ------w- c:\windows\system32\dllcache\lsasrv.dll 2012-04-14 13:28 . 2010-12-09 15:15 739328 ------w- c:\windows\system32\dllcache\ntdll.dll 2012-04-14 13:28 . 2009-02-09 10:56 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2012-04-14 13:28 . 2011-10-26 10:50 2031616 ------w- c:\windows\system32\dllcache\ntkrpamp.exe 2012-04-14 13:26 . 2008-10-15 16:37 337408 ------w- c:\windows\system32\dllcache\netapi32.dll 2012-04-14 13:25 . 2010-07-16 11:58 221184 ------w- c:\windows\system32\dllcache\wordpad.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-14 16:54 . 2007-06-23 20:02 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-03-01 11:00 . 2004-08-23 17:17 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:00 . 1979-12-31 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-01 11:00 . 1979-12-31 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 1979-12-31 23:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 1979-12-31 23:00 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec 2012-02-03 09:57 . 1979-12-31 23:00 1860224 ----a-w- c:\windows\system32\win32k.sys 2002-09-24 20:01 . 2002-09-24 20:01 245760 -c--a-w- c:\program files\opera\program\plugins\dapop.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-08-31 185632] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^KODAK Picture Transfer Software.lnk] backup=c:\windows\pss\KODAK Picture Transfer Software.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^KODAK Software Updater.lnk] backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Manolito HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] 2007-01-09 20:59 115816 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] 2001-07-25 09:00 188472 -c--a-w- c:\program files\Microsoft Money\System\Money Express.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell] 2001-07-25 09:00 188472 -c--a-w- c:\program files\Microsoft Money\System\Money Express.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2007-08-31 20:11 185632 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Service] 2007-08-31 20:11 185632 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCSPlayer] 2002-06-07 11:34 299008 -c--a-w- c:\program files\Virtual CD v4 SDK\System\vcsplay.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-11-02 21:53 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "86:TCP"= 86:TCP:BroadCam Web Server "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R1 MpKsl7d8264f5;MpKsl7d8264f5;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{20C0BEA7-5929-4FB6-BD7E-88FB1D40E3F9}\MpKsl7d8264f5.sys [15-4-2012 20:25 29904] R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [22-12-2006 22:24 6942] R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\drivers\vcsmpdrv.sys [22-12-2006 22:28 49232] R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\System\vcssecs.exe [22-12-2006 22:28 139264] R3 STAC97NA;SigmaTel 3D Environmental Audio;c:\windows\system32\drivers\stac97na.sys [20-9-2002 19:42 296179] R3 STAC97NH;STAC97NH;c:\windows\system32\drivers\stac97nh.sys [1-1-1980 1:00 231983] S2 nhksrv;Netropa NHK Server;c:\apps\ActivBoard\nhksrv.exe [22-12-2006 22:24 28672] S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?] S3 V90drv;v90drv;c:\windows\system32\drivers\v90drv.sys [29-11-2001 17:09 1432836] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [1-1-1980 1:00 14336] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - MPKSL7D8264F5 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Inhoud van de 'Gedeelde Taken' map . 2008-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57] . 2012-04-15 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39] . 2012-04-15 c:\windows\Tasks\User_Feed_Synchronization-{5140E06D-E1AE-4DDC-9B17-F78C9F6F9A84}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.mebec.weblinker.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = 127.0.0.1 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: {{1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - c:\apps\IECustom\script.htm Trusted Zone: imageshack.us\toolbar TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) SafeBoot-svcWRSSSDK MSConfigStartUp-icq - (no file) MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe MSConfigStartUp-zBrowser Launcher - c:\logitech\iTouch\iTouch.exe AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0413.EXE AddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-04-15 21:25 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-725345543-1292428093-682003330-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44DDD7DB-C851-F5D8-43BBD1CB976AABCC}\{47326943-CE6C-E3D1-74FCCAE0772B4FAB}\{FA8F0E33-B888-6EFF-6240990870DDF055}*] "S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50, 9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHôwæ*] "DisplayName"="\09" "DeviceDesc"="\09" "ProviderName"="" "MFG"="?" "ReinstallString"="2002, 6.13.10.6166" "DeviceInstanceIds"=multi:"\00" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(612) c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2012-04-15 21:34:38 ComboFix-quarantined-files.txt 2012-04-15 19:34 . Pre-Run: 98.123.640.832 bytes beschikbaar Post-Run: 98.668.584.960 bytes beschikbaar . WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn C:\="Microsoft Windows" . - - End Of File - - 4B39301CDD0C68B1C28565AA5084C0D2
  21. elboujoufi
    Hallo Stegisoft Bedankt voor he supernel reageren\ Hier is het script Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:59:33, on 15-4-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Apps\ActivBoard\nhksrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\PAStiSvc.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\mohamed\Mijn documenten\HijackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De eerste stap naar succes op het Internet begint hier : Weblinker.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe" O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=www.packardbell.nl/center O15 - Trusted Zone: ImageShack® - Tstart O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166823665452 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182413505062 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe -- End of file - 7633 bytes
  22. elboujoufi
    hallo ik heb een windows xp computer, direct al bij het opstarten moet ik ongeveer 5 minuten wachten, voordat ik kan beginnen, en bij het surfen op het internet gaat het ook al niet beter, ik heb de laatste dagen overbodige bestanden en software verwijderd om het iets sneller te maken, maar het heeft niets opgeleverd heb ook via microsoft essentials of er een virus in ziet, kon niets vinden, ben dus een beetje radeloos geworden, en hoop dat jullie mij kunnen helpen m.b
  23. elboujoufi
    Hallo Gerjannn Probleem is opgelost, alle websites openen zich nu in een nieuw venster Hartelijk dank voor de hulp
  24. elboujoufi
    Ik heb nu IE9 vervangen door IE8, maar helaas zijn de problemen nog steeds niet opgelost, websites openen nog steeds in hetzelfde venster, zowel linkermuisknop als scrollknop, het ligt denk ik ergens anders aan
  25. elboujoufi
    Ik heb windows internet explorer 9 verwijdert uit de map downloads, daarna de pc opnieuw opgestart, maar bij het downloaden van IE 8 gaf de pc aan dat ik dat ik nog steeds de nieuwste versie heb, moet ik ook iets bij software verwijderen, heb daar gekeken, maar er stond niets van internet exploren 9 op.
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.