John79

ComboFix 12-05-01.02 - Akke 03-05-2012 21:57:50.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1014.472 [GMT 2:00] Gestart vanuit: c:\documents and settings\Akke\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Akke\Bureaublad\cfscript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Akke\Application Data\Funmoods c:\program files\Funmoods . . (((((((((((((((((((( Bestanden Gemaakt van 2012-04-03 to 2012-05-03 )))))))))))))))))))))))))))))) . . 2012-04-30 06:38 . 2012-05-03 19:49 -------- dc-h--r- c:\documents and settings\Akke\Onlangs geopend 2012-04-28 08:12 . 2012-04-28 08:12 -------- dc----w- c:\documents and settings\Akke\Application Data\AVG2012 2012-04-28 08:04 . 2012-04-28 08:04 -------- dc----w- c:\documents and settings\Akke\Local Settings\Application Data\AVG Secure Search 2012-04-28 08:03 . 2012-04-28 08:03 -------- dc----w- c:\documents and settings\Akke\Application Data\AVG Secure Search 2012-04-28 08:03 . 2012-04-28 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search 2012-04-28 08:03 . 2012-04-28 08:03 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-04-28 08:03 . 2012-04-28 08:03 -------- d-----w- c:\program files\AVG Secure Search 2012-04-28 07:59 . 2012-05-03 19:47 -------- d-----w- c:\windows\system32\drivers\AVG 2012-04-28 07:59 . 2012-04-28 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012 2012-04-28 07:57 . 2012-04-28 07:57 -------- d-----w- c:\program files\AVG 2012-04-27 19:30 . 2012-04-27 19:30 -------- dc----w- c:\documents and settings\Akke\Application Data\Malwarebytes 2012-04-27 19:30 . 2012-04-27 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-04-27 19:30 . 2012-04-27 19:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-27 19:30 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-19 20:26 . 2012-05-01 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\firebird 2012-04-19 19:24 . 2012-04-19 19:24 -------- dc----w- c:\documents and settings\Akke\Local Settings\Application Data\Sun 2012-04-19 19:19 . 2012-04-19 19:18 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-04-19 19:00 . 2012-04-19 19:00 -------- d-----w- c:\program files\NewJava 2012-04-19 18:12 . 2012-04-19 18:12 -------- d-----w- c:\program files\Common Files\Java 2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-04-15 08:02 . 2012-04-15 08:02 -------- dc----w- c:\documents and settings\Akke\Application Data\Ironsource 2012-04-11 19:30 . 2012-04-11 19:30 -------- d-----w- c:\program files\Convar 2012-04-08 18:36 . 2012-04-08 18:36 -------- dc----w- c:\documents and settings\Akke\Application Data\AdobeUM 2012-04-06 20:11 . 2012-04-06 20:11 -------- dc----w- C:\TMP 2012-04-06 20:10 . 2012-04-06 20:10 -------- d-----w- c:\program files\Common Files\InstallShield 2012-04-06 20:10 . 2003-03-13 22:55 32803 ------w- c:\windows\system32\drivers\DbDrv.sys 2012-04-06 20:09 . 2012-04-06 20:09 -------- d-----w- c:\windows\system32\Adobe 2012-04-06 20:09 . 2006-12-21 22:11 40576 ------w- c:\windows\system32\drivers\VCommUSB.sys 2012-04-06 20:08 . 2012-04-17 18:05 -------- dc----w- C:\APPLIC 2012-04-06 20:01 . 2012-04-06 20:01 428088 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-04-06 19:55 . 2012-04-06 19:55 -------- dc----w- c:\documents and settings\Akke\Application Data\DAEMON Tools Pro 2012-04-06 19:55 . 2012-04-06 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-19 19:18 . 2011-01-25 09:07 567696 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-19 19:18 . 2009-07-19 19:47 141312 ----a-w- c:\windows\system32\javacpl.cpl 2012-03-19 03:17 . 2012-03-19 03:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2012-03-01 11:00 . 2008-09-24 02:18 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:00 . 2008-09-24 02:17 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 11:00 . 2008-09-24 02:17 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 2008-09-24 02:18 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2008-09-24 02:17 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17 . 2008-09-24 02:17 385024 ------w- c:\windows\system32\html.iec 2012-02-22 03:25 . 2012-02-22 03:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll [-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll [-] 2008-07-07 20:26 . F6C37073A269C163A5FDAE5BFF47F367 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll [7] 2008-04-15 12:00 . 42A7FC383B174D91162EBF44C8AA5349 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll . ((((((((((((((((((((((((((((( SnapShot@2012-05-01_19.38.38 ))))))))))))))))))))))))))))))))))))))))) . + 2012-05-03 19:36 . 2012-05-03 19:36 16384 c:\windows\Temp\Perflib_Perfdata_69c.dat + 2012-05-03 19:47 . 2012-05-03 19:47 2208768 c:\windows\Installer\ad362.msi . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-04-28 08:03 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-04-28 2067328] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 -c--a-w- c:\documents and settings\Akke\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 -c--a-w- c:\documents and settings\Akke\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 -c--a-w- c:\documents and settings\Akke\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 -c--a-w- c:\documents and settings\Akke\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-15 110592] "RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-24 102400] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504] "FIC HotKey"="c:\program files\Hotkey Utility\tray.exe" [2008-08-28 770048] "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-04-28 1116544] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] "fsc-reg"="c:\fsc-reg\fscreg.exe" [2008-07-03 375296] . c:\documents and settings\Akke\Menu Start\Programma's\Opstarten\ Dropbox.lnk - c:\documents and settings\Akke\Application Data\Dropbox\bin\Dropbox.exe [2012-2-15 24246216] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-3-14 2938184] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 00:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2010-09-10 16:20 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Documents and Settings\\Akke\\Application Data\\Dropbox\\bin\\Dropbox.exe"=" "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 4:50 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31-1-2012 4:46 31952] R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22-2-2012 5:25 235216] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19-3-2012 5:17 301248] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-2-2010 20:25 12872] R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [10-5-2010 20:41 67656] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 4:53 193288] R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [28-4-2012 10:03 932736] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232] R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [24-9-2008 4:19 153600] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8-4-2012 11:27 5158992] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 14:16 130384] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\applic\FIREBIRD\bin\fbguard.exe -s --> c:\applic\FIREBIRD\bin\fbguard.exe -s [?] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6-8-2010 13:43 136176] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [5-2-2012 14:30 30312] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\applic\FIREBIRD\bin\fbserver.exe -s --> c:\applic\FIREBIRD\bin\fbserver.exe -s [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6-8-2010 13:43 136176] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [4-2-2012 11:08 16472] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [4-2-2012 11:08 11104] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [5-2-2012 14:30 121064] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [5-2-2012 14:30 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [5-2-2012 14:30 136808] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [5-2-2012 14:30 114280] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 14:16 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 11:42] . 2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 11:42] . . ------- Bijkomende Scan ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll TCP: DhcpNameServer = 192.168.1.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-05-03 22:13 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-842764252-4073206757-2019703616-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1036) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . - - - - - - - > 'explorer.exe'(1196) c:\documents and settings\Akke\Application Data\Dropbox\bin\DropboxExt.14.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2012-05-03 22:17:57 ComboFix-quarantined-files.txt 2012-05-03 20:17 ComboFix2.txt 2012-05-01 19:54 . Pre-Run: 2.755.579.904 bytes beschikbaar Post-Run: 2.728.435.712 bytes beschikbaar . - - End Of File - - 4AD94A7F2AF105C235E643127414A72E

ComboFix 12-05-01.02 - Akke 01-05-2012 21:23:49.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1014.398 [GMT 2:00] Gestart vanuit: c:\documents and settings\Akke\Bureaublad\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Akke\Application Data\647C.9AD c:\documents and settings\Akke\ddcGetChart.exe c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe c:\windows\system32\C c:\windows\system32\system32 c:\windows\system32\system32\3DAudio.ax c:\windows\system32\system32\avrt.dll c:\windows\system32\system32\cis-2.4.dll c:\windows\system32\system32\issacapi_bs-2.3.dll c:\windows\system32\system32\issacapi_pe-2.3.dll c:\windows\system32\system32\issacapi_se-2.3.dll c:\windows\system32\system32\MACXMLProto.dll c:\windows\system32\system32\MaDRM.dll c:\windows\system32\system32\MaJGUILib.dll c:\windows\system32\system32\MAMACExtract.dll c:\windows\system32\system32\MASetupCleaner.exe c:\windows\system32\system32\MaXMLProto.dll c:\windows\system32\system32\mfplat.dll c:\windows\system32\system32\MK_Lyric.dll c:\windows\system32\system32\MSCLib.dll c:\windows\system32\system32\MSFLib.dll c:\windows\system32\system32\MSLUR71.dll c:\windows\system32\system32\msvcp60.dll c:\windows\system32\system32\MTTELECHIP.dll c:\windows\system32\system32\MTXSYNCICON.dll c:\windows\system32\system32\muzaf1.dll c:\windows\system32\system32\muzapp.dll c:\windows\system32\system32\muzapp.exe c:\windows\system32\system32\muzdecode.ax c:\windows\system32\system32\muzeffect.ax c:\windows\system32\system32\muzmp4sp.ax c:\windows\system32\system32\muzmpgsp.ax c:\windows\system32\system32\muzoggsp.ax c:\windows\system32\system32\muzwmts.dll c:\windows\system32\system32\psapi.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))) . . 2012-04-30 06:38 . 2012-04-30 18:50 -------- dc-h--r- c:\documents and settings\Akke\Onlangs geopend 2012-04-28 08:12 . 2012-04-28 08:12 -------- dc----w- c:\documents and settings\Akke\Application Data\AVG2012 2012-04-28 08:04 . 2012-04-28 08:04 -------- dc----w- c:\documents and settings\Akke\Local Settings\Application Data\AVG Secure Search 2012-04-28 08:03 . 2012-04-28 08:03 -------- dc----w- c:\documents and settings\Akke\Application Data\AVG Secure Search 2012-04-28 08:03 . 2012-04-28 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search 2012-04-28 08:03 . 2012-04-28 08:03 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-04-28 08:03 . 2012-04-28 08:03 -------- d-----w- c:\program files\AVG Secure Search 2012-04-28 07:59 . 2012-05-01 19:08 -------- d-----w- c:\windows\system32\drivers\AVG 2012-04-28 07:59 . 2012-04-28 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012 2012-04-28 07:57 . 2012-04-28 07:57 -------- d-----w- c:\program files\AVG 2012-04-27 19:30 . 2012-04-27 19:30 -------- dc----w- c:\documents and settings\Akke\Application Data\Malwarebytes 2012-04-27 19:30 . 2012-04-27 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-04-27 19:30 . 2012-04-27 19:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-27 19:30 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-19 20:26 . 2012-04-30 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\firebird 2012-04-19 19:24 . 2012-04-19 19:24 -------- dc----w- c:\documents and settings\Akke\Local Settings\Application Data\Sun 2012-04-19 19:19 . 2012-04-19 19:18 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-04-19 19:00 . 2012-04-19 19:00 -------- d-----w- c:\program files\NewJava 2012-04-19 18:12 . 2012-04-19 18:12 -------- d-----w- c:\program files\Common Files\Java 2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-04-17 20:28 . 2012-04-17 20:28 -------- d-----w- c:\program files\Alcohol Soft 2012-04-15 08:02 . 2012-04-15 08:02 -------- dc----w- c:\documents and settings\Akke\Application Data\Funmoods 2012-04-15 08:02 . 2012-04-15 08:02 -------- dc----w- c:\documents and settings\Akke\Application Data\Ironsource 2012-04-11 19:30 . 2012-04-11 19:30 -------- d-----w- c:\program files\Convar 2012-04-08 18:36 . 2012-04-08 18:36 -------- dc----w- c:\documents and settings\Akke\Application Data\AdobeUM 2012-04-06 20:11 . 2012-04-06 20:11 -------- dc----w- C:\TMP 2012-04-06 20:10 . 2012-04-06 20:10 -------- d-----w- c:\program files\Common Files\InstallShield 2012-04-06 20:10 . 2003-03-13 22:55 32803 ------w- c:\windows\system32\drivers\DbDrv.sys 2012-04-06 20:09 . 2012-04-06 20:09 -------- d-----w- c:\windows\system32\Adobe 2012-04-06 20:09 . 2006-12-21 22:11 40576 ------w- c:\windows\system32\drivers\VCommUSB.sys 2012-04-06 20:08 . 2012-04-17 18:05 -------- dc----w- C:\APPLIC 2012-04-06 20:01 . 2012-04-06 20:01 428088 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-04-06 19:58 . 2012-04-06 19:58 -------- d-----w- c:\program files\Funmoods 2012-04-06 19:55 . 2012-04-06 19:55 -------- dc----w- c:\documents and settings\Akke\Application Data\DAEMON Tools Pro 2012-04-06 19:55 . 2012-04-06 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-19 19:18 . 2011-01-25 09:07 567696 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-19 19:18 . 2009-07-19 19:47 141312 ----a-w- c:\windows\system32\javacpl.cpl 2012-03-19 03:17 . 2012-03-19 03:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2012-03-01 11:00 . 2008-09-24 02:18 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:00 . 2008-09-24 02:17 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 11:00 . 2008-09-24 02:17 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 2008-09-24 02:18 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2008-09-24 02:17 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17 . 2008-09-24 02:17 385024 ------w- c:\windows\system32\html.iec 2012-02-22 03:25 . 2012-02-22 03:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2012-02-03 09:57 . 2008-09-24 02:18 1860224 ----a-w- c:\windows\system32\win32k.sys . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-04-15 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys . [-] 2008-04-15 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys [-] 2008-04-15 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys . [-] 2008-04-15 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys [-] 2008-04-15 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys . [-] 2008-04-15 . 380397621E94B32C744E7B2CC1330390 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys . [-] 2008-04-15 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys [-] 2008-04-15 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys . [-] 2008-04-15 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\I386\NTFS.SYS [-] 2008-04-15 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys [-] 2008-04-15 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys . [-] 2008-04-15 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys [-] 2008-04-15 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys . [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-04-15 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys . [-] 2008-04-15 . 69EAA7501F53A40E8C04C69F2391224F . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll [-] 2008-04-15 . 69EAA7501F53A40E8C04C69F2391224F . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll . [-] 2008-04-15 . 8754210A3399D19610CE2D71E0C3E5D9 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe [-] 2008-04-15 . 8754210A3399D19610CE2D71E0C3E5D9 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe . [-] 2008-04-15 . 5431FB616ECAE0D587C5B97D0B86CBD8 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll [-] 2008-04-15 . 5431FB616ECAE0D587C5B97D0B86CBD8 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll . [-] 2008-04-15 12:00 . 49DEEDAED168FD4723934755BF55CCFE . 822784 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll [-] 2008-04-15 12:00 . 49DEEDAED168FD4723934755BF55CCFE . 822784 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll . [-] 2008-04-15 . 5C0073A51C4873430FA8B262E92183FF . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll [-] 2008-04-15 . 5C0073A51C4873430FA8B262E92183FF . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll . [-] 2009-02-09 . D8D28F6CABEC7D42B8E487E290563B9A . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll [-] 2009-02-09 . D9883335CC1C17AFC3A09C8AC3E4DBE4 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll [-] 2009-02-09 . D9883335CC1C17AFC3A09C8AC3E4DBE4 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll [-] 2008-04-15 . 70357A0F411DF464F9FF434F2DDCB68F . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll . [-] 2009-02-09 . 657B69389B893F440B07590C9E963F23 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe [-] 2009-02-09 . 657B69389B893F440B07590C9E963F23 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe [-] 2009-02-09 . D98A222A707FFE40043E533FE7A6BA24 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe [-] 2008-04-15 . B77BC5CD88EB96D4352AF5202EC4AEC2 . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe . [-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe [-] 2008-04-15 . DB454135DE1A09FE7FEDA7B554B5CCA2 . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe . [-] 2008-04-15 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2008-04-15 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe . [-] 2008-04-15 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys [-] 2008-04-15 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys . [-] 2010-08-23 . 7826282032F459694DE7BCE330FF31FC . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2010-08-23 . 7826282032F459694DE7BCE330FF31FC . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll [-] 2010-08-23 . 01D982636AFC3A79537B81D9C3DA897A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll [-] 2008-04-15 . EFD9660AF9177D90018AC9A9AA42310F . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll [-] 2008-04-15 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL [-] 2008-04-15 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [-] 2008-04-15 . 1EAA8CD46BFB33307ACAF10EFF80E8BD . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll . [-] 2008-04-15 . 0A9CF5D3CF63A8699F28C814EF821C7E . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll [-] 2008-04-15 . 0A9CF5D3CF63A8699F28C814EF821C7E . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll . [-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll [-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll [-] 2008-07-07 20:26 . F6C37073A269C163A5FDAE5BFF47F367 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll [-] 2008-04-15 12:00 . 42A7FC383B174D91162EBF44C8AA5349 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll . [-] 2008-04-15 . 58211BB9D2F5C761BFB504C2BBBA8D99 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll [-] 2008-04-15 . 58211BB9D2F5C761BFB504C2BBBA8D99 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll . [-] 2009-03-21 . CE7EFE07C7119C8CD09D953AD9ECA7CD . 1030656 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll [-] 2009-03-21 . CE7EFE07C7119C8CD09D953AD9ECA7CD . 1030656 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll [-] 2009-03-21 . 93E2307273AE7B2D5418E132902373A7 . 1032704 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [-] 2008-04-15 . 09BCB7171F8172C2BA0189FE1F9C25CB . 1030656 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll . [-] 2008-04-15 . 9234F9A97016954CC67C01DA9C4F39C2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll [-] 2008-04-15 . 9234F9A97016954CC67C01DA9C4F39C2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll . [-] 2008-04-15 . FE6417AB01E9A5B124A58BE2B5DB663B . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll [-] 2008-04-15 . FE6417AB01E9A5B124A58BE2B5DB663B . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll . [-] 2012-03-01 . 6E0E7C508B5060F81992D5ED0B1A5556 . 5978624 . . [8.00.6001.19222] . . c:\windows\system32\mshtml.dll [-] 2012-03-01 . 6E0E7C508B5060F81992D5ED0B1A5556 . 5978624 . . [8.00.6001.19222] . . c:\windows\system32\dllcache\mshtml.dll [-] 2012-03-01 . 467D9D5FB15DD88E82768C6F31A7A5D4 . 5980672 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\mshtml.dll [-] 2011-12-19 . 71C5CAC85122664C57634C7268E92DAF . 3616768 . . [7.00.6000.17108] . . c:\windows\ie8\mshtml.dll [-] 2011-12-19 . F87E563432D3A51C73CEC0510D39588C . 3618816 . . [7.00.6000.21310] . . c:\windows\$hf_mig$\KB2647516-IE7\SP3QFE\mshtml.dll [-] 2011-12-17 . 5C55673322584D9F5A32D0971D83858B . 5979136 . . [8.00.6001.19190] . . c:\windows\ie8updates\KB2675157-IE8\mshtml.dll [-] 2011-12-17 . 5C55673322584D9F5A32D0971D83858B . 5979136 . . [8.00.6001.19190] . . c:\windows\SoftwareDistribution\Download\c9f2707a00294cb13687bcaa073af62b\SP3GDR\mshtml.dll [-] 2011-12-17 . 46FE106946083872716147AD223F20C1 . 5980160 . . [8.00.6001.23286] . . c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\mshtml.dll [-] 2011-12-17 . 46FE106946083872716147AD223F20C1 . 5980160 . . [8.00.6001.23286] . . c:\windows\SoftwareDistribution\Download\c9f2707a00294cb13687bcaa073af62b\SP3QFE\mshtml.dll [-] 2011-11-04 . 958ECE072DA2D840BD3658A3AB708F58 . 5978112 . . [8.00.6001.19170] . . c:\windows\ie8updates\KB2647516-IE8\mshtml.dll [-] 2011-11-04 . 958ECE072DA2D840BD3658A3AB708F58 . 5978112 . . [8.00.6001.19170] . . c:\windows\SoftwareDistribution\Download\607c4e82652dceecca4f889cc90a0d88\SP3GDR\mshtml.dll [-] 2011-11-04 . E43D37858B634BDE1E099E92F0202458 . 5978624 . . [8.00.6001.23266] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll [-] 2011-11-04 . E43D37858B634BDE1E099E92F0202458 . 5978624 . . [8.00.6001.23266] . . c:\windows\SoftwareDistribution\Download\607c4e82652dceecca4f889cc90a0d88\SP3QFE\mshtml.dll [-] 2011-11-04 . 73CC5D59D2111D47144521106CCF795E . 3616256 . . [7.00.6000.17107] . . c:\windows\ie7updates\KB2647516-IE7\mshtml.dll [-] 2011-11-04 . 393B067C7B72BAFF18B1E95EE3064301 . 3618304 . . [7.00.6000.21309] . . c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\mshtml.dll [-] 2011-10-03 . 2ECD546FB8594A4C5D807E489045627F . 5971456 . . [8.00.6001.19154] . . c:\windows\SoftwareDistribution\Download\1bb5df68b17c815775b009591758cb01\SP3GDR\mshtml.dll [-] 2011-10-03 . 5AF7AC6924E7CB72D76A796262B1C25E . 5972992 . . [8.00.6001.23250] . . c:\windows\SoftwareDistribution\Download\1bb5df68b17c815775b009591758cb01\SP3QFE\mshtml.dll [-] 2011-09-05 . 17893036294BA90047D9A2AA7D2FDDFC . 3615744 . . [7.00.6000.17104] . . c:\windows\ie7updates\KB2618444-IE7\mshtml.dll [-] 2011-08-18 . 0D08EC4528C97AE03DE4F3E7FE17438B . 3617792 . . [7.00.6000.21306] . . c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\mshtml.dll [-] 2011-07-25 . 03B085EEE1DB5F2E32721CF5C72F7A26 . 5971456 . . [8.00.6001.23216] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll [-] 2011-05-30 . 6DE2D62A51F4C110AA995583B7463487 . 5967360 . . [8.00.6001.23181] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mshtml.dll [-] 2011-02-22 . 80A564DD39C82A79F34F5A093CE1A6BD . 5964800 . . [8.00.6001.23141] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll [-] 2010-12-20 . 55F5920E04513ED481129E5E1DD94772 . 5962240 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll [-] 2010-11-06 . F22C3F322F5291FECDCC13371E3909A4 . 5960704 . . [8.00.6001.23091] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll [-] 2010-09-10 . 90215AE398050E9510A5B71CD222A6FD . 5958656 . . [8.00.6001.23067] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll [-] 2010-06-24 . 4866ECEEFB5964BB1CB081FB3A2A370D . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll [-] 2010-05-06 . E7CD22F3A8247FC3BFD283D30B4674D2 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2618444-IE8\mshtml.dll [-] 2010-05-06 . E7CD22F3A8247FC3BFD283D30B4674D2 . 5950976 . . [8.00.6001.18928] . . c:\windows\SoftwareDistribution\Download\683a60b6a6d129ddadfed78b3a85c27a\SP3GDR\mshtml.dll [-] 2010-05-06 . 47A7DDF5DF0F323F877EEFC75338C4A3 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll [-] 2010-05-06 . 47A7DDF5DF0F323F877EEFC75338C4A3 . 5953024 . . [8.00.6001.23019] . . c:\windows\SoftwareDistribution\Download\683a60b6a6d129ddadfed78b3a85c27a\SP3QFE\mshtml.dll [-] 2010-02-25 . 2399C13AE076A84037794AA0E9BF152A . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll [-] 2009-12-21 . 585A8B2FD6373FC06D6893867754CF74 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll [-] 2009-10-29 . 6D626567986D37E021F44EE66446D515 . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll [-] 2009-10-22 . A7A81279E5D4E79886EB3EE0D8C0B5B0 . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll [-] 2009-08-29 . 618B612AC467401AAF9DE95EC8927372 . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll [-] 2009-07-19 . 2644060A699C0654B609F24CE5A322D8 . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll [-] 2009-07-19 . 2644060A699C0654B609F24CE5A322D8 . 5938176 . . [8.00.6001.22902] . . c:\windows\SoftwareDistribution\Download\d7b096804945f51bfe5205273ce62500\SP3QFE\mshtml.dll [-] 2009-07-19 . AE193ED078F47E6D8130C12422B5335A . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB2586448-IE7\mshtml.dll [-] 2009-07-19 . 2395491A5DAD04A6B58B9F55945EDCFA . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll . [-] 2008-04-15 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL [-] 2008-04-15 12:00 . E826A484EDE25C3AE19F1B8086511F4B . 267536 . . [4.20.6201] . . c:\windows\I386\WIN9XUPG\MSVCRT.DLL [-] 2008-04-15 . 074C38B50CE71E3EC6DD3F6DAABF4EEF . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll [-] 2008-04-15 . 074C38B50CE71E3EC6DD3F6DAABF4EEF . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll [-] 2008-04-15 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll [-] 2008-04-15 . 61E70054981A2F9E64CEA7CA9479C0AA . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll . [-] 2008-06-20 . 74816260AECBE87C473962A359007EEB . 247296 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll [-] 2008-06-20 . 18740E8EC5BE4B6D66FA0E4CBFD3B9C6 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll [-] 2008-06-20 . 18740E8EC5BE4B6D66FA0E4CBFD3B9C6 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll [-] 2008-06-20 . 4522CBE00A9E9EEE36AA82ED4B319148 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll [-] 2008-06-20 . 4522CBE00A9E9EEE36AA82ED4B319148 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll [-] 2008-04-15 . 6BBC05038DF477F12E930A0F99F7D219 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll . [-] 2008-04-15 . E6A7071DF6855AB7CCCC220AC3AAD087 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll [-] 2008-04-15 . E6A7071DF6855AB7CCCC220AC3AAD087 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll . [-] 2008-04-15 . 32167CE0150DC2A269D99689A143FB67 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll [-] 2008-04-15 . 32167CE0150DC2A269D99689A143FB67 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll . [-] 2008-04-15 . 0E3B585761E23C1E35442E972B7E45F9 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll [-] 2008-04-15 . 0E3B585761E23C1E35442E972B7E45F9 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll . [-] 2008-04-15 . E6DCF5DD55AC2655971A478718307D18 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll [-] 2008-04-15 . E6DCF5DD55AC2655971A478718307D18 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll . [-] 2008-04-15 . E410EC73E2BE2A41D923B006F51C8427 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe [-] 2008-04-15 . E410EC73E2BE2A41D923B006F51C8427 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe . [-] 2008-04-15 . 2BC9FB448F0C2394FF53C83A7BB04731 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll [-] 2008-04-15 . 2BC9FB448F0C2394FF53C83A7BB04731 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll . [-] 2008-04-15 . 4CF588D2F2363B73EB4AF57967D46DFF . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2008-04-15 . 4CF588D2F2363B73EB4AF57967D46DFF . 580096 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll . [-] 2008-04-15 . 6818A533ED3B2FA9936DF3DAF45352DF . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe [-] 2008-04-15 . 6818A533ED3B2FA9936DF3DAF45352DF . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe . [-] 2012-03-01 . CFF17B16BFF8179FBBA29075245E8BE1 . 916992 . . [8.00.6001.19222] . . c:\windows\system32\wininet.dll [-] 2012-03-01 . CFF17B16BFF8179FBBA29075245E8BE1 . 916992 . . [8.00.6001.19222] . . c:\windows\system32\dllcache\wininet.dll [-] 2012-03-01 . B2E54BC4C5B399547EE3C8188DBBA509 . 919552 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\wininet.dll [-] 2011-12-19 . 854C1E4016C2BFC83D81B9F584557B4F . 832512 . . [7.00.6000.17108] . . c:\windows\ie8\wininet.dll [-] 2011-12-19 . C9EB7661FEC49366FCDBBB4EDE5B1B21 . 841216 . . [7.00.6000.21310] . . c:\windows\$hf_mig$\KB2647516-IE7\SP3QFE\wininet.dll [-] 2011-12-17 . 03CB14FB6B75EC8AC2FDEC54E904C30B . 916992 . . [8.00.6001.19190] . . c:\windows\ie8updates\KB2675157-IE8\wininet.dll [-] 2011-12-17 . 03CB14FB6B75EC8AC2FDEC54E904C30B . 916992 . . [8.00.6001.19190] . . c:\windows\SoftwareDistribution\Download\c9f2707a00294cb13687bcaa073af62b\SP3GDR\wininet.dll [-] 2011-12-17 . 38C3CDBC40464D40C7B716C8E154B86C . 919552 . . [8.00.6001.23286] . . c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\wininet.dll [-] 2011-12-17 . 38C3CDBC40464D40C7B716C8E154B86C . 919552 . . [8.00.6001.23286] . . c:\windows\SoftwareDistribution\Download\c9f2707a00294cb13687bcaa073af62b\SP3QFE\wininet.dll [-] 2011-11-04 . D47FE623B45DF066647469DB73AE3215 . 916992 . . [8.00.6001.19165] . . c:\windows\ie8updates\KB2647516-IE8\wininet.dll [-] 2011-11-04 . D47FE623B45DF066647469DB73AE3215 . 916992 . . [8.00.6001.19165] . . c:\windows\SoftwareDistribution\Download\607c4e82652dceecca4f889cc90a0d88\SP3GDR\wininet.dll [-] 2011-11-04 . A484703720C95391777DF05F2458FEF8 . 919552 . . [8.00.6001.23261] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll [-] 2011-11-04 . A484703720C95391777DF05F2458FEF8 . 919552 . . [8.00.6001.23261] . . c:\windows\SoftwareDistribution\Download\607c4e82652dceecca4f889cc90a0d88\SP3QFE\wininet.dll [-] 2011-10-31 . 515B874063EF9540688B36D1E336E6E9 . 832512 . . [7.00.6000.17106] . . c:\windows\ie7updates\KB2647516-IE7\wininet.dll [-] 2011-10-31 . 57FBC44D9364BE41A4D915092A4ADCF9 . 841216 . . [7.00.6000.21308] . . c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\wininet.dll [-] 2011-08-22 . 381FDBF8A25C7629696E5EE2B213F8CC . 916480 . . [8.00.6001.19131] . . c:\windows\SoftwareDistribution\Download\1bb5df68b17c815775b009591758cb01\SP3GDR\wininet.dll [-] 2011-08-22 . EDD945F6C0630DB8453673DF9E7B009E . 919552 . . [8.00.6001.23227] . . c:\windows\SoftwareDistribution\Download\1bb5df68b17c815775b009591758cb01\SP3QFE\wininet.dll [-] 2011-08-17 . 1474A411C7759616ADE5A10B3C7F55BB . 832512 . . [7.00.6000.17103] . . c:\windows\ie7updates\KB2618444-IE7\wininet.dll [-] 2011-08-17 . B885ECA534FF8FBE6EAF7B1950B04A7D . 841216 . . [7.00.6000.21306] . . c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\wininet.dll [-] 2011-06-23 . 3BC2081CD791584B4ED373F3B4959CC8 . 919552 . . [8.00.6001.23192] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll [-] 2011-04-25 . 00F17371D9145B114061564BDABD8C24 . 919552 . . [8.00.6001.23165] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll [-] 2011-02-22 . CC5AE9A79DA18AFD29FB7CF95F23A143 . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll [-] 2010-12-20 . 21A739156ED963C45419D3EB02E44F0C . 919552 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll [-] 2010-11-06 . 51964C721E751FD4E798252CC0E4FFB9 . 919552 . . [8.00.6001.23084] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll [-] 2010-09-10 . 5D081F5E3E46966C4F63D32231C93511 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll [-] 2010-06-24 . 8168F7D81CD04C83D7E04F3981A7D0F5 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll [-] 2010-05-06 . 109D1EFA1C0BC4EC65EBA39707F31A19 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2618444-IE8\wininet.dll [-] 2010-05-06 . 109D1EFA1C0BC4EC65EBA39707F31A19 . 916480 . . [8.00.6001.18923] . . c:\windows\SoftwareDistribution\Download\683a60b6a6d129ddadfed78b3a85c27a\SP3GDR\wininet.dll [-] 2010-05-06 . A319118B77A91EB08AB2BF098D91900E . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll [-] 2010-05-06 . A319118B77A91EB08AB2BF098D91900E . 919040 . . [8.00.6001.23014] . . c:\windows\SoftwareDistribution\Download\683a60b6a6d129ddadfed78b3a85c27a\SP3QFE\wininet.dll [-] 2010-02-25 . BB424C9406140FEAFB4732025BEBB69B . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll [-] 2009-12-21 . 4C145AB616871611FCE38F053C75807C . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll [-] 2009-10-29 . D906535CAB4BB8A60AC060351EDE159F . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll [-] 2009-08-29 . 977886782C8F7ACA874BE770C48FF75C . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll [-] 2009-07-03 . AE9E8D0E50D9D874B5AAFB8B74E9FAAC . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll [-] 2009-07-03 . AE9E8D0E50D9D874B5AAFB8B74E9FAAC . 915456 . . [8.00.6001.22896] . . c:\windows\SoftwareDistribution\Download\d7b096804945f51bfe5205273ce62500\SP3QFE\wininet.dll [-] 2009-07-03 . 8BF5136BEFB6712E8890BDC9ED123182 . 915456 . . [8.00.6001.18806] . . c:\windows\SoftwareDistribution\Download\d7b096804945f51bfe5205273ce62500\SP3GDR\wininet.dll [-] 2009-06-29 . 6D1BBF88D2A5B945E3400FFBBDE02BEC . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll [-] 2009-06-29 . EDC6957F57E68F6450D961CFDE4FD1F5 . 827392 . . [7.00.6000.16876] . . c:\windows\ie7updates\KB2586448-IE7\wininet.dll [-] 2009-04-29 . D5E276ADDE1400549B5678873A804E6F . 827392 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll [-] 2009-04-29 . 478A5E95C6121A98673EE33DFCBE3400 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll [-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll [-] 2009-03-03 . 78B519AC87AD7256C24EF44279EFD694 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll [-] 2009-03-03 . C2A37E9F4096B019694A7519C5FFB2A0 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll [-] 2008-12-20 . 6A77C48E137A73FFD1408F1A71C5184C . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll [-] 2008-12-20 . DB4777DBC853EAC790E3DBDB68FFB1A1 . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll [-] 2008-04-23 . A4092ABA7528A8AEA6EAF7B5AA989FAD . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll [-] 2008-04-23 . 49ECC612EE5B23CA669A1EB15EE6DB3E . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll [-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll . [-] 2008-04-15 . 520391367546218929749612ABFE840C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll [-] 2008-04-15 . 520391367546218929749612ABFE840C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll . [-] 2008-04-15 . 7ED22EA6D840CD388BD68B68580468E1 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll [-] 2008-04-15 . 7ED22EA6D840CD388BD68B68580468E1 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll . [-] 2008-04-15 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-15 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe . [-] 2008-04-15 . E67C9B97306DEEFBB481072CE5FF8E07 . 153088 . . [5.1.2600.5512] . . c:\windows\regedit.exe [-] 2008-04-15 . E67C9B97306DEEFBB481072CE5FF8E07 . 153088 . . [5.1.2600.5512] . . c:\windows\I386\REGEDIT.EXE [-] 2008-04-15 . E67C9B97306DEEFBB481072CE5FF8E07 . 153088 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe . [-] 2011-11-01 . DB355CEF2B35481C21DD213C28560E86 . 1288192 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll [-] 2011-11-01 . DB355CEF2B35481C21DD213C28560E86 . 1288192 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll [-] 2011-11-01 . 02AF8E4C7B851A213AC70BF6DD6E3537 . 1288704 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll [-] 2010-07-16 . AD2B41BEAB5BB7A258F6A2CCDCA09B82 . 1287680 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll [-] 2010-07-16 . 57F12B548695C680421CD1EB8169A1C8 . 1288704 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll [-] 2008-04-15 . B2EE0E38A8025D6D7A7F3EEC8CA2829E . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll . [-] 2010-04-16 . 36BA0AAABD0AA4798403CB3FF08D5DDD . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll [-] 2010-04-16 . 36BA0AAABD0AA4798403CB3FF08D5DDD . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll [-] 2010-04-16 . 7BB3922CB9973877D2BF4C7222EA8E70 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll [-] 2008-04-15 . 0996802B726C0CFE94A44CDBD661983A . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll . [-] 2008-04-14 . 2D54DB081CDACF8C0B738B9F25B25DCD . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll [-] 2008-04-14 . 2D54DB081CDACF8C0B738B9F25B25DCD . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll . [-] 2008-04-15 . E98A8C802CDB31FCF4121D9DFBEA3677 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [-] 2008-04-15 . E98A8C802CDB31FCF4121D9DFBEA3677 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe . [-] 2009-07-27 . 2D5D4156292150FE571872C1B88E9299 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll [-] 2009-07-27 . 2D5D4156292150FE571872C1B88E9299 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll [-] 2009-07-27 . C28A9E9D28ACDAF8097BE4578C49559B . 135680 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll [-] 2008-04-15 . CFB406497D9CF95DFFE17594899FD367 . 135680 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll . [-] 2008-04-15 . 81CBF363C414620CAA61BD6843D8FDB9 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll [-] 2008-04-15 . 81CBF363C414620CAA61BD6843D8FDB9 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll . [-] 2008-04-15 . 6F1E5DBA783B147536659395D7B15485 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe [-] 2008-04-15 . 6F1E5DBA783B147536659395D7B15485 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe . [-] 2008-04-15 . FD3C38635808920F8235BF2FED642F54 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll [-] 2008-04-15 . FD3C38635808920F8235BF2FED642F54 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll . [-] 2008-04-15 . CA64B9406EEDA4FFA2DAEAE1DABCCE42 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll [-] 2008-04-15 . CA64B9406EEDA4FFA2DAEAE1DABCCE42 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll . [-] 2008-04-15 . 328CBDD2445F5B3A047644567EEB557F . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll [-] 2008-04-15 . 328CBDD2445F5B3A047644567EEB557F . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll . [-] 2008-04-15 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys [-] 2008-04-15 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys . [-] 2008-04-15 . 2FD5B89BF9289C774C5C730DEA96CD91 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll [-] 2008-04-15 . 2FD5B89BF9289C774C5C730DEA96CD91 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll . [-] 2008-04-15 . 7C288AE0F75CB18CFF1DF6179A67AD8F . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll [-] 2008-04-15 . 7C288AE0F75CB18CFF1DF6179A67AD8F . 193536 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll . [-] 2008-04-15 . 5B9D0DE64BE96A806819516440FD211C . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll [-] 2008-04-15 . 5B9D0DE64BE96A806819516440FD211C . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll . [-] 2008-04-15 . E0AEF86A594C9990D6321C5CA239C5B7 . 297472 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll [-] 2008-04-15 . E0AEF86A594C9990D6321C5CA239C5B7 . 297472 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll . [-] 2008-04-15 . 6F18B42068D29B1F6F283DC37057836D . 347648 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll [-] 2008-04-15 . 6F18B42068D29B1F6F283DC37057836D . 347648 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll . [-] 2008-04-15 . 63F517B1A87DABF3F5ACB8A7952FC1D1 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys . [-] 2008-04-13 20:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys [-] 2008-04-13 20:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys . [-] 2008-04-15 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys [-] 2008-04-15 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys . [-] 2010-09-18 07:18 . C7F383764824117AEE9C3ED0FCA78044 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll [-] 2010-09-18 06:53 . 7892005CE5CDC809783F452B21FAF58F . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll [-] 2010-09-18 06:53 . 7892005CE5CDC809783F452B21FAF58F . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll [-] 2008-04-15 12:00 . 2407EADA5E2E146AB51E925F151DDAA5 . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll . [-] 2008-04-15 . C56A45A03DCA11712DE9FDF98224230B . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll [-] 2008-04-15 . C56A45A03DCA11712DE9FDF98224230B . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll . [-] 2008-04-15 12:00 . 2628076412EC86C92827AE5202501E5D . 52736 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll [-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll [-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll . [-] 2011-10-26 . 2820129F67352B99B032DE2CF328C767 . 2073728 . . [5.1.2600.6165] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe [-] 2011-10-26 . 2820129F67352B99B032DE2CF328C767 . 2073728 . . [5.1.2600.6165] . . c:\windows\system32\dllcache\ntkrnlpa.exe [-] 2011-10-26 . 8CAD5FC3D068F6164028EDAB20B8666F . 2031616 . . [5.1.2600.6165] . . c:\windows\system32\ntkrnlpa.exe [-] 2011-10-26 . 769A1C9E9641DCED4D0AC50968ADDA4E . 2073728 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe [-] 2010-12-09 . BAD22963CD6046C0B2834D2BFFAB56B5 . 2073728 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe [-] 2010-12-09 . 2DB8EA01CD063A7723299FDBDCCAC82B . 2031616 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntkrnlpa.exe [-] 2010-04-28 . 75EA98BC36C13E976653400F8183D356 . 2071296 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe [-] 2010-04-28 . 6A55E209D8DC13CDA67C86AE4FBF72C2 . 2029056 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe [-] 2010-02-16 . 8734043A9B2FD911BA85A8A08F202B91 . 2029056 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe [-] 2010-02-16 . 7C4F935FC449E4D27C685A5BC1792664 . 2071296 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe [-] 2009-08-04 . AB21A63A3B15653043E71126E5BBE3DE . 2070528 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe [-] 2009-08-04 . BAF4A9062EBB03002F07C56F73DA9FA0 . 2028544 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe [-] 2009-02-09 . 6DCC1CE955F33EC4C0CE271BFA5D3310 . 2028544 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe [-] 2009-02-09 . 07EE73D79A7CA142463470AEF230082B . 2070528 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe [-] 2008-08-14 . DE961B54D30C7DD6AA6C3BD27D584E30 . 2070400 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe [-] 2008-08-14 . E13B0F6208EAB1ECB9EBCE5D6E866268 . 2028544 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe [-] 2008-04-15 . 1B3709F568AF90FDB935FD017C92E5E9 . 2028544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe . [-] 2008-04-15 12:00 . AC1A78237B53044735693633F8235468 . 437248 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll [-] 2008-04-15 12:00 . AC1A78237B53044735693633F8235468 . 437248 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll . [-] 2008-04-15 . 01653D6C9604F1FB31A76EC94E08954F . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll [-] 2008-04-15 . 01653D6C9604F1FB31A76EC94E08954F . 186368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll . [-] 2008-04-15 . 3A9974C925F4500BFF226F61DE1C4AF8 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll [-] 2008-04-15 . 3A9974C925F4500BFF226F61DE1C4AF8 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll . [-] 2008-04-15 . 85F98F220C5E69E08149186BFEEF7B70 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll [-] 2008-04-15 . 85F98F220C5E69E08149186BFEEF7B70 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll . [-] 2008-04-15 . 7D2ABE7AA2D6CBC1CB0A1EB8B2619FCF . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll [-] 2008-04-15 . 7D2ABE7AA2D6CBC1CB0A1EB8B2619FCF . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll . [-] 2008-04-15 12:00 . 6508ED3152C29B28B5E9183160DD2686 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll [-] 2008-04-15 12:00 . 6508ED3152C29B28B5E9183160DD2686 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll . [-] 2008-04-15 . E62337E275E82AA3F0ABFFED7E6E01E2 . 41472 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll [-] 2008-04-15 . E62337E275E82AA3F0ABFFED7E6E01E2 . 41472 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll . [-] 2008-04-15 . 85844EC167674A67F547E13747E3E0E3 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll [-] 2008-04-15 . 85844EC167674A67F547E13747E3E0E3 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll . [-] 2011-10-26 . 8E305C5AC846388E99C1204D619AE77A . 2197120 . . [5.1.2600.6165] . . c:\windows\Driver Cache\i386\ntoskrnl.exe [-] 2011-10-26 . 8E305C5AC846388E99C1204D619AE77A . 2197120 . . [5.1.2600.6165] . . c:\windows\system32\dllcache\ntoskrnl.exe [-] 2011-10-26 . C8BAA79324ABD85E5B317CD00D3EFC2D . 2153472 . . [5.1.2600.6165] . . c:\windows\system32\ntoskrnl.exe [-] 2011-10-26 . CA76947F97276D52D4731EA2364ECBD8 . 2197120 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe [-] 2010-12-09 . 431D614A7395BADB939FE552DBDD8723 . 2197120 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe [-] 2010-12-09 . 5D23EB1B99728FBC24AE6B989128D261 . 2153472 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntoskrnl.exe [-] 2010-04-28 . B101D9AB9CCC09F2DDCF8B6C684CD939 . 2150912 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe [-] 2010-04-28 . 59582F46CAAAA049DB613B4005AF57B5 . 2194432 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe [-] 2010-02-16 . DA6465E0F6BBA4618E40C3D36B263866 . 2150912 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe [-] 2010-02-16 . B79C48187CA08D2EC27DA4939953F082 . 2194432 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe [-] 2009-08-04 . 0BAEA30E3FE87E5C09899ED37F52C714 . 2149888 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe [-] 2009-08-04 . 2F1443AB72A64182FD8258BBAE801EA7 . 2193664 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe [-] 2009-02-10 . 7625D5BAFD2A4A8458468B139C893BB7 . 2193536 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe [-] 2009-02-09 . AAC6BB111B1ACEAFCD3D3AD569BA3DD3 . 2149888 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe [-] 2008-08-14 . E332B6DE826D4222A758E3264AD8D520 . 2193536 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe [-] 2008-08-14 . A14FB47B054DAEF42BE7C0D590407875 . 2149888 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe [-] 2008-04-15 . F13A2B659A51AA340F5596E7D604864B . 2149888 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe . [-] 2008-04-15 . 81CBF363C414620CAA61BD6843D8FDB9 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll [-] 2008-04-15 . 81CBF363C414620CAA61BD6843D8FDB9 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll . [-] 2008-04-15 . 390D8E65F362327AD510B08971478301 . 176128 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll [-] 2008-04-15 . 390D8E65F362327AD510B08971478301 . 176128 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\w32time.dll . [-] 2008-04-15 . 5AE996186D2DC694FEF88F14A3FC9242 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll [-] 2008-04-15 . 5AE996186D2DC694FEF88F14A3FC9242 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll . [-] 2008-04-15 . 5203C84A11E39CBB1408F5E2767B04ED . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll [-] 2008-04-15 . 5203C84A11E39CBB1408F5E2767B04ED . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll . [-] 2008-04-15 . 3D5CC4BFF926A0ABD4F5A117825629A3 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll [-] 2008-04-15 . 3D5CC4BFF926A0ABD4F5A117825629A3 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-04-28 08:03 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-04-28 2067328] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 -c--a-w- c:\documents and settings\Akke\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 -c--a-w- c:\documents and settings\Akke\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 -c--a-w- c:\documents and settings\Akke\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 -c--a-w- c:\documents and settings\Akke\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-15 110592] "RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-24 102400] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504] "FIC HotKey"="c:\program files\Hotkey Utility\tray.exe" [2008-08-28 770048] "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-04-28 1116544] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] "fsc-reg"="c:\fsc-reg\fscreg.exe" [2008-07-03 375296] . c:\documents and settings\Akke\Menu Start\Programma's\Opstarten\ Dropbox.lnk - c:\documents and settings\Akke\Application Data\Dropbox\bin\Dropbox.exe [2012-2-15 24246216] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-3-14 2938184] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 00:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2010-09-10 16:20 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Documents and Settings\\Akke\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 4:50 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31-1-2012 4:46 31952] R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22-2-2012 5:25 235216] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19-3-2012 5:17 301248] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-2-2010 20:25 12872] R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [10-5-2010 20:41 67656] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 4:53 193288] R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [28-4-2012 10:03 932736] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232] R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [24-9-2008 4:19 153600] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8-4-2012 11:27 5158992] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 14:16 130384] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\applic\FIREBIRD\bin\fbguard.exe -s --> c:\applic\FIREBIRD\bin\fbguard.exe -s [?] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6-8-2010 13:43 136176] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [5-2-2012 14:30 30312] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\applic\FIREBIRD\bin\fbserver.exe -s --> c:\applic\FIREBIRD\bin\fbserver.exe -s [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6-8-2010 13:43 136176] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [4-2-2012 11:08 16472] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [4-2-2012 11:08 11104] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [5-2-2012 14:30 121064] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [5-2-2012 14:30 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [5-2-2012 14:30 136808] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [5-2-2012 14:30 114280] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 14:16 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 11:42] . 2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 11:42] . . ------- Bijkomende Scan ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll TCP: DhcpNameServer = 192.168.1.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe MSConfigStartUp-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe MSConfigStartUp-KiesPDLR - c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MSConfigStartUp-KiesTrayAgent - c:\program files\Samsung\Kies\KiesTrayAgent.exe MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-05-01 21:38 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-842764252-4073206757-2019703616-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1076) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . Voltooingstijd: 2012-05-01 21:45:54 ComboFix-quarantined-files.txt 2012-05-01 19:45 . Pre-Run: 2.632.478.720 bytes beschikbaar Post-Run: 2.889.449.472 bytes beschikbaar . WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 97EAE027785A3D3B11E0DFBC8E54DC79

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:42:57, on 30-4-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\AVG\AVG2012\avgidsagent.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Hotkey Utility\tray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\AVG Secure Search\vprot.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Documents and Settings\Akke\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\Akke\Bureaublad\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [uCam_Menu] "c:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [FIC HotKey] C:\Program Files\Hotkey Utility\tray.exe O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Akke\Application Data\Dropbox\bin\Dropbox.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1284314995906 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\APPLIC\FIREBIRD\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\APPLIC\FIREBIRD\bin\fbserver.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: vToolbarUpdater11.0.2 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- End of file - 9680 bytes

Het is gelukt, AVG q012 is nu geinstalleerd

Ik heb net geprobeerd AVG9 te deinstalleren zodat ik een nieuwere versie kan installeren. Het deinstalleren is niet gelukt, kreeg onderstaande fout melding. Lokale computer: installatie mislukt Installatie: Fout: Actie is mislukt voor registersleutel HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: registersleutel maken…. Toegang geweigerd. Hoe kan ik dit oplossen?

De gevraagde logs: Malwarebytes Anti-Malware 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: v2012.04.27.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Akke :: UW-F4D985C6B5AC [administrator] 27-4-2012 21:31:41 mbam-log-2012-04-27 (21-31-41).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 224992 Verstreken tijd: 23 minuut/minuten, 48 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 27 HKCR\CLSID\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ironsource.searchyadskBnd.1 (PUP.SearchYa) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ironsource.searchyadskBnd (PUP.SearchYa) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\funmoods.dskBnd (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\f (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25927741-5E5B-4D27-8D8B-9188FE64373F} (PUP.SearchYa) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F} (PUP.SearchYa) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FUNMOODS (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods|UninstallString (PUP.Funmoods) -> Data: "C:\Program Files\Funmoods\funmoods\1.5.11.16\uninstall.exe" -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 2 C:\Program Files\Funmoods\funmoods\1.5.11.16 (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Funmoods\funmoods\1.5.11.16\bh (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. Bestanden gedetecteerd: 8 C:\Program Files\Ironsource\searchya\1.5.13.0\searchyaTlbr.dll (PUP.SearchYa) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodssrv.exe (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsApp.dll (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsEng.dll (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Akke\Mijn documenten\Downloads\mindjet.mindmanager.9.for.mac.keygen.crack.sitx.exe (PUP.Adware.Agent) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Funmoods\funmoods\1.5.11.16\uninstall.exe (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:07:22, on 27-4-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Hotkey Utility\tray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Documents and Settings\Akke\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Opera\Opera.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Documents and Settings\Akke\Bureaublad\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [uCam_Menu] "c:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [FIC HotKey] C:\Program Files\Hotkey Utility\tray.exe O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Akke\Application Data\Dropbox\bin\Dropbox.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1284314995906 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\APPLIC\FIREBIRD\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\APPLIC\FIREBIRD\bin\fbserver.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 8407 bytes

Na jullie geweldige hulp aan de laptop van m'n vrouw, deze loopt weer geweldig. Valt het pas op hoe traag mijn eigen laptop is. Zouden jullie mij kunnen ondersteunen bij het cleanen van deze laptop? Ik ben zo vrij geweest alvast een Hijackthis te maken: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:47:19, on 26-4-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Hotkey Utility\tray.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\BrowserCompanion\BCHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Documents and Settings\Akke\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\PDFCreator\PDFCreator.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Opera\Opera.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Akke\Local Settings\Application Data\Opera\Opera\temporary_downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:64808 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F3 - REG:win.ini: load=C:\DOCUME~1\Akke\LOCALS~1\Temp\csrss.exe O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Ironsource LTD Helper Object - {25927741-5E5B-4D27-8D8B-9188FE64373F} - C:\Program Files\Ironsource\searchya\1.5.13.0\bh\searchya.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: SearchYa Toolbar - {33AA308B-B565-4376-AC66-59EE9B6AD13E} - C:\Program Files\Ironsource\searchya\1.5.13.0\searchyaTlbr.dll O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [uCam_Menu] "c:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [FIC HotKey] C:\Program Files\Hotkey Utility\tray.exe O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 /CHI={$CHROM_GUID_UNINSTALLS} O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Akke\Application Data\Dropbox\bin\Dropbox.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1284314995906 O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\APPLIC\FIREBIRD\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\APPLIC\FIREBIRD\bin\fbserver.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 10624 bytes

We hebben de laptop nu een paar dagen gebruikt, en de problemen lijken te zijn opgelost. Onze dank daar voor, Groet John

http://speccy.piriform.com/results/4gkXdVkgE06dAveNVCYgX15

In het mapje HT heb ik HijackThis tijdelijk opgeslagen. De laptop start nu stukken sneller op, werkt sneller. Maar loopt nog steeds geregeld vast, ik was net bezig met kopieren van een groot bestand van de hardeschijf naar een memorystick, daar loopt ie steeds op vast. Hardschijfled geen geen activiteiten aan, en bij het starten van programma's via startmenu krijg ik even een zandloper te zien en dan stopt het. hardeschijf laat geen activiteiten zien. Klok loopt nu wel door. ---------- Post toegevoegd om 21:21 ---------- Vorige post was om 21:08 ---------- Update: Had net een volledige vastloper: Muis vast en klok blijft stilstaan, als het ware bevroren

ComboFix 12-04-09.01 - Gebruiker 09-04-2012 18:21:58.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3061.1762 [GMT 2:00] Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Gebruiker\Desktop\CFScript.txt AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2} SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\found.000 c:\found.000\dir0000.chk\backup\compat12.txt c:\found.000\dir0000.chk\backup\incavi.avm c:\found.000\dir0000.chk\backup\info.enc c:\found.000\dir0000.chk\backup\internalList.dat c:\found.000\dir0000.chk\backup\sb.dat c:\found.000\dir0000.chk\backup\sc.dat c:\found.000\dir0000.chk\download\avg10infoavi.ctf c:\found.000\dir0000.chk\download\avg10infowin.ctf c:\found.000\dir0000.chk\download\u10iavi4920u4919lz.bin c:\found.000\dir0000.chk\prepare\incavi.avm c:\found.000\file0000.chk C:\found.001 c:\found.001\dir0000.chk\gebruiker@live[4].txt c:\found.001\dir0000.chk\gebruiker@windowsmarketplace[4].txt c:\found.001\file0000.chk c:\program files\Application Updater c:\program files\Application Updater\ApplicationUpdater.exe c:\program files\Application Updater\config.ini c:\program files\Common Files\Spigot c:\program files\Common Files\Spigot\Search Settings\baidu_ff.xml c:\program files\Common Files\Spigot\Search Settings\baidu_ie.xml c:\program files\Common Files\Spigot\Search Settings\config.ini c:\program files\Common Files\Spigot\Search Settings\Lang\res1031.ini c:\program files\Common Files\Spigot\Search Settings\Lang\res1033.ini c:\program files\Common Files\Spigot\Search Settings\Lang\res1034.ini c:\program files\Common Files\Spigot\Search Settings\Lang\res1036.ini c:\program files\Common Files\Spigot\Search Settings\Lang\res1040.ini c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe c:\program files\Common Files\Spigot\Search Settings\wth.dll c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml c:\program files\Common Files\Spigot\Search Settings\yandex_ff.xml c:\program files\Common Files\Spigot\Search Settings\yandex_ie.xml c:\program files\Funmoods c:\program files\pdfforge Toolbar c:\program files\pdfforge Toolbar\IE\5.2\config.ini c:\program files\pdfforge Toolbar\Res\amazon.gif c:\program files\pdfforge Toolbar\Res\dropinsavings.gif c:\program files\pdfforge Toolbar\Res\dropinsavingsabt.gif c:\program files\pdfforge Toolbar\Res\ebay.gif c:\program files\pdfforge Toolbar\Res\facebook.gif c:\program files\pdfforge Toolbar\Res\googleplus.gif c:\program files\pdfforge Toolbar\Res\icon_settings.gif c:\program files\pdfforge Toolbar\Res\Lang\res1031.ini c:\program files\pdfforge Toolbar\Res\Lang\res1033.ini c:\program files\pdfforge Toolbar\Res\Lang\res1034.ini c:\program files\pdfforge Toolbar\Res\Lang\res1036.ini c:\program files\pdfforge Toolbar\Res\Lang\res1040.ini c:\program files\pdfforge Toolbar\Res\pdfc_branding.gif c:\program files\pdfforge Toolbar\Res\pdfc_branding_hover.gif c:\program files\pdfforge Toolbar\Res\pdfc_icon.gif c:\program files\pdfforge Toolbar\Res\pdfc_portal_logo.gif c:\program files\pdfforge Toolbar\Res\radio-close.gif c:\program files\pdfforge Toolbar\Res\radio-minimize.gif c:\program files\pdfforge Toolbar\Res\radiobeta.gif c:\program files\pdfforge Toolbar\Res\search-button-hover.gif c:\program files\pdfforge Toolbar\Res\search-button.gif c:\program files\pdfforge Toolbar\Res\search-chevron-hover.gif c:\program files\pdfforge Toolbar\Res\search-chevron.gif c:\program files\pdfforge Toolbar\Res\search_amazon.gif c:\program files\pdfforge Toolbar\Res\search_baidu.gif c:\program files\pdfforge Toolbar\Res\search_ebay.gif c:\program files\pdfforge Toolbar\Res\search_yahoo.gif c:\program files\pdfforge Toolbar\Res\search_yandex.gif c:\program files\pdfforge Toolbar\Res\twitter.gif c:\program files\pdfforge Toolbar\Res\widgets.xml c:\program files\pdfforge Toolbar\WidgiHelper.exe c:\users\GEBRUI~1\AppData\Local\Temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecureRT.dll c:\users\Gebruiker\AppData\Local\Temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecureRT.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))) . . 2012-04-09 16:53 . 2012-04-09 16:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-09 14:19 . 2012-04-09 16:55 -------- d-----w- c:\users\Gebruiker\AppData\Local\temp 2012-04-09 08:48 . 2012-04-09 08:48 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Malwarebytes 2012-04-09 08:48 . 2012-04-09 09:02 -------- d-----w- c:\programdata\Malwarebytes 2012-04-09 08:48 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-09 08:48 . 2012-04-09 08:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-08 20:14 . 2012-04-09 10:21 -------- d-----w- C:\HT 2012-04-07 19:44 . 2012-04-07 19:44 -------- d-----w- C:\$AVG . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-18 14:55 . 2012-01-31 09:41 922184 ----a-w- c:\windows\system32\pwNative.exe 2012-01-18 14:55 . 2012-01-31 09:41 16472 ------w- c:\windows\system32\pwdrvio.sys 2012-01-18 14:55 . 2012-01-31 09:41 11104 ------w- c:\windows\system32\pwdspio.sys 2010-09-13 17:20 . 2010-02-23 10:19 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-12 39408] "KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-01-04 937872] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-01-04 3508624] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-01-04 21392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360] "PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-22 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-22 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-22 133656] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712] "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520] "PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-13 30192] "dcmsvc"="c:\program files\dcmsvc\dcmsvc.exe" [2009-04-07 30440] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-10-02 161336] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] Warner Bros.lnk - c:\program files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Inhoud van de 'Gedeelde Taken' map . 2012-04-02 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-25 10:56] . 2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 18:29] . 2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 18:29] . 2012-02-24 c:\windows\Tasks\Norton Security Scan for Gebruiker.job - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2010-11-12 15:45] . 2012-04-09 c:\windows\Tasks\User_Feed_Synchronization-{104646A5-D3F3-4B07-8D2E-62A22E72C78C}.job - c:\windows\system32\msfeedssync.exe [2011-06-16 04:32] . . ------- Bijkomende Scan ------- . mStart Page = hxxp://www.tinit.org/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-04-09 18:54 Windows 6.0.6001 Service Pack 1 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(4064) c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\WLANExt.exe c:\program files\Microsoft\BingBar\BBSvc.EXE c:\program files\Microsoft\BingBar\SeaPort.EXE c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe c:\acer\Empowering Technology\eLock\Service\eLockServ.exe c:\acer\Empowering Technology\eNet\eNet Service.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Motive\McciCMService.exe c:\acer\Mobility Center\MobilityService.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\system32\DRIVERS\xaudio.exe c:\acer\Empowering Technology\ePower\ePowerSvc.exe c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe c:\acer\Empowering Technology\eSettings\Service\capuserv.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\conime.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Voltooingstijd: 2012-04-09 19:01:23 - machine werd herstart ComboFix-quarantined-files.txt 2012-04-09 17:01 ComboFix2.txt 2012-04-09 14:18 . Pre-Run: 60.498.776.064 bytes beschikbaar Post-Run: 60.235.694.080 bytes beschikbaar . - - End Of File - - 0C1F6394B6B7E408D531EFB807FAB349

De gevraagde log: ComboFix 12-04-09.01 - Gebruiker 09-04-2012 15:57:44.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3061.1858 [GMT 2:00] Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2} SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\GEBRUI~1\AppData\Local\Temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecureRT.dll c:\users\Gebruiker\AppData\Local\Temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecureRT.dll c:\users\Gebruiker\AppData\Roaming\.# c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4 .lnk c:\users\Public\invokesi.exe c:\windows\IsUn0413.exe c:\windows\system32\system32 c:\windows\system32\system32\3DAudio.ax c:\windows\system32\system32\avrt.dll c:\windows\system32\system32\cis-2.4.dll c:\windows\system32\system32\issacapi_bs-2.3.dll c:\windows\system32\system32\issacapi_pe-2.3.dll c:\windows\system32\system32\issacapi_se-2.3.dll c:\windows\system32\system32\MACXMLProto.dll c:\windows\system32\system32\MaDRM.dll c:\windows\system32\system32\MaJGUILib.dll c:\windows\system32\system32\MAMACExtract.dll c:\windows\system32\system32\MASetupCleaner.exe c:\windows\system32\system32\MaXMLProto.dll c:\windows\system32\system32\mfplat.dll c:\windows\system32\system32\MK_Lyric.dll c:\windows\system32\system32\MSCLib.dll c:\windows\system32\system32\MSFLib.dll c:\windows\system32\system32\MSLUR71.dll c:\windows\system32\system32\msvcp60.dll c:\windows\system32\system32\MTTELECHIP.dll c:\windows\system32\system32\MTXSYNCICON.dll c:\windows\system32\system32\muzaf1.dll c:\windows\system32\system32\muzapp.dll c:\windows\system32\system32\muzapp.exe c:\windows\system32\system32\muzdecode.ax c:\windows\system32\system32\muzeffect.ax c:\windows\system32\system32\muzmp4sp.ax c:\windows\system32\system32\muzmpgsp.ax c:\windows\system32\system32\muzoggsp.ax c:\windows\system32\system32\muzwmts.dll c:\windows\system32\system32\psapi.dll D:\install.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))) . . 2012-04-09 10:35 . 2012-04-09 10:35 -------- d-----w- C:\found.001 2012-04-09 10:12 . 2012-04-09 10:12 -------- d-----w- C:\found.000 2012-04-09 08:48 . 2012-04-09 08:48 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Malwarebytes 2012-04-09 08:48 . 2012-04-09 09:02 -------- d-----w- c:\programdata\Malwarebytes 2012-04-09 08:48 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-09 08:48 . 2012-04-09 08:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-08 20:14 . 2012-04-09 10:21 -------- d-----w- C:\HT 2012-04-08 18:42 . 2012-04-08 18:42 -------- d-----w- c:\program files\Application Updater 2012-04-08 18:42 . 2012-04-08 18:42 -------- d-----w- c:\program files\pdfforge Toolbar 2012-04-08 18:42 . 2012-04-08 18:42 -------- d-----w- c:\program files\Common Files\Spigot 2012-04-07 19:44 . 2012-04-07 19:44 -------- d-----w- C:\$AVG 2012-04-07 07:31 . 2012-04-07 07:31 -------- d-----w- c:\program files\Funmoods . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-18 14:55 . 2012-01-31 09:41 922184 ----a-w- c:\windows\system32\pwNative.exe 2012-01-18 14:55 . 2012-01-31 09:41 16472 ------w- c:\windows\system32\pwdrvio.sys 2012-01-18 14:55 . 2012-01-31 09:41 11104 ------w- c:\windows\system32\pwdspio.sys 2010-09-13 17:20 . 2010-02-23 10:19 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-12 39408] "KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-01-04 937872] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-01-04 3508624] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-01-04 21392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360] "PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-22 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-22 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-22 133656] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712] "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520] "PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-13 30192] "dcmsvc"="c:\program files\dcmsvc\dcmsvc.exe" [2009-04-07 30440] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-10-02 161336] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/nl.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT&inst=NzctNjI0NTIxNjI1LUZMMTArMS1MSUMrMS1UVUcrMy1ERFQrMjA3NzUtTFNEKzItREQxMEYrMS1TVDEwRkFQUCsxLUYxMFRCKzItU1QxMFRCRisx∏=55&ver=10.0.1424" [?] . c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] Warner Bros.lnk - c:\program files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\WI371A~1\Datamngr\datamngr.dll c:\progra~1\WI371A~1\Datamngr\IEBHO.dll c:\progra~1\Google\GOOGLE~4\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Inhoud van de 'Gedeelde Taken' map . 2012-04-02 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-25 10:56] . 2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 18:29] . 2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 18:29] . 2012-02-24 c:\windows\Tasks\Norton Security Scan for Gebruiker.job - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2010-11-12 15:45] . 2012-04-09 c:\windows\Tasks\User_Feed_Synchronization-{104646A5-D3F3-4B07-8D2E-62A22E72C78C}.job - c:\windows\system32\msfeedssync.exe [2011-06-16 04:32] . . ------- Bijkomende Scan ------- . mStart Page = hxxp://www.tinit.org/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd HKLM-Run-eRecoveryService - (no file) HKLM-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe AddRemove-NIPO CAPI@HOME - c:\windows\IsUn0413.exe AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe . . . ************************************************************************** scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(3248) c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\WLANExt.exe c:\program files\Microsoft\BingBar\BBSvc.EXE c:\program files\Microsoft\BingBar\SeaPort.EXE c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe c:\acer\Empowering Technology\eLock\Service\eLockServ.exe c:\acer\Empowering Technology\eNet\eNet Service.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Motive\McciCMService.exe c:\acer\Mobility Center\MobilityService.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\system32\DRIVERS\xaudio.exe c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe c:\acer\Empowering Technology\eSettings\Service\capuserv.exe c:\acer\Empowering Technology\ePower\ePowerSvc.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\conime.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Voltooingstijd: 2012-04-09 16:18:58 - machine werd herstart ComboFix-quarantined-files.txt 2012-04-09 14:18 . Pre-Run: 59.992.760.320 bytes beschikbaar Post-Run: 60.499.410.944 bytes beschikbaar . - - End Of File - - A61F85745020DA683F38304152BAE61A

Ik zie inderdaad dat automatische window update uitstaat, ik heb er geen specifieke reden voor. Als het systeem wat stabieler is zal ik SP2 er op zetten, momenteel kan ik alleen werken in de veilige modus, en gebruik ik een tweede laptop voor de downloads. Hieronder de gevraagde logs: Malwarebytes Anti-Malware 1.60.1.1000 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: v2012.04.09.02 Windows Vista Service Pack 1 x86 NTFS (Veilige modus/netwerkmogelijkheden) Internet Explorer 8.0.6001.19088 Gebruiker :: PC_VAN_GEBRUIKE [administrator] 9-4-2012 10:49:12 mbam-log-2012-04-09 (10-49-12).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 202191 Verstreken tijd: 7 minuut/minuten, 50 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 1 C:\Program Files\Funmoods\funmoods\1.5.11.16 (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. Bestanden gedetecteerd: 2 C:\Windows\Temp\.exe (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:23:19, on 9-4-2012 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.19088) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Program Files\Spyware Doctor\pctsTray.exe C:\HT\HijackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Tinit.org R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll O2 - BHO: Loader Class - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI371A~1\Datamngr\BROWSE~1.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [setPanel] C:\Acer\APanel\APanel.cmd O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: OpenOffice.org 2.4 .lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Startup: Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll O20 - AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\iebho.dll c:\progra~1\google\google~4\goec62~1.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10577 bytes Groet John

Hieronder de gevraagde log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:16:55, on 8-4-2012 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.19088) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\WinRAR\WinRAR.exe C:\HT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Tinit.org R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.2\pdfforgeToolbarIE.dll R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll O2 - BHO: Loader Class - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI371A~1\Datamngr\BROWSE~1.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.2\pdfforgeToolbarIE.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.2\pdfforgeToolbarIE.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [setPanel] C:\Acer\APanel\APanel.cmd O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 O4 - HKLM\..\Run: [searchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: OpenOffice.org 2.4 .lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Startup: Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll O20 - AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\iebho.dll c:\progra~1\google\google~4\goec62~1.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 12991 bytes

Beste forumleden, Sinds gisteren loopt onze laptop (vista) steeds vast. De ene keer loopt ie vast tijdens het opstarten, de andere keer loopt ie vast na 10 minuten. Als hij vast loopt is de muis vrij te bewegen, alleen kan er niks worden aan geklikt, ook de klok blijft dan stil staan. Wat kan dit zijn, wie weet raad? Groet John