Patrickallround

Hoi Kape, ik heb geen reactie meer ontvangen op mijn laatste bericht. Beetje vreemd. Ik bleef de meldingen rootkits maar krijgen van AVG. Ik heb de pc maar opnieuw geinstalleerd en ben er zo van af. Gr. Patrick

Hoi Kape, hier ´t logje Zoek.exe Version 4.0.0.2 Updated 06-March-2013 Tool run by Patrick on wo 06-03-2013 at 16:47:01,79. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected ==== System Restore Info ====================== 6-3-2013 16:49:25 System Restore is disabled. ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe C:\Windows\system32\IoctlSvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\igfxsrvc.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Users\Patrick\Desktop\RootkitRevealer.exe C:\Windows\system32\UI0Detect.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\conime.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\AVG\AVG2013\avgcfgex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\mobsync.exe C:\Users\Patrick\Desktop\zoek.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe ==== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) Adobe Digital Editions Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.0) - Nederlands Apple Mobile Device Support Apple Software Update Applian FLV and Media Player 3.1.1.12 ASIO4ALL Audacity 1.3.14 (Unicode) AudioLava 1.0 AVG 2011 AVG 2012 AVG 2013 AVS Video Editor 6 Bonjour Canon Easy-PhotoPrint EX Canon MG3100 series MP Drivers Canon MG3100 series On-screen Manual Canon MP Navigator EX 5.0 Canon My Printer Canon Solution Menu EX Choice Guard Compatibiliteitspakket voor het 2007 Microsoft Office system EasyBits Magic Desktop ECHO is off (uit). Free YouTube to MP3 Converter version 3.12.0.128 Gebruikersregistratie voor Canon MG3100 series Google Chrome Frame Google Toolbar for Internet Explorer Google Update Helper HDRegNL HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) iCloud IL Download Manager Intel® Graphics Media Accelerator Driver iTunes Java 7 Update 9 Java Auto Updater Java 6 Update 20 jetAudio Basic Junk Mail filter update Malwarebytes Anti-Malware versie 1.70.0.1100 Microsoft .NET Framework 3.5 Language Pack SP1 - nld Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile NLD Language Pack Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office Home and Student Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office PowerPoint Viewer 2007 (Dutch) Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (Dutch) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Microsoft Works 9.0 MobileMe Control Panel Mozilla Firefox 19.0 (x86 nl) Mozilla Maintenance Service MSVC80_x86 MSVC80_x86_v2 MSVC90_x86 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 8 Essentials neroxml Nokia Connectivity Cable Driver Nokia Ovi Suite Nokia Ovi Suite Software Updater Nokia PC Suite Nokia_Multimedia_Common_Components_2_5 Norton Internet Security OGA Notifier 2.0.0048.0 Ovi Desktop Sync Engine OviMPlatform Packard Bell ImageWriter Packard Bell Updator PC Connectivity Solution Picasa 3 PRS-500 USB driver QuickTime Reader Library by Sony Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663) Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870) Setup My PC Spotify Switch Sound File Converter Synaptics Pointing Device Driver Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD TomTom HOME 2.8.2.2264 TomTom HOME Visual Studio Merge Modules Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Windows-stuurprogrammapakket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080) Windows Live - Hulpprogramma voor uploaden Windows Live aanmeldhulp Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sync Windows Live Writer Windows Movie Maker 2.6 ==== Reset Hosts File ====================== # Copyright © 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ::1 localhost ==== FireFox Fix ====================== Deleted from C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\prefs.js: Added to C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\prefs.js: user_pref("browser.startup.homepage", "Google"); user_pref("browser.search.defaulturl", "Google="); user_pref("browser.newtab.url", "Google"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "Google="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default user.js not found ---- Lines CT2801948 removed from prefs.js ---- ---- Lines CT2801948 modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- prefs_06-03-2013_1651_.backup ==== Deleting Files \ Folders ====================== "C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\jetpack" deleted "C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\CT2801948" deleted "C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\CT2801948" deleted ==== System Specs ====================== Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002) Internet Explorer: 9.0.8112.16421 Memory (RAM): 3000 MB CPU Info: Pentium® Dual-Core CPU T4200 @ 2.00GHz CPU Speed: 1814,7 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: Mobile Intel® 4 Series Express Chipset Family | Mobile Intel® 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1280 X 800 - 32 bit Network: Network Present Network Adapters: Ralink 802.11n Wireless LAN Card | Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0) CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GSA-T50N Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 452,8GB Hard Disks - Free: C: 268,2GB Manufacturer *: Phoenix Technologies LTD BIOS Info: AT/AT COMPATIBLE | 12/22/08 | PacBel - 20081222 Time Zone: West-Europa (standaardtijd) Motherboard *: PACKARD BELL BV PE2 Sun Java version: 1.7.0_09 Country: Nederland Language: NLD ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2013-03-04 14:26:45 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe 2013-03-04 14:26:45 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe 2013-03-04 14:26:45 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe 2013-03-04 14:26:45 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe 2013-03-04 14:26:45 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe 2013-03-04 11:39:24 B4FA6D277F63CE3E5E547DD40365F178 14664 ----a-w- C:\Windows\stinger.sys ====== C:\Users\Patrick\AppData\Local\Temp ==== 2013-03-06 14:34:05 2FF0591282B93DA1B83997A528E76CC2 416640 ----a-w- C:\Users\Patrick\AppData\Local\Temp\MHYTWUPJHGWXYUCAV.exe 2013-03-06 10:18:08 E17EDAB9F8766BACC3CA8AB6A82A646C 510848 ----a-w- C:\Users\Patrick\AppData\Local\Temp\VQEPQYDF.exe 2013-03-06 08:39:21 7F1E6BE9DAE420BB4B8A10B1A3B974BA 576384 ----a-w- C:\Users\Patrick\AppData\Local\Temp\GQB.exe 2013-03-05 23:35:48 02D84B934C859B6E19FA7AF7663853BF 433024 ----a-w- C:\Users\Patrick\AppData\Local\Temp\OJXCXURF.exe 2013-03-05 23:14:54 02D84B934C859B6E19FA7AF7663853BF 433024 ----a-w- C:\Users\Patrick\AppData\Local\Temp\DEXTIYTVIFQVGT.exe 2013-03-05 18:36:14 52D5B51FD0C9DCBC908C37D0A2C09364 379776 ----a-w- C:\Users\Patrick\AppData\Local\Temp\WSODVILX.exe 2013-03-05 18:34:48 0CD9D8F11EC956DB0454BE4F64623734 539520 ----a-w- C:\Users\Patrick\AppData\Local\Temp\KJFT.exe 2013-03-05 18:33:16 1C5D1B497134A44CAFE734558AE64427 588672 ----a-w- C:\Users\Patrick\AppData\Local\Temp\GTXZIVEZUNPXFZJ.exe 2013-03-05 18:31:14 52D5B51FD0C9DCBC908C37D0A2C09364 379776 ----a-w- C:\Users\Patrick\AppData\Local\Temp\LF.exe ====== C:\Windows\system32 ===== 2013-03-05 19:42:24 D45BF3D70CAC0520C60DC5EA7EA0064B 165613973 ----a-w- C:\Windows\System32\NMYZQNLAUURXF 2013-02-21 21:48:12 57159B5E89F2DEBA768C4A1DF6387AEE 6112864 ----a-w- C:\Windows\System32\usbaaplrc.dll ====== C:\Windows\system32\drivers ===== 2013-02-14 08:36:25 74E2D020C47BB2B2FCCBA29A518A7EB4 905576 ----a-w- C:\Windows\System32\drivers\tcpip.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-03-04 11:32:05 -------- d-----w- C:\Program Files\stinger 2013-03-03 14:36:09 -------- d-----w- C:\Program Files\Trend Micro 2013-03-03 12:00:45 -------- d-----w- C:\Program Files\Gophoto.it 2013-02-21 22:08:07 -------- d-----w- C:\Program Files\iPod 2013-02-21 22:08:00 -------- d-----w- C:\Program Files\iTunes 2013-02-21 21:53:01 -------- d-----w- C:\Program Files\Common Files\DVDVideoSoft ======= C: ===== 2013-03-05 10:08:02 C1F1BC02F594024785EA3074C0F62E10 30250 ----a-w- C:\AdwCleaner[s1].txt ====== C:\Users\Patrick\AppData\Roaming ====== 2013-03-04 23:07:06 -------- d-----w- C:\users\Public\AppData\Local\temp 2013-03-04 23:07:06 -------- d-----w- C:\users\Default\AppData\Local\temp 2013-03-04 23:07:06 -------- d-----w- C:\users\Default User\AppData\Local\temp ====== C:\Users\Patrick ====== 2013-03-04 16:15:32 -------- d-----w- C:\Users\Public\AppData 2013-02-21 22:08:01 -------- d-----w- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 ====== C: exe-files == 2013-03-06 14:34:05 2FF0591282B93DA1B83997A528E76CC2 416640 ----a-w- C:\Users\Patrick\AppData\Local\Temp\MHYTWUPJHGWXYUCAV.exe 2013-03-06 10:18:08 E17EDAB9F8766BACC3CA8AB6A82A646C 510848 ----a-w- C:\Users\Patrick\AppData\Local\Temp\VQEPQYDF.exe 2013-03-06 08:39:21 7F1E6BE9DAE420BB4B8A10B1A3B974BA 576384 ----a-w- C:\Users\Patrick\AppData\Local\Temp\GQB.exe 2013-03-06 07:08:41 FD9E19F831196857B67B117394D61DDE 4637952 ----a-w- C:\Users\Patrick\AppData\Local\Temp\lptmp17964\lastpass.exe 2013-03-05 23:35:48 02D84B934C859B6E19FA7AF7663853BF 433024 ----a-w- C:\Users\Patrick\AppData\Local\Temp\OJXCXURF.exe 2013-03-05 23:14:54 02D84B934C859B6E19FA7AF7663853BF 433024 ----a-w- C:\Users\Patrick\AppData\Local\Temp\DEXTIYTVIFQVGT.exe 2013-03-05 18:36:14 52D5B51FD0C9DCBC908C37D0A2C09364 379776 ----a-w- C:\Users\Patrick\AppData\Local\Temp\WSODVILX.exe 2013-03-05 18:34:48 0CD9D8F11EC956DB0454BE4F64623734 539520 ----a-w- C:\Users\Patrick\AppData\Local\Temp\KJFT.exe 2013-03-05 18:33:16 1C5D1B497134A44CAFE734558AE64427 588672 ----a-w- C:\Users\Patrick\AppData\Local\Temp\GTXZIVEZUNPXFZJ.exe 2013-03-05 18:31:14 52D5B51FD0C9DCBC908C37D0A2C09364 379776 ----a-w- C:\Users\Patrick\AppData\Local\Temp\LF.exe 2013-03-05 18:29:39 EE738FE9BCDD605821002CEC8C7206DB 334720 ----a-w- C:\Users\Patrick\Desktop\RootkitRevealer.exe 2013-03-05 10:04:58 BDA238D4079311DB2C4C96A5A098C956 597667 ----a-w- C:\Users\Patrick\Desktop\adwcleaner.exe 2013-03-05 08:58:12 178A34E5554DCE485E1262DDF027960C 2237968 ----a-w- C:\Users\Patrick\Desktop\TDSSKiller.exe 2013-03-04 18:51:02 7739D0BD7A11DAC7C6B52CC7FA0AA6E3 3151480 ----a-w- C:\Users\Patrick\Downloads\ccsetup328_slim.exe 2013-03-04 14:26:45 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe 2013-03-04 14:26:45 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe 2013-03-04 14:26:45 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe 2013-03-04 14:26:45 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe 2013-03-04 14:26:45 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe 2013-03-04 11:29:56 BDFC48A2D947651B721745837E864D17 4318112 ----a-w- C:\Users\Patrick\Downloads\sysrc_trial_9407.exe 2013-03-04 11:26:07 3E88AB708C7F419E1A5535E2EF77C47E 10525728 ----a-w- C:\Users\Patrick\Downloads\Stinger.exe === C: other files == 2013-03-05 18:20:31 59739CCDA2F15D5AC16DB6695CAE3378 231390 ----a-w- C:\Users\Patrick\Downloads\RootkitRevealer.zip 2013-03-05 08:49:57 F795C49456C7B8ED282F615D836B3885 2218636 ----a-w- C:\Users\Patrick\Downloads\tdsskiller.zip 2013-03-04 11:39:24 B4FA6D277F63CE3E5E547DD40365F178 14664 ----a-w- C:\Windows\stinger.sys 2013-03-03 11:54:14 FB77E4B8EF8F32CBC11F789F3ACC2FF5 213444 ----a-w- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\extensions\torntv@torntv.com.xpi ======== System Restore Points ======== No Restore Point in System. ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-709391076-3668097275-2558483745-1000\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "SmpcSys"="C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "SmpcSys"="C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "Skytel"="Skytel.exe" "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" "vProt"="C:\Program Files\AVG Secure Search\vprot.exe" "Reader Library Launcher"="C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" "CanonSolutionMenuEx"="C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon" "AVG_UI"="C:\Program Files\AVG\AVG2013\avgui.exe /TRAYONLY" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "SmpcSys"="C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "MobileDocuments"="C:\\Program Files\\Common Files\\Apple\\Internet Services\\ubd.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "AVG_TRAY"="\"C:\\Program Files\\AVG\\AVG2012\\avgtray.exe\"" "ROC_roc_dec12"="\"C:\\Program Files\\AVG Secure Search\\ROC_roc_dec12.exe\" /PROMPT /CMPID=roc_dec12" "Freecorder FLV Service"="\"C:\\Program Files\\Freecorder\\FLVSrvc.exe\" /run" "HF_G_Jul"="\"C:\\Program Files\\AVG Secure Search\\HF_G_Jul.exe\" /DoAction" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre7\\bin\\jusched.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime" ==== Startup Folders ====================== 2012-11-12 19:59:46 1117 ----a-w- C:\users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27-02-2013 16:50] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [16-10-2011 22:55] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [16-10-2011 22:55] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default - Norton IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn - Torntv - %ProfilePath%\extensions\torntv@torntv.com.xpi - DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Norton IPS - %AppDir%\extensions\{8545daff-ad1e-493f-a37e-eed1ac79682b} ==== Firefox Plugins ====================== Profilepath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default E64819B6014A93E2503BB52419A0F6F3 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll - Shockwave Flash F00A0EF5835E1B96F783D617F1948704 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector E0FF893763BA82BAABB869A351F0C455 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll - Google Update AF87C7A3D391F5F5534167546D7DDE30 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3 2034E977759F4EB2226914BFC58F2758 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3 B14417814FCA3A5D4AB170E1823D5484 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3 3EFF190EC0E333DFBD2F5499858044B6 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3 C4EB1B18B39BD2F76A64F75D01DEAB61 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3 45CC6EFE643FCB97D986BBE2D21E2491 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3 9FCA15CC38F2E2C6F5E722ED0E1A9E7A - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3 C04FCB7EEBEB5097B30468828F20FB9E - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U9 2C82D753EF779945977C82A3908DA20A - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.90.5 711A2E6A55EC7BFD59B5F649D58B704B - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll - Silverlight Plug-In 54BC55D3D9BD33A6CE38F811CF836794 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa 6F120933F87E7DEC972476170288A267 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat 0BD343C45B4ECCF8D6AF94D6C3ADC310 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 9C06DBC403F91D518ED117E460F03F85 - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility for IJ 85CF435CAB46007D9F7AA477CA68C2A9 - C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll - Reader Library AAA414455FE1AA87E424BDFCAE249B50 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation DFCAB29E8FD38F95650CC1E203E8D318 - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System 21A55BABD31DA624449F06A591AE73ED - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrlui.dll - Microsoft ® Silverlight ==== Deleting Files \ Folders ====================== "C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\extensions\torntv@torntv.com.xpi" deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL" "Default_Search_URL"="Upgrade to Google Chrome" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="iGoogle Redirect" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search/?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="Upgrade to Google Chrome" "Default_Search_URL"="Upgrade to Google Chrome" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="Bing" "Start Page"="Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="%s - Bing" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="Bing" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{A415D7DA-9F56-467A-870E-508914FA9156}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="{searchTerms} - Google Search" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" {A415D7DA-9F56-467A-870E-508914FA9156} Google Url="{searchTerms} - Google Search" ==== Reset Google Chrome ====================== Nothing found to reset ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-709391076-3668097275-2558483745-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_CLASSES_ROOT\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully ==== shortcuts on Users Desktops ====================== C:\Users\Patrick\Desktop\ComboFix.exe - Snelkoppeling.lnk - C:\Users\Patrick\Downloads\ComboFix.exe C:\Users\Patrick\Desktop\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe C:\Users\Patrick\Desktop\HiJackThis.lnk - C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\AVG 2013.lnk - C:\Program Files\AVG\AVG2013\avgui.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2013.lnk - C:\Program Files\AVG\AVG2013\avgui.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free Studio Manager.lnk - C:\Program Files\Common Files\DVDVideoSoft\FreeStudioManager.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Log Report.lnk - C:\Program Files\Common Files\DVDVideoSoft\bin\DVSSysReport.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Rocket Subscription.lnk - C:\Program Files\Common Files\DVDVideoSoft\bin\RocketSubscription\SubscriptionOffer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk - C:\Program Files\Common Files\DVDVideoSoft\lib\Uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Info iTunes.lnk - C:\Program Files\iTunes\iTunes.Resources\nl.lproj\About iTunes.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyOverride"="*.local" "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Bing O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\25.0.1364.97\npchrome_frame.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [smpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\25.0.1364.97\npchrome_frame.dll O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DEXTIYTVIFQVGT - Sysinternals - www.sysinternals.com - C:\Users\Patrick\AppData\Local\Temp\DEXTIYTVIFQVGT.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GQB - Sysinternals - www.sysinternals.com - C:\Users\Patrick\AppData\Local\Temp\GQB.exe O23 - Service: GTXZIVEZUNPXFZJ - Sysinternals - www.sysinternals.com - C:\Users\Patrick\AppData\Local\Temp\GTXZIVEZUNPXFZJ.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KJFT - Sysinternals - www.sysinternals.com - C:\Users\Patrick\AppData\Local\Temp\KJFT.exe O23 - Service: LF - Sysinternals - www.sysinternals.com - C:\Users\Patrick\AppData\Local\Temp\LF.exe O23 - Service: MHYTWUPJHGWXYUCAV - Sysinternals - www.sysinternals.com - C:\Users\Patrick\AppData\Local\Temp\MHYTWUPJHGWXYUCAV.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe O23 - Service: OJXCXURF - Sysinternals - www.sysinternals.com - C:\Users\Patrick\AppData\Local\Temp\OJXCXURF.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: VQEPQYDF - Sysinternals - www.sysinternals.com - C:\Users\Patrick\AppData\Local\Temp\VQEPQYDF.exe O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe O23 - Service: WSODVILX - Sysinternals - www.sysinternals.com - C:\Users\Patrick\AppData\Local\Temp\WSODVILX.exe ==== Silent Runners ====================== "Silent Runners.vbs", revision 69, Silent Runners - Adware? Disinfect, don't reformat! Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} swg = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [Google Inc.] ehTray.exe = C:\Windows\ehome\ehTray.exe [MS] SmpcSys = C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe [Packard Bell BV] WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} RtHDVCpl = RtHDVCpl.exe [Realtek Semiconductor] SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [synaptics, Inc.] SmpcSys = C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe [Packard Bell BV] IgfxTray = C:\Windows\system32\igfxtray.exe [intel Corporation] HotKeysCmds = C:\Windows\system32\hkcmd.exe [intel Corporation] Persistence = C:\Windows\system32\igfxpers.exe [intel Corporation] Skytel = Skytel.exe [Realtek Semiconductor Corp.] AppleSyncNotifier = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [Apple Inc.] NokiaMServer = C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [Nokia] vProt = "C:\Program Files\AVG Secure Search\vprot.exe" [file not found] Reader Library Launcher = C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [sony Corporation] CanonMyPrinter = C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [CANON INC.] CanonSolutionMenuEx = C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [CANON INC.] AVG_UI = "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [AVG Technologies CZ, s.r.o.] iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" [Apple Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub -> {HKLM.CLSID} = Adobe PDF Link Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated] {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = Symantec NCO BHO -> {HKLM.CLSID} = Symantec NCO BHO \InProcServer32\(Default) = C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [symantec Corporation] {6D53EC84-6AAE-4787-AEEE-F4628F01010C}\(Default) = Symantec Intrusion Prevention -> {HKLM.CLSID} = Symantec Intrusion Prevention \InProcServer32\(Default) = C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL [symantec Corporation] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM.CLSID} = SSVHelper Class \InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\ssv.dll [Oracle Corporation] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM.CLSID} = Windows Live Aanmelden - Help \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM.CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided) -> {HKLM.CLSID} = Google Toolbar Notifier BHO \InProcServer32\(Default) = C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [Google Inc.] {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\(Default) = Google Dictionary Compression sdch -> {HKLM.CLSID} = Google Dictionary Compression sdch \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [Google Inc.] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM.CLSID} = Java Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\jp2ssv.dll [Oracle Corporation] {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}\(Default) = ChromeFrame BHO -> {HKLM.CLSID} = ChromeFrame BHO \InProcServer32\(Default) = C:\Program Files\Google\Chrome Frame\Application\25.0.1364.97\npchrome_frame.dll [Google Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {2F603045-309F-11CF-9774-0020AFD0CFF6} = Synaptics Control Panel -> {HKLM.CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [synaptics, Inc.] {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search -> {HKLM.CLSID} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL [MS] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM.CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\msohevi.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM.CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM.CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {0563DB41-F538-4B37-A92D-4659049B7766} = WLMD Message Handler -> {HKLM.CLSID} = CLSID_WLMCMimeFilter \InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS] {00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided) -> {HKLM.CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim -> {HKLM.CLSID} = Windows Live Photo Gallery Viewer Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim -> {HKLM.CLSID} = Windows Live Photo Gallery Editor Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim -> {HKLM.CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} = NeroCoverEd Live Icons -> {HKLM.CLSID} = NeroCoverEdLiveIcons Class \InProcServer32\(Default) = C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [Nero AG] {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} = Nokia Phone Browser -> {HKLM.CLSID} = Nokia Phone Browser \InProcServer32\(Default) = C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll [Nokia] {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} = jetAudio -> {HKLM.CLSID} = JetFlExt Class \InProcServer32\(Default) = C:\Program Files\JetAudio\JetFlExt.dll [COWON America] {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension -> {HKLM.CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files\AVG\AVG2013\avgse.dll [AVG Technologies CZ, s.r.o.] {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes -> {HKLM.CLSID} = iTunes \InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945} -> {HKLM.CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <<!>> gcf\CLSID = {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -> {HKLM.CLSID} = ChromeProtocol Class \InProcServer32\(Default) = C:\Program Files\Google\Chrome Frame\Application\25.0.1364.97\npchrome_frame.dll [Google Inc.] <<!>> livecall\CLSID = {828030A1-22C1-4009-854F-8E305202313F} -> {HKLM.CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL [MS] <<!>> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294} -> {HKLM.CLSID} = HxProtocol Class \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS] <<!>> ms-itss\CLSID = {0A9007C0-4076-11D3-8789-0000F8105754} -> {HKLM.CLSID} = Microsoft Infotech Storage Protocol for IE 4.0 \InProcServer32\(Default) = c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [MS] <<!>> msnim\CLSID = {828030A1-22C1-4009-854F-8E305202313F} -> {HKLM.CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL [MS] <<!>> symres\CLSID = {AA1061FE-6C41-421f-9344-69640C9732AB} -> {HKLM.CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [symantec Corporation] <<!>> wlmailhtml\CLSID = {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -> {HKLM.CLSID} = Windows Live Mail HTML Asynchronous Pluggable Protocol Handler \InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} -> {HKLM.CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files\AVG\AVG2013\avgse.dll [AVG Technologies CZ, s.r.o.] Cover Designer\(Default) = {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} -> {HKLM.CLSID} = NeroCoverEdContextMenu Class \InProcServer32\(Default) = C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [Nero AG] LavasoftShellExt\(Default) = {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} -> {HKLM.CLSID} = Lavasoft Shell Extension \InProcServer32\(Default) = C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll [file not found] PhotoStreamsExt\(Default) = {89D984B3-813B-406A-8298-118AFA3A22AE} -> {HKLM.CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [Apple Inc.] Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} -> {HKLM.CLSID} = IEContextMenu Class \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Engine\16.8.3.6\NavShExt.dll" [symantec Corporation] {100BD527-7304-4b7f-BEE2-26D97B04EBA4}\(Default) = (no title provided) -> {HKLM.CLSID} = NBShellHook Class \InProcServer32\(Default) = C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll [Nero AG] HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\ NBShellHook\(Default) = {100BD527-7304-4b7f-BEE2-26D97B04EBA4} -> {HKLM.CLSID} = NBShellHook Class \InProcServer32\(Default) = C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll [Nero AG] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM.CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ jetAudio\(Default) = {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} -> {HKLM.CLSID} = JetFlExt Class \InProcServer32\(Default) = C:\Program Files\JetAudio\JetFlExt.dll [COWON America] HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\ Nokia\(Default) = {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} -> {HKLM.CLSID} = Nokia Phone Browser \InProcServer32\(Default) = C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll [Nokia] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} -> {HKLM.CLSID} = GraphicsShellExt Class \InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [intel Corporation] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM.CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} -> {HKLM.CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files\AVG\AVG2013\avgse.dll [AVG Technologies CZ, s.r.o.] jetAudio\(Default) = {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} -> {HKLM.CLSID} = JetFlExt Class \InProcServer32\(Default) = C:\Program Files\JetAudio\JetFlExt.dll [COWON America] LavasoftShellExt\(Default) = {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} -> {HKLM.CLSID} = Lavasoft Shell Extension \InProcServer32\(Default) = C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll [file not found] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM.CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} -> {HKLM.CLSID} = IEContextMenu Class \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Engine\16.8.3.6\NavShExt.dll" [symantec Corporation] {100BD527-7304-4b7f-BEE2-26D97B04EBA4}\(Default) = (no title provided) -> {HKLM.CLSID} = NBShellHook Class \InProcServer32\(Default) = C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll [Nero AG] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ NBShellHook\(Default) = {100BD527-7304-4b7f-BEE2-26D97B04EBA4} -> {HKLM.CLSID} = NBShellHook Class \InProcServer32\(Default) = C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll [Nero AG] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ DisableRegistryTools = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ Wallpaper = C:\Windows\web\Wallpaper\img24.jpg Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Windows\web\Wallpaper\img24.jpg Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ SCRNSAVE.EXE = C:\Windows\system32\logon.scr [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ ApplianMPPlayCDAudioOnArrival\ Provider = Applian FLV and Media Player InvokeProgID = ApplianMP.CDAudio InvokeVerb = Open HKLM\SOFTWARE\Classes\ApplianMP.CDAudio\shell\Open\command\(Default) = "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file cdda://%1 [Applian Technologies Inc] ApplianMPPlayDVDAudioOnArrival\ Provider = Applian FLV and Media Player InvokeProgID = ApplianMP.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\ApplianMP.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --one-instance %1 [Applian Technologies Inc] ApplianMPPlayDVDMovieOnArrival\ Provider = Applian FLV and Media Player InvokeProgID = ApplianMP.DVDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\ApplianMP.DVDMovie\shell\Open\command\(Default) = "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file dvd://%1 [Applian Technologies Inc] ApplianMPPlayMusicFilesOnArrival\ Provider = Applian FLV and Media Player InvokeProgID = ApplianMP.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\ApplianMP.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --one-instance %1 [Applian Technologies Inc] ApplianMPPlaySVCDMovieOnArrival\ Provider = Applian FLV and Media Player InvokeProgID = ApplianMP.SVCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\ApplianMP.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file vcd://%1 [Applian Technologies Inc] ApplianMPPlayVCDMovieOnArrival\ Provider = Applian FLV and Media Player InvokeProgID = ApplianMP.VCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\ApplianMP.VCDMovie\shell\Open\command\(Default) = "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file vcd://%1 [Applian Technologies Inc] ApplianMPPlayVideoFilesOnArrival\ Provider = Applian FLV and Media Player InvokeProgID = ApplianMP.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\ApplianMP.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --one-instance %1 [Applian Technologies Inc] iTunesBurnCDOnArrival\ Provider = iTunes InvokeProgID = iTunes.BurnCD InvokeVerb = burn HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.] iTunesImportSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ImportSongsOnCD InvokeVerb = import HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.] iTunesPlaySongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.PlaySongsOnCD InvokeVerb = play HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.] iTunesShowSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ShowSongsOnCD InvokeVerb = showsongs HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.] JABurnCDAudioOnArrival\ Provider = jetAudio InvokeProgID = jetAudio.MediaHandler InvokeVerb = burncd HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\burncd\command\(Default) = "C:\Program Files\JetAudio\jetAudio.exe" /burncd "%1" [COWON America] JACreateAlbumOnArrival\ Provider = jetAudio InvokeProgID = jetAudio.MediaHandler InvokeVerb = createalbum HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\createalbum\command\(Default) = "C:\Program Files\JetAudio\jetAudio.exe" /createalbum "%1" [COWON America] JAPlayCDAudioOnArrival\ Provider = jetAudio InvokeProgID = jetAudio.MediaHandler InvokeVerb = playcd HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playcd\command\(Default) = "C:\Program Files\JetAudio\jetAudio.exe" /playcd "%1" [COWON America] JAPlayDVDMovieOnArrival\ Provider = jetAudio InvokeProgID = jetAudio.MediaHandler InvokeVerb = playdvd HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playdvd\command\(Default) = "C:\Program Files\JetAudio\jetAudio.exe" /playdvd "%1" [COWON America] JAPlayMediaOnArrival\ Provider = jetAudio InvokeProgID = jetAudio.MediaHandler InvokeVerb = playmedia HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playmedia\DropTarget\CLSID = {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} -> {HKLM.CLSID} = JetFlExt Class \InProcServer32\(Default) = C:\Program Files\JetAudio\JetFlExt.dll [COWON America] JAPlaySVCDMovieOnArrival\ Provider = jetAudio InvokeProgID = jetAudio.MediaHandler InvokeVerb = playvcd HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playvcd\command\(Default) = "C:\Program Files\JetAudio\jetAudio.exe" /playvcd "%1" [COWON America] JAPlayVCDMovieOnArrival\ Provider = jetAudio InvokeProgID = jetAudio.MediaHandler InvokeVerb = playvcd HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playvcd\command\(Default) = "C:\Program Files\JetAudio\jetAudio.exe" /playvcd "%1" [COWON America] JARipCDAudioOnArrival\ Provider = jetAudio InvokeProgID = jetAudio.MediaHandler InvokeVerb = ripcd HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\ripcd\command\(Default) = "C:\Program Files\JetAudio\jetAudio.exe" /ripcd "%1" [COWON America] MSLivePhotoAcqHWEventHandler\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10;nl-nl.8051.1204 ProgID = Microsoft.LivePhotoAcqHWEventHandler HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = {3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F} -> {HKLM.CLSID} = (no title provided) \LocalServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [MS] MSLivePhotoAcquireDropHandler\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10;nl-nl.8051.1204 InvokeProgID = Microsoft.LivePhotoAcqDTShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625} -> {HKLM.CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10;nl-nl.8051.1204 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM.CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] MSLiveVideoCameraArrivalCaptureWizard\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 ProgID = WLXAutoPlayMgr.WLXHWEventHandler InitCmdLine = WLXVideoAcquireWizard HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = {9B5C97F6-B3A5-4A6D-8B03-993EC7291A22} -> {HKLM.CLSID} = WLXWEventHandler Class \LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe" [MS] NeroAutoPlay8CDAudio\ Provider = Nero Express InvokeProgID = Nero.AutoPlay8 InvokeVerb = CDAudio_HandleCDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:AudioCD [Nero AG] NeroAutoPlay8CopyCD\ Provider = Nero Express InvokeProgID = Nero.AutoPlay8 InvokeVerb = CopyCD_PlayMusicFilesOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /Dialog:DiscCopy [Nero AG] NeroAutoPlay8DataDisc_CD\ Provider = Nero Express InvokeProgID = Nero.AutoPlay8 InvokeVerb = DataDisc_CD_HandleCDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_CD_HandleCDBurningOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /Media:CD %L [Nero AG] NeroAutoPlay8DataDisc_DVD\ Provider = Nero Express InvokeProgID = Nero.AutoPlay8 InvokeVerb = DataDisc_DVD_HandleDVDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_DVD_HandleDVDBurningOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /Media:DVD %L [Nero AG] NokiaOviSuite\ Provider = Nokia Ovi Suite ProgID = Nokia.OviSuite InitCmdLine = -autoplay HKLM\SOFTWARE\Classes\Nokia.OviSuite\CLSID\(Default) = {27F341A3-9735-41a3-AC51-75734826845F} -> {HKLM.CLSID} = Nokia Ovi Suite \LocalServer32\(Default) = C:/Program Files/Nokia/Nokia Ovi Suite/NokiaOviSuite.exe [Nokia] Picasa2ImportPicturesOnArrival\ Provider = Picasa3 InvokeProgID = picasa2.autoplay InvokeVerb = import HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = C:\Program Files\Google\Picasa3\Picasa3.exe "%1" [Google Inc.] WIA_{22C3F354-C493-4222-977B-E1C514BCB7A0}\ Provider = Picasa3 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Google\Picasa3\Picasa3.exe /StiDevice:%1 /StiEvent:%2; -> {HKLM.CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{E59B3AA6-5C0C-46F9-899E-DC90235E87DD}\ Provider = MP Navigator EX Ver5.0 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Canon\MP Navigator EX 5.0\mpnex50.exe /StiDevice:%1 /StiEvent:%2; -> {HKLM.CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] Startup items in "Patrick" & "All Users" startup folders: --------------------------------------------------------- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++} OneNote 2007 Schermopname en Snel starten -> shortcut to: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [MS] Windows Sidebar Gadgets: {++} ------------------------ C:\Users\Patrick\AppData\Local\Microsoft\Windows Sidebar\Settings.ini %PROGRAMFILES%\windows sidebar\gadgets\Clock.gadget %PROGRAMFILES%\windows sidebar\gadgets\SlideShow.Gadget %PROGRAMFILES%\windows sidebar\gadgets\RSSFeeds.Gadget %25PROGRAMFILES%25%5Cwindows%20sidebar%5Cshared%20gadgets%5CPBCalc.Gadget %25PROGRAMFILES%25%5Cwindows%20sidebar%5Cshared%20gadgets%5CPBClock.Gadget Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Ad-Aware Update (Weekly) -> launches: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe update all silent repair [file not found] Adobe Flash Player Updater -> launches: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] Adobe-online actualiseringsprogramma -> launches: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [Adobe Systems Incorporated] CreateChoiceProcessTask -> launches: C:\Windows\System32\browserchoice.exe /launch [MS] GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] C:\Windows\System32\Tasks\Apple AppleSoftwareUpdate -> launches: C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM.CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM.CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM.CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask-Roam -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM.CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] OptinNotification -> launches: %SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0 [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ManualDefrag -> launches: %windir%\system32\defrag.exe \\?\Volume{2666d14b-8079-11de-83da-806e6f6e6963}\ \\?\Volume{2666d14c-8079-11de-83da-806e6f6e6963}\ [MS] ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c -i [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) -gc [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM.CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] TMM -> launches: {35EF4182-F900-4632-B072-8639E4478A61} -> {HKLM.CLSID} = Transient Multi-Monitor Manager \InProcServer32\(Default) = C:\Windows\System32\TMM.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM.CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection NAPStatus UI -> launches: {f09878a1-4652-4292-aa63-8c7d4fd7648f} -> {HKLM.CLSID} = Nap ITask Handler Implementation \InProcServer32\(Default) = C:\Windows\System32\QAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RACAgent -> (HIDDEN!) launches: %windir%\system32\RacAgent.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Shell CrawlStartPages -> launches: {51653423-e62d-4ff7-894a-dabb2b8e21e2} -> {HKLM.CLSID} = CrawlStartPages Task Handler \InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM.CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] WSHReset -> (HIDDEN!) launches: %systemroot%\system32\netsh.exe interface tcp set heuristic wsh=default [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM.CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM.CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wired GatherWiredInfo -> launches: %windir%\system32\gatherWiredInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Wireless GatherWirelessInfo -> launches: %windir%\system32\gatherWirelessInfo.vbs [null data] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-709391076-3668097275-2558483745-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 24 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -> {HKLM.CLSID} = Norton Toolbar \InProcServer32\(Default) = C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [symantec Corporation] {2318C2B1-4965-11D4-9B18-009027A5CD4F} -> {HKLM.CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} = Norton Toolbar -> {HKLM.CLSID} = Norton Toolbar \InProcServer32\(Default) = C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [symantec Corporation] {2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided) -> {HKLM.CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] Explorer Bars HKLM\SOFTWARE\Classes\CLSID\{6C97EE7A-B5F9-49A9-A6B0-C34C7849A6B2}\(Default) = DVDVideoSoftTB Findbar Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll [file not found] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Onderzoeken Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\ ButtonText = In weblog opnemen MenuText = &In weblog opnemen met Windows Live Writer CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -> {HKLM.CLSID} = BlogThisToolbarButton Class \InProcServer32\(Default) = C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [MS] {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Verzenden naar OneNote MenuText = Verz&enden naar OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM.CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ ButtonText = Research BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -> {HKLM.CLSID} = &Onderzoeken \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated] AVG WatchDog, avgwd, "C:\Program Files\AVG\AVG2013\avgwdsvc.exe" [AVG Technologies CZ, s.r.o.] Bonjour-service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.] Easybits Shared Services for Windows, ezSharedSvc, C:\Windows\system32\svchost.exe -k netsvcs {C:\Windows\System32\ezsvc7.dll [EasyBits Sofware AS]} Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [Nero AG] Norton Internet Security, Norton Internet Security, "C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll" /prefetch:1 [symantec Corporation] PLFlash DeviceIoControl Service, PLFlash DeviceIoControl Service, C:\Windows\system32\IoctlSvc.exe [Prolific Technology Inc.] TomTomHOMEService, TomTomHOMEService, C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [TomTom] vToolbarUpdater14.2.0, vToolbarUpdater14.2.0, C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [null data] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <<!>> SymEFA.sys, FSFilter Activity Monitor HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <<!>> SymEFA.sys, FSFilter Activity Monitor Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor MG3100 series\Driver = CNMLMAR.DLL [CANON INC.] Canon BJNP Port\Driver = CNMNPPM.DLL [CANON INC.] PCL hpz3llhn\Driver = hpz3llhn.dll [Hewlett-Packard Company] Send To Microsoft OneNote Monitor\Driver = msonpmon.dll [MS] ==== Empty IE Cache ====================== C:\Users\Patrick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Patrick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\users\Patrick\AppData\Local\Mozilla\Firefox\Profiles\obrtnenv.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully After Reboot ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Patrick\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Patrick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

Hoi Kape, ´t lijkt of mijn pc de scan niet trekt. Ik heb ´m tussendoor opgeslagen want hij haalt ´t einde niet. Ik hoop dat je er iets aan hebt. HKU\S-1-5-21-709391076-3668097275-2558483745-1000\Console 5-3-2013 0:07 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN 27-2-2011 3:06 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\CertMapping 27-2-2011 3:06 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client 2-11-2006 13:54 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Listener 2-11-2006 13:54 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin 27-2-2011 3:06 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Service 2-11-2006 13:54 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\WinRS 21-1-2008 3:41 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\WinRS\CustomRemoteShell 21-1-2008 3:41 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{1FCC09B7-8D0E-484D-A49C-8A68CFA62FD0}\DateLastConnected 6-3-2013 11:17 16 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009 2-11-2006 11:33 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\013 21-1-2008 7:47 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C041448-C69A-4D8B-A774-4F3948997407}\DynamicInfo 6-3-2013 11:18 28 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Swearware\backup\winsock2 4-3-2013 23:55 0 bytes Security mismatch. HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters 4-3-2013 23:55 0 bytes Security mismatch. HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5 4-3-2013 23:55 0 bytes Security mismatch. HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries 4-3-2013 23:55 0 bytes Security mismatch. HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9 4-3-2013 23:55 0 bytes Security mismatch. HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries 4-3-2013 23:55 0 bytes Security mismatch. HKLM\SYSTEM\ControlSet001\Control\StillImage\Events\STIProxyEvent\{22C3F354-C493-4222-977B-E1C514BCB7A0}\Desc 30-8-2009 13:14 51 bytes Data mismatch between Windows API and raw hive data. HKLM\SYSTEM\ControlSet001\Control\StillImage\Events\STIProxyEvent\{22C3F354-C493-4222-977B-E1C514BCB7A0}\Icon 30-8-2009 13:14 45 bytes Data mismatch between Windows API and raw hive data. HKLM\SYSTEM\ControlSet003\Control\StillImage\Events\STIProxyEvent\{22C3F354-C493-4222-977B-E1C514BCB7A0}\Desc 30-8-2009 13:14 51 bytes Data mismatch between Windows API and raw hive data. HKLM\SYSTEM\ControlSet003\Control\StillImage\Events\STIProxyEvent\{22C3F354-C493-4222-977B-E1C514BCB7A0}\Icon 30-8-2009 13:14 45 bytes Data mismatch between Windows API and raw hive data. Ik kijk of ik nog iets verder komt maar bij ´sorting c:´ wordt ´t scherm al zwart en krijg ik niets meer te zien laat staan dat ik kan saven. Groet, Pat

Hoi Kape, ik heb de scan aan de gang gekregen. Als hij klaar is stuur ik je ´t logje.

Het zit niet mee. Ik krijg een dialoogvenster met: ...unable...de service heeft de start of stuuropdracht niet op juiste wijze beantwoord. Dan niets meer. ´t lijkt of het virus alles dwarsboomt. bij de laatste scan met AVG had ik nog 2 meldingen NtCreate en NtAlpcCo. Ntmapvie zat er niet meer bij. Een klein lichtpuntje.

Helaas, Kape, ik kreeg gelijk al 3 meldingen van AVG: service function NtmapVie service function NtCreate service function NtAlpcCo

Hoi, dit is van AdwCleaner. groet, Patrick # AdwCleaner v2.114 - Verslag gemaakt op 05/03/2013 om 11:08:02 # Geactualiseerd op 05/03/2013 door Xplode # Besturingssysteem : Windows Vista Home Premium Service Pack 2 (32 bits) # Gebruiker : Patrick - PC_VAN_PATRICK # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\Patrick\Desktop\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** File Verwijdert : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml File Verwijdert : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml File Verwijdert : C:\user.js File Verwijdert : C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\bprotector_extensions.sqlite File Verwijdert : C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\bprotector_prefs.js File Verwijdert : C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\searchplugins\delta.xml File Verwijdert : C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\searchplugins\whitesmoke-us-new-customized-web-search.xml File Verwijdert : C:\Users\Patrick\Desktop\TornTV.lnk File Verwijdert : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk Map Verwijdert : C:\Program Files\AVG Secure Search Map Verwijdert : C:\Program Files\Conduit Map Verwijdert : C:\Program Files\DVDVideoSoftTB Map Verwijdert : C:\ProgramData\AVG Secure Search Map Verwijdert : C:\ProgramData\AVG Security Toolbar Map Verwijdert : C:\ProgramData\Babylon Map Verwijdert : C:\Users\Patrick\AppData\Local\AVG Secure Search Map Verwijdert : C:\Users\Patrick\AppData\Local\Conduit Map Verwijdert : C:\Users\Patrick\AppData\LocalLow\AVG Secure Search Map Verwijdert : C:\Users\Patrick\AppData\LocalLow\AVG Security Toolbar Map Verwijdert : C:\Users\Patrick\AppData\LocalLow\BabylonToolbar Map Verwijdert : C:\Users\Patrick\AppData\LocalLow\Conduit Map Verwijdert : C:\Users\Patrick\AppData\LocalLow\DVDVideoSoftTB Map Verwijdert : C:\Users\Patrick\AppData\LocalLow\PriceGong Map Verwijdert : C:\Users\Patrick\AppData\Roaming\BabSolution Map Verwijdert : C:\Users\Patrick\AppData\Roaming\Babylon Map Verwijdert : C:\Users\Patrick\AppData\Roaming\Complitly Map Verwijdert : C:\Users\Patrick\AppData\Roaming\dvdvideosoftiehelpers Map Verwijdert : C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect Map Verwijdert : C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com Map Verwijdert : C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\ConduitCommon Map Verwijdert : C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\CT1060933 Map Verwijdert : C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\CT3244149 Map Verwijdert : C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} Map Verwijdert : C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516} Map Verwijdert : C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\extensions\{462be121-2b54-4218-bf00-b9bf8135b23f} Map Verwijdert : C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\extensions\ffxtlbr@delta.com Map Verwijdert : C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\jetpack Map Verwijdert : C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\Smartbar Map Verwijdert : C:\Users\Patrick\AppData\Roaming\OpenCandy Verwijdert bij het opstarten : C:\Program Files\Common Files\AVG Secure Search ***** [Register] ***** Sleutel Verwijdert : HKCU\Software\1ClickDownload Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\AVG Security Toolbar Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Conduit Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\PriceGong Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\SmartBar Sleutel Verwijdert : HKCU\Software\AppDataLow\Toolbar Sleutel Verwijdert : HKCU\Software\Ask&Record Sleutel Verwijdert : HKCU\Software\AVG Secure Search Sleutel Verwijdert : HKCU\Software\AVG Security Toolbar Sleutel Verwijdert : HKCU\Software\BabylonToolbar Sleutel Verwijdert : HKCU\Software\Complitly Sleutel Verwijdert : HKCU\Software\Conduit Sleutel Verwijdert : HKCU\Software\DataMngr_Toolbar Sleutel Verwijdert : HKCU\Software\Delta Sleutel Verwijdert : HKCU\Software\delta LTD Sleutel Verwijdert : HKCU\Software\e4dbd9b33def46 Sleutel Verwijdert : HKCU\Software\InstallCore Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{471B163C-D832-47CF-87B9-70EC803DA402} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Sleutel Verwijdert : HKCU\Software\Softonic Sleutel Verwijdert : HKLM\Software\AVG Secure Search Sleutel Verwijdert : HKLM\Software\AVG Security Toolbar Sleutel Verwijdert : HKLM\Software\Babylon Sleutel Verwijdert : HKLM\Software\BabylonToolbar Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escort.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Sleutel Verwijdert : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{471B163C-D832-47CF-87B9-70EC803DA402} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Conduit.Engine Sleutel Verwijdert : HKLM\SOFTWARE\Classes\delta.deltaappCore Sleutel Verwijdert : HKLM\SOFTWARE\Classes\delta.deltaappCore.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\delta.deltaHlpr Sleutel Verwijdert : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\escort.escortIEPane Sleutel Verwijdert : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\esrv.deltaESrvc Sleutel Verwijdert : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Prod.cap Sleutel Verwijdert : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Sleutel Verwijdert : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Sleutel Verwijdert : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT1060933 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2269050 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2801948 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Sleutel Verwijdert : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Sleutel Verwijdert : HKLM\Software\Conduit Sleutel Verwijdert : HKLM\Software\Delta Sleutel Verwijdert : HKLM\Software\DVDVideoSoftTB Sleutel Verwijdert : HKLM\SOFTWARE\e4dbd9b33def46 Sleutel Verwijdert : HKLM\Software\Freeze.com Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohd****efph Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E5C012B-8C80-4A74-8466-3A263F2C1AAD} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A09FC481-51F1-4F3E-B843-28EF9037F4D0} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar Sleutel Verwijdert : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Sleutel Verwijdert : HKLM\Software\SimplyGen Sleutel Verwijdert : HKLM\SOFTWARE\Software Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page] Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Waarde Verwijdert : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}] Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] Waarde Verwijdert : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}] Waarde Verwijdert : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [browsers] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Mozilla Firefox v19.0 (nl) File : C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\prefs.js C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\user.js ... Verwijdert ! Verwijdert : user_pref("CT1060933..clientLogIsEnabled", false); Verwijdert : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Verwijdert : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Verwijdert : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Verwijdert : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Verwijdert : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true); Verwijdert : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true); Verwijdert : user_pref("CT1060933.BrowserCompStateIsOpen_130040833450137909", true); Verwijdert : user_pref("CT1060933.CT1060933", "CT1060933"); Verwijdert : user_pref("CT1060933.CurrentServerDate", "4-3-2013"); Verwijdert : user_pref("CT1060933.DSInstall", false); Verwijdert : user_pref("CT1060933.DialogsAlignMode", "LTR"); Verwijdert : user_pref("CT1060933.DialogsGetterLastCheckTime", "Sun Mar 03 2013 12:59:27 GMT+0100"); Verwijdert : user_pref("CT1060933.DownloadReferralCookieData", ""); Verwijdert : user_pref("CT1060933.FirstServerDate", "22-2-2013"); Verwijdert : user_pref("CT1060933.FirstTime", true); Verwijdert : user_pref("CT1060933.FirstTimeFF3", true); Verwijdert : user_pref("CT1060933.FirstTimeHiddenVer", true); Verwijdert : user_pref("CT1060933.FixPageNotFoundErrors", true); Verwijdert : user_pref("CT1060933.GroupingServerCheckInterval", 1440); Verwijdert : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Verwijdert : user_pref("CT1060933.HPInstall", false); Verwijdert : user_pref("CT1060933.HasUserGlobalKeys", true); Verwijdert : user_pref("CT1060933.Initialize", true); Verwijdert : user_pref("CT1060933.InitializeCommonPrefs", true); Verwijdert : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3); Verwijdert : user_pref("CT1060933.InstallationType", "Unknown"); Verwijdert : user_pref("CT1060933.InstalledDate", "Thu Feb 21 2013 22:36:02 GMT+0100"); Verwijdert : user_pref("CT1060933.IsGrouping", false); Verwijdert : user_pref("CT1060933.IsInitSetupIni", true); Verwijdert : user_pref("CT1060933.IsMulticommunity", false); Verwijdert : user_pref("CT1060933.IsOpenThankYouPage", true); Verwijdert : user_pref("CT1060933.IsOpenUninstallPage", true); Verwijdert : user_pref("CT1060933.LanguagePackLastCheckTime", "Mon Mar 04 2013 16:46:42 GMT+0100"); Verwijdert : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440); Verwijdert : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Verwijdert : user_pref("CT1060933.LastLogin_3.18.0.7", "Mon Mar 04 2013 16:46:33 GMT+0100"); Verwijdert : user_pref("CT1060933.LatestVersion", "3.18.0.7"); Verwijdert : user_pref("CT1060933.Locale", "en-us"); Verwijdert : user_pref("CT1060933.MCDetectTooltipHeight", "83"); Verwijdert : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Verwijdert : user_pref("CT1060933.MCDetectTooltipWidth", "295"); Verwijdert : user_pref("CT1060933.MyStuffEnabledAtInstallation", true); Verwijdert : user_pref("CT1060933.OriginalFirstVersion", "3.18.0.7"); Verwijdert : user_pref("CT1060933.SearchCaption", "Freecorder Customized Web Search"); Verwijdert : user_pref("CT1060933.SearchFromAddressBarIsInit", true); Verwijdert : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...] Verwijdert : user_pref("CT1060933.SearchInNewTabEnabled", true); Verwijdert : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440); Verwijdert : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Mon Mar 04 2013 16:46:30 GMT+0100"); Verwijdert : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Verwijdert : user_pref("CT1060933.SearchInNewTabUserEnabled", false); Verwijdert : user_pref("CT1060933.SendProtectorDataViaLogin", true); Verwijdert : user_pref("CT1060933.ServiceMapLastCheckTime", "Mon Mar 04 2013 16:46:33 GMT+0100"); Verwijdert : user_pref("CT1060933.SettingsLastCheckTime", "Mon Mar 04 2013 16:46:29 GMT+0100"); Verwijdert : user_pref("CT1060933.SettingsLastUpdate", "1362402712"); Verwijdert : user_pref("CT1060933.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13"); Verwijdert : user_pref("CT1060933.ToolbarShrinkedFromSetup", false); Verwijdert : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933"); Verwijdert : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Verwijdert : user_pref("CT1060933.UserID", "UN17477964501498944"); Verwijdert : user_pref("CT1060933.alertChannelId", "15651"); Verwijdert : user_pref("CT1060933.components.1000515", false); Verwijdert : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Verwijdert : user_pref("CT1060933.homepageProtectorEnableByLogin", true); Verwijdert : user_pref("CT1060933.initDone", true); Verwijdert : user_pref("CT1060933.myStuffEnabled", true); Verwijdert : user_pref("CT1060933.myStuffPublihserMinWidth", 400); Verwijdert : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Verwijdert : user_pref("CT1060933.myStuffServiceIntervalMM", 1440); Verwijdert : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Verwijdert : user_pref("CT1060933.navigateToUrlOnSearch", false); Verwijdert : user_pref("CT1060933.revertSettingsEnabled", true); Verwijdert : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10); Verwijdert : user_pref("CT1060933.searchProtectorEnableByLogin", true); Verwijdert : user_pref("CT1060933.testingCtid", ""); Verwijdert : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Mon Mar 04 2013 16:46:42 GMT+0100"); Verwijdert : user_pref("CT2801948.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Verwijdert : user_pref("CT2801948.BrowserCompStateIsOpen_129799503686523541", true); Verwijdert : user_pref("CT2801948.BrowserCompStateIsOpen_129815072111847605", true); Verwijdert : user_pref("CT2801948.BrowserCompStateIsOpen_1359634298000", true); Verwijdert : user_pref("CT2801948.DSInstall", false); Verwijdert : user_pref("CT2801948.DialogsAlignMode", "LTR"); Verwijdert : user_pref("CT2801948.DialogsGetterLastCheckTime", "Sun Mar 03 2013 13:00:37 GMT+0100"); Verwijdert : user_pref("CT2801948.FirstTimeFF3", true); Verwijdert : user_pref("CT2801948.HPInstall", false); Verwijdert : user_pref("CT2801948.HasUserGlobalKeys", true); Verwijdert : user_pref("CT2801948.Initialize", true); Verwijdert : user_pref("CT2801948.InitializeCommonPrefs", true); Verwijdert : user_pref("CT2801948.InstalledDate", "Sun Mar 03 2013 13:00:37 GMT+0100"); Verwijdert : user_pref("CT2801948.IsGrouping", false); Verwijdert : user_pref("CT2801948.IsInitSetupIni", true); Verwijdert : user_pref("CT2801948.IsMulticommunity", false); Verwijdert : user_pref("CT2801948.IsOpenThankYouPage", true); Verwijdert : user_pref("CT2801948.IsOpenUninstallPage", true); Verwijdert : user_pref("CT2801948.LanguagePackLastCheckTime", "Sun Mar 03 2013 13:00:37 GMT+0100"); Verwijdert : user_pref("CT2801948.Locale", "en-us"); Verwijdert : user_pref("CT2801948.MCDetectTooltipHeight", "83"); Verwijdert : user_pref("CT2801948.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Verwijdert : user_pref("CT2801948.MCDetectTooltipWidth", "295"); Verwijdert : user_pref("CT2801948.MyStuffEnabledAtInstallation", true); Verwijdert : user_pref("CT2801948.SearchCaption", "NCH EN Customized Web Search"); Verwijdert : user_pref("CT2801948.SearchFromAddressBarIsInit", true); Verwijdert : user_pref("CT2801948.SendProtectorDataViaLogin", true); Verwijdert : user_pref("CT2801948.ServiceMapLastCheckTime", "Sun Mar 03 2013 13:00:35 GMT+0100"); Verwijdert : user_pref("CT2801948.SettingsLastCheckTime", "Sun Mar 03 2013 12:59:21 GMT+0100"); Verwijdert : user_pref("CT2801948.SettingsLastUpdate", "1362299151"); Verwijdert : user_pref("CT2801948.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13"); Verwijdert : user_pref("CT2801948.ToolbarShrinkedFromSetup", false); Verwijdert : user_pref("CT2801948.alertChannelId", "1194029"); Verwijdert : user_pref("CT2801948.initDone", true); Verwijdert : user_pref("CT2801948.navigateToUrlOnSearch", false); Verwijdert : user_pref("CT2801948.revertSettingsEnabled", true); Verwijdert : user_pref("CT2801948.testingCtid", ""); Verwijdert : user_pref("CT2801948.toolbarAppMetaDataLastCheckTime", "Sun Mar 03 2013 13:00:37 GMT+0100"); Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2801948/CT2801948[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801948", [...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801948",[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...] Verwijdert : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); Verwijdert : user_pref("CommunityToolbar.ToolbarsList", "CT1060933,CT2801948"); Verwijdert : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933"); Verwijdert : user_pref("CommunityToolbar.ToolbarsList4", "CT1060933,CT2801948"); Verwijdert : user_pref("CommunityToolbar.globalUserId", "94750285-a2df-483f-83bc-9c9ea32be5ba"); Verwijdert : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties"); Verwijdert : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...] Verwijdert : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.2.0.1"); Verwijdert : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119776&babsrc=NT_ss&mntrId=e2507[...] Verwijdert : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Verwijdert : user_pref("extensions.BabylonToolbar_i.babExt", ""); Verwijdert : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100482"); Verwijdert : user_pref("extensions.BabylonToolbar_i.hardId", "e25071370000000000000017c473aeca"); Verwijdert : user_pref("extensions.BabylonToolbar_i.id", "e25071370000000000000017c473aeca"); Verwijdert : user_pref("extensions.BabylonToolbar_i.instlDay", "15361"); Verwijdert : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Verwijdert : user_pref("extensions.BabylonToolbar_i.newTab", true); Verwijdert : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119776&babsrc[...] Verwijdert : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Verwijdert : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Verwijdert : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Verwijdert : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Verwijdert : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); Verwijdert : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Verwijdert : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:50:15"); Verwijdert : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Verwijdert : user_pref("extensions.delta.admin", false); Verwijdert : user_pref("extensions.delta.aflt", "babsst"); Verwijdert : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Verwijdert : user_pref("extensions.delta.autoRvrt", "false"); Verwijdert : user_pref("extensions.delta.bbDpng", "4"); Verwijdert : user_pref("extensions.delta.cntry", "NL"); Verwijdert : user_pref("extensions.delta.dfltLng", "en"); Verwijdert : user_pref("extensions.delta.excTlbr", false); Verwijdert : user_pref("extensions.delta.hdrMd5", "72904866E6BF7A38B145D8CB3AFAE0E0"); Verwijdert : user_pref("extensions.delta.id", "e25071370000000000000017c473aeca"); Verwijdert : user_pref("extensions.delta.instlDay", "15767"); Verwijdert : user_pref("extensions.delta.instlRef", "sst"); Verwijdert : user_pref("extensions.delta.lastVrsnTs", "1.8.10.012:59:39"); Verwijdert : user_pref("extensions.delta.newTab", false); Verwijdert : user_pref("extensions.delta.prdct", "delta"); Verwijdert : user_pref("extensions.delta.prtnrId", "delta"); Verwijdert : user_pref("extensions.delta.rvrt", "false"); Verwijdert : user_pref("extensions.delta.sg", "tzb"); Verwijdert : user_pref("extensions.delta.smplGrp", "tzb"); Verwijdert : user_pref("extensions.delta.tlbrId", "base"); Verwijdert : user_pref("extensions.delta.tlbrSrchUrl", ""); Verwijdert : user_pref("extensions.delta.vrsn", "1.8.10.0"); Verwijdert : user_pref("extensions.delta.vrsnTs", "1.8.10.012:59:39"); Verwijdert : user_pref("extensions.delta.vrsni", "1.8.10.0"); ************************* AdwCleaner[s1].txt - [30119 octets] - [05/03/2013 11:08:02] ########## EOF - C:\AdwCleaner[s1].txt - [30180 octets] ##########

Goedemorgen, hier volgt ´t report: 09:59:20.0138 5412 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 09:59:20.0350 5412 ============================================================ 09:59:20.0351 5412 Current date / time: 2013/03/05 09:59:20.0350 09:59:20.0351 5412 SystemInfo: 09:59:20.0351 5412 09:59:20.0351 5412 OS Version: 6.0.6002 ServicePack: 2.0 09:59:20.0351 5412 Product type: Workstation 09:59:20.0351 5412 ComputerName: PC_VAN_PATRICK 09:59:20.0351 5412 UserName: Patrick 09:59:20.0351 5412 Windows directory: C:\Windows 09:59:20.0351 5412 System windows directory: C:\Windows 09:59:20.0351 5412 Processor architecture: Intel x86 09:59:20.0351 5412 Number of processors: 2 09:59:20.0351 5412 Page size: 0x1000 09:59:20.0351 5412 Boot type: Normal boot 09:59:20.0351 5412 ============================================================ 09:59:21.0846 5412 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 09:59:21.0850 5412 Drive \Device\Harddisk1\DR3 - Size: 0xF4FFE00 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 09:59:21.0851 5412 ============================================================ 09:59:21.0851 5412 \Device\Harddisk0\DR0: 09:59:21.0851 5412 MBR partitions: 09:59:21.0852 5412 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x38985000 09:59:21.0852 5412 \Device\Harddisk1\DR3: 09:59:21.0853 5412 MBR partitions: 09:59:21.0853 5412 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x6, StartLBA 0x63, BlocksNum 0x7A59D 09:59:21.0853 5412 ============================================================ 09:59:21.0885 5412 C: <-> \Device\Harddisk0\DR0\Partition1 09:59:21.0885 5412 ============================================================ 09:59:21.0886 5412 Initialize success 09:59:21.0886 5412 ============================================================ 09:59:52.0251 5372 ============================================================ 09:59:52.0251 5372 Scan started 09:59:52.0251 5372 Mode: Manual; 09:59:52.0251 5372 ============================================================ 09:59:53.0313 5372 ================ Scan system memory ======================== 09:59:53.0313 5372 System memory - ok 09:59:53.0314 5372 ================ Scan services ============================= 09:59:53.0499 5372 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 09:59:53.0505 5372 ACPI - ok 09:59:53.0610 5372 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 09:59:53.0612 5372 AdobeARMservice - ok 09:59:53.0689 5372 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 09:59:53.0693 5372 AdobeFlashPlayerUpdateSvc - ok 09:59:53.0742 5372 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 09:59:53.0764 5372 adp94xx - ok 09:59:53.0812 5372 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 09:59:53.0817 5372 adpahci - ok 09:59:53.0843 5372 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 09:59:53.0845 5372 adpu160m - ok 09:59:53.0867 5372 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 09:59:53.0872 5372 adpu320 - ok 09:59:53.0900 5372 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 09:59:53.0902 5372 AeLookupSvc - ok 09:59:53.0939 5372 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 09:59:53.0944 5372 AFD - ok 09:59:53.0978 5372 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 09:59:53.0980 5372 agp440 - ok 09:59:54.0011 5372 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 09:59:54.0013 5372 aic78xx - ok 09:59:54.0044 5372 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 09:59:54.0045 5372 ALG - ok 09:59:54.0059 5372 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 09:59:54.0060 5372 aliide - ok 09:59:54.0077 5372 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 09:59:54.0081 5372 amdagp - ok 09:59:54.0100 5372 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 09:59:54.0102 5372 amdide - ok 09:59:54.0119 5372 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 09:59:54.0121 5372 AmdK7 - ok 09:59:54.0139 5372 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 09:59:54.0154 5372 AmdK8 - ok 09:59:54.0300 5372 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 09:59:54.0302 5372 Appinfo - ok 09:59:54.0503 5372 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 09:59:54.0505 5372 Apple Mobile Device - ok 09:59:54.0544 5372 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 09:59:54.0546 5372 arc - ok 09:59:54.0588 5372 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 09:59:54.0591 5372 arcsas - ok 09:59:54.0620 5372 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 09:59:54.0621 5372 AsyncMac - ok 09:59:54.0682 5372 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 09:59:54.0683 5372 atapi - ok 09:59:54.0741 5372 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 09:59:54.0747 5372 AudioEndpointBuilder - ok 09:59:54.0764 5372 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 09:59:54.0767 5372 Audiosrv - ok 09:59:54.0937 5372 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe 09:59:54.0941 5372 AVG Security Toolbar Service - ok 09:59:55.0147 5372 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe 09:59:55.0313 5372 AVGIDSAgent - ok 09:59:55.0366 5372 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys 09:59:55.0370 5372 AVGIDSDriver - ok 09:59:55.0418 5372 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys 09:59:55.0419 5372 AVGIDSHX - ok 09:59:55.0470 5372 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys 09:59:55.0471 5372 AVGIDSShim - ok 09:59:55.0520 5372 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys 09:59:55.0524 5372 Avgldx86 - ok 09:59:55.0576 5372 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys 09:59:55.0580 5372 Avglogx - ok 09:59:55.0611 5372 [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys 09:59:55.0614 5372 Avgmfx86 - ok 09:59:55.0626 5372 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys 09:59:55.0629 5372 Avgrkx86 - ok 09:59:55.0643 5372 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys 09:59:55.0647 5372 Avgtdix - ok 09:59:55.0709 5372 [ CAE7B6E4D7EB17829C526153D19B9C95 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys 09:59:55.0711 5372 avgtp - ok 09:59:55.0761 5372 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe 09:59:55.0765 5372 avgwd - ok 09:59:55.0808 5372 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 09:59:55.0809 5372 Beep - ok 09:59:55.0876 5372 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 09:59:55.0883 5372 BFE - ok 09:59:55.0980 5372 [ 76154FA6A742C613B44BB636B1A7C057 ] BHDrvx86 C:\Windows\System32\Drivers\NIS\1008030.006\BHDrvx86.sys 09:59:55.0985 5372 BHDrvx86 - ok 09:59:56.0053 5372 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll 09:59:56.0075 5372 BITS - ok 09:59:56.0104 5372 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 09:59:56.0107 5372 blbdrive - ok 09:59:56.0223 5372 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 09:59:56.0245 5372 Bonjour Service - ok 09:59:56.0301 5372 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 09:59:56.0304 5372 bowser - ok 09:59:56.0332 5372 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 09:59:56.0334 5372 BrFiltLo - ok 09:59:56.0351 5372 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 09:59:56.0353 5372 BrFiltUp - ok 09:59:56.0388 5372 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 09:59:56.0391 5372 Browser - ok 09:59:56.0418 5372 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 09:59:56.0421 5372 Brserid - ok 09:59:56.0446 5372 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 09:59:56.0449 5372 BrSerWdm - ok 09:59:56.0477 5372 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 09:59:56.0479 5372 BrUsbMdm - ok 09:59:56.0494 5372 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 09:59:56.0496 5372 BrUsbSer - ok 09:59:56.0531 5372 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 09:59:56.0533 5372 BTHMODEM - ok 09:59:56.0610 5372 catchme - ok 09:59:56.0670 5372 [ 3182B846490DC4D71FABD4A8CB6B73EA ] ccHP C:\Windows\System32\Drivers\NIS\1008030.006\ccHPx86.sys 09:59:56.0692 5372 ccHP - ok 09:59:56.0713 5372 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 09:59:56.0716 5372 cdfs - ok 09:59:56.0774 5372 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 09:59:56.0777 5372 cdrom - ok 09:59:56.0836 5372 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 09:59:56.0837 5372 CertPropSvc - ok 09:59:56.0862 5372 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 09:59:56.0864 5372 circlass - ok 09:59:56.0914 5372 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 09:59:56.0921 5372 CLFS - ok 09:59:56.0991 5372 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 09:59:56.0995 5372 clr_optimization_v2.0.50727_32 - ok 09:59:57.0123 5372 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 09:59:57.0165 5372 clr_optimization_v4.0.30319_32 - ok 09:59:57.0214 5372 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 09:59:57.0216 5372 CmBatt - ok 09:59:57.0235 5372 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 09:59:57.0238 5372 cmdide - ok 09:59:57.0246 5372 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 09:59:57.0249 5372 Compbatt - ok 09:59:57.0255 5372 COMSysApp - ok 09:59:57.0267 5372 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 09:59:57.0270 5372 crcdisk - ok 09:59:57.0289 5372 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 09:59:57.0292 5372 Crusoe - ok 09:59:57.0369 5372 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 09:59:57.0372 5372 CryptSvc - ok 09:59:57.0446 5372 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 09:59:57.0469 5372 DcomLaunch - ok 09:59:57.0503 5372 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 09:59:57.0506 5372 DfsC - ok 09:59:57.0599 5372 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 09:59:57.0665 5372 DFSR - ok 09:59:57.0747 5372 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 09:59:57.0751 5372 Dhcp - ok 09:59:57.0815 5372 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 09:59:57.0817 5372 disk - ok 09:59:57.0877 5372 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 09:59:57.0881 5372 Dnscache - ok 09:59:57.0938 5372 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 09:59:57.0942 5372 dot3svc - ok 09:59:57.0981 5372 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 09:59:57.0985 5372 DPS - ok 09:59:58.0034 5372 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 09:59:58.0037 5372 drmkaud - ok 09:59:58.0118 5372 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 09:59:58.0141 5372 DXGKrnl - ok 09:59:58.0172 5372 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 09:59:58.0176 5372 E1G60 - ok 09:59:58.0200 5372 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 09:59:58.0202 5372 EapHost - ok 09:59:58.0270 5372 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 09:59:58.0276 5372 Ecache - ok 09:59:58.0322 5372 [ 96BCD90ED9235A21629EFFDE5E941FB1 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 09:59:58.0331 5372 eeCtrl - ok 09:59:58.0371 5372 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 09:59:58.0377 5372 ehRecvr - ok 09:59:58.0398 5372 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 09:59:58.0401 5372 ehSched - ok 09:59:58.0422 5372 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 09:59:58.0423 5372 ehstart - ok 09:59:58.0470 5372 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 09:59:58.0479 5372 elxstor - ok 09:59:58.0545 5372 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 09:59:58.0567 5372 EMDMgmt - ok 09:59:58.0620 5372 [ 392C86F6B45C0BC696C32C27F51E749F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 09:59:58.0624 5372 EraserUtilRebootDrv - ok 09:59:58.0657 5372 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 09:59:58.0659 5372 ErrDev - ok 09:59:58.0724 5372 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 09:59:58.0729 5372 EventSystem - ok 09:59:58.0790 5372 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 09:59:58.0793 5372 exfat - ok 09:59:58.0825 5372 [ 42F721C52EEF2D6DF9372A53813A83EF ] ezSharedSvc C:\Windows\System32\ezsvc7.dll 09:59:58.0828 5372 ezSharedSvc - ok 09:59:58.0882 5372 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 09:59:58.0886 5372 fastfat - ok 09:59:58.0927 5372 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 09:59:58.0929 5372 fdc - ok 09:59:58.0960 5372 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 09:59:58.0961 5372 fdPHost - ok 09:59:58.0974 5372 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 09:59:58.0975 5372 FDResPub - ok 09:59:58.0990 5372 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 09:59:58.0992 5372 FileInfo - ok 09:59:59.0021 5372 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 09:59:59.0024 5372 Filetrace - ok 09:59:59.0089 5372 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 09:59:59.0109 5372 FLEXnet Licensing Service - ok 09:59:59.0135 5372 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 09:59:59.0137 5372 flpydisk - ok 09:59:59.0192 5372 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 09:59:59.0199 5372 FltMgr - ok 09:59:59.0313 5372 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 09:59:59.0338 5372 FontCache - ok 09:59:59.0401 5372 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 09:59:59.0403 5372 FontCache3.0.0.0 - ok 09:59:59.0461 5372 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 09:59:59.0465 5372 Fs_Rec - ok 09:59:59.0507 5372 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 09:59:59.0510 5372 gagp30kx - ok 09:59:59.0534 5372 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 09:59:59.0536 5372 GEARAspiWDM - ok 09:59:59.0630 5372 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 09:59:59.0634 5372 GoogleDesktopManager-051210-111108 - ok 09:59:59.0707 5372 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 09:59:59.0729 5372 gpsvc - ok 09:59:59.0797 5372 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 09:59:59.0800 5372 gupdate - ok 09:59:59.0805 5372 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 09:59:59.0809 5372 gupdatem - ok 09:59:59.0847 5372 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 09:59:59.0851 5372 gusvc - ok 09:59:59.0918 5372 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 09:59:59.0923 5372 HdAudAddService - ok 09:59:59.0980 5372 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 10:00:00.0002 5372 HDAudBus - ok 10:00:00.0022 5372 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 10:00:00.0024 5372 HidBth - ok 10:00:00.0045 5372 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 10:00:00.0047 5372 HidIr - ok 10:00:00.0092 5372 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll 10:00:00.0094 5372 hidserv - ok 10:00:00.0155 5372 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 10:00:00.0157 5372 HidUsb - ok 10:00:00.0186 5372 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 10:00:00.0190 5372 hkmsvc - ok 10:00:00.0219 5372 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 10:00:00.0221 5372 HpCISSs - ok 10:00:00.0282 5372 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 10:00:00.0305 5372 HTTP - ok 10:00:00.0325 5372 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 10:00:00.0328 5372 i2omp - ok 10:00:00.0367 5372 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 10:00:00.0370 5372 i8042prt - ok 10:00:00.0410 5372 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 10:00:00.0416 5372 iaStorV - ok 10:00:00.0501 5372 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 10:00:00.0535 5372 idsvc - ok 10:00:00.0622 5372 [ 785B0AB77D977445D58B02EA63C11FB2 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20091028.004\IDSvix86.sys 10:00:00.0625 5372 IDSVix86 - ok 10:00:00.0716 5372 [ 0627FC0C422CD6E0F23E1B0D1D9F0899 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 10:00:00.0806 5372 igfx - ok 10:00:00.0834 5372 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 10:00:00.0836 5372 iirsp - ok 10:00:00.0892 5372 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 10:00:00.0914 5372 IKEEXT - ok 10:00:01.0008 5372 [ 9B89F2E3D705651DEC1F01033B9D6B24 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 10:00:01.0064 5372 IntcAzAudAddService - ok 10:00:01.0079 5372 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 10:00:01.0081 5372 intelide - ok 10:00:01.0104 5372 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 10:00:01.0105 5372 intelppm - ok 10:00:01.0138 5372 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 10:00:01.0141 5372 IPBusEnum - ok 10:00:01.0161 5372 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 10:00:01.0164 5372 IpFilterDriver - ok 10:00:01.0211 5372 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 10:00:01.0217 5372 iphlpsvc - ok 10:00:01.0224 5372 IpInIp - ok 10:00:01.0241 5372 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 10:00:01.0244 5372 IPMIDRV - ok 10:00:01.0263 5372 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 10:00:01.0267 5372 IPNAT - ok 10:00:01.0359 5372 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 10:00:01.0376 5372 iPod Service - ok 10:00:01.0401 5372 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 10:00:01.0404 5372 IRENUM - ok 10:00:01.0433 5372 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 10:00:01.0435 5372 isapnp - ok 10:00:01.0551 5372 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 10:00:01.0578 5372 iScsiPrt - ok 10:00:01.0606 5372 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 10:00:01.0620 5372 iteatapi - ok 10:00:01.0688 5372 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 10:00:01.0691 5372 iteraid - ok 10:00:01.0713 5372 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 10:00:01.0716 5372 kbdclass - ok 10:00:01.0727 5372 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 10:00:01.0730 5372 kbdhid - ok 10:00:01.0787 5372 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 10:00:01.0790 5372 KeyIso - ok 10:00:01.0826 5372 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 10:00:01.0847 5372 KSecDD - ok 10:00:01.0909 5372 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 10:00:01.0931 5372 KtmRm - ok 10:00:01.0983 5372 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll 10:00:01.0988 5372 LanmanServer - ok 10:00:02.0038 5372 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 10:00:02.0044 5372 LanmanWorkstation - ok 10:00:02.0083 5372 Lavasoft Kernexplorer - ok 10:00:02.0115 5372 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 10:00:02.0118 5372 lltdio - ok 10:00:02.0153 5372 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 10:00:02.0159 5372 lltdsvc - ok 10:00:02.0190 5372 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 10:00:02.0193 5372 lmhosts - ok 10:00:02.0219 5372 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 10:00:02.0223 5372 LSI_FC - ok 10:00:02.0238 5372 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 10:00:02.0242 5372 LSI_SAS - ok 10:00:02.0266 5372 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 10:00:02.0270 5372 LSI_SCSI - ok 10:00:02.0293 5372 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 10:00:02.0296 5372 luafv - ok 10:00:02.0323 5372 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 10:00:02.0327 5372 Mcx2Svc - ok 10:00:02.0343 5372 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 10:00:02.0345 5372 megasas - ok 10:00:02.0374 5372 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 10:00:02.0382 5372 MegaSR - ok 10:00:02.0405 5372 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 10:00:02.0409 5372 MMCSS - ok 10:00:02.0440 5372 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 10:00:02.0442 5372 Modem - ok 10:00:02.0464 5372 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 10:00:02.0466 5372 monitor - ok 10:00:02.0481 5372 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 10:00:02.0483 5372 mouclass - ok 10:00:02.0504 5372 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 10:00:02.0507 5372 mouhid - ok 10:00:02.0514 5372 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 10:00:02.0517 5372 MountMgr - ok 10:00:02.0602 5372 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 10:00:02.0606 5372 MozillaMaintenance - ok 10:00:02.0649 5372 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 10:00:02.0652 5372 mpio - ok 10:00:02.0689 5372 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 10:00:02.0691 5372 mpsdrv - ok 10:00:02.0750 5372 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 10:00:02.0773 5372 MpsSvc - ok 10:00:02.0822 5372 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 10:00:02.0824 5372 Mraid35x - ok 10:00:02.0870 5372 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 10:00:02.0873 5372 MRxDAV - ok 10:00:02.0906 5372 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 10:00:02.0909 5372 mrxsmb - ok 10:00:02.0974 5372 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 10:00:02.0979 5372 mrxsmb10 - ok 10:00:02.0994 5372 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 10:00:02.0997 5372 mrxsmb20 - ok 10:00:03.0015 5372 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys 10:00:03.0018 5372 msahci - ok 10:00:03.0036 5372 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 10:00:03.0039 5372 msdsm - ok 10:00:03.0062 5372 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 10:00:03.0067 5372 MSDTC - ok 10:00:03.0098 5372 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 10:00:03.0100 5372 Msfs - ok 10:00:03.0127 5372 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 10:00:03.0129 5372 msisadrv - ok 10:00:03.0158 5372 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 10:00:03.0163 5372 MSiSCSI - ok 10:00:03.0182 5372 msiserver - ok 10:00:03.0198 5372 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 10:00:03.0201 5372 MSKSSRV - ok 10:00:03.0225 5372 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 10:00:03.0227 5372 MSPCLOCK - ok 10:00:03.0245 5372 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 10:00:03.0248 5372 MSPQM - ok 10:00:03.0298 5372 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 10:00:03.0302 5372 MsRPC - ok 10:00:03.0316 5372 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 10:00:03.0317 5372 mssmbios - ok 10:00:03.0335 5372 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 10:00:03.0338 5372 MSTEE - ok 10:00:03.0391 5372 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 10:00:03.0393 5372 Mup - ok 10:00:03.0446 5372 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 10:00:03.0455 5372 napagent - ok 10:00:03.0505 5372 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 10:00:03.0510 5372 NativeWifiP - ok 10:00:03.0571 5372 NAVENG - ok 10:00:03.0577 5372 NAVEX15 - ok 10:00:03.0655 5372 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 10:00:03.0677 5372 NDIS - ok 10:00:03.0709 5372 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 10:00:03.0711 5372 NdisTapi - ok 10:00:03.0729 5372 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 10:00:03.0732 5372 Ndisuio - ok 10:00:03.0784 5372 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 10:00:03.0787 5372 NdisWan - ok 10:00:03.0806 5372 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 10:00:03.0809 5372 NDProxy - ok 10:00:03.0909 5372 [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 10:00:03.0931 5372 Nero BackItUp Scheduler 3 - ok 10:00:03.0945 5372 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 10:00:03.0947 5372 NetBIOS - ok 10:00:04.0006 5372 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 10:00:04.0010 5372 netbt - ok 10:00:04.0020 5372 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 10:00:04.0022 5372 Netlogon - ok 10:00:04.0045 5372 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 10:00:04.0052 5372 Netman - ok 10:00:04.0070 5372 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 10:00:04.0075 5372 netprofm - ok 10:00:04.0112 5372 [ EBBD48D3F4361773B812CA67A9CFC69B ] netr28 C:\Windows\system32\DRIVERS\netr28.sys 10:00:04.0133 5372 netr28 - ok 10:00:04.0184 5372 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 10:00:04.0187 5372 NetTcpPortSharing - ok 10:00:04.0494 5372 [ E559EA9138C77B5D1FDA8C558764A25F ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys 10:00:04.0638 5372 NETw5v32 - ok 10:00:04.0674 5372 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 10:00:04.0676 5372 nfrd960 - ok 10:00:04.0700 5372 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 10:00:04.0705 5372 NlaSvc - ok 10:00:04.0778 5372 [ CD4326BC339F98DE21AA07B208A305AE ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe 10:00:04.0800 5372 NMIndexingService - ok 10:00:04.0834 5372 [ CFE3462A9E94A57DCD9676F6B7FE7F67 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys 10:00:04.0836 5372 nmwcd - ok 10:00:04.0883 5372 [ 8F2A94F991F8C73CEC26B4B5620D1EDC ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys 10:00:04.0884 5372 nmwcdc - ok 10:00:04.0957 5372 [ 99145C5D4B6C4D6F5CE83EE6ABFFE294 ] nmwcdnsu C:\Windows\system32\drivers\nmwcdnsu.sys 10:00:04.0961 5372 nmwcdnsu - ok 10:00:05.0016 5372 [ FAEE7B61C6885B091CEC1FF06DA2E1AB ] nmwcdnsuc C:\Windows\system32\drivers\nmwcdnsuc.sys 10:00:05.0019 5372 nmwcdnsuc - ok 10:00:05.0108 5372 [ 64C89DB40949FD0E7C8FF303676A91F1 ] Norton Internet Security C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe 10:00:05.0111 5372 Norton Internet Security - ok 10:00:05.0158 5372 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 10:00:05.0160 5372 Npfs - ok 10:00:05.0191 5372 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 10:00:05.0195 5372 nsi - ok 10:00:05.0218 5372 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 10:00:05.0220 5372 nsiproxy - ok 10:00:05.0297 5372 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 10:00:05.0331 5372 Ntfs - ok 10:00:05.0352 5372 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 10:00:05.0355 5372 ntrigdigi - ok 10:00:05.0362 5372 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 10:00:05.0365 5372 Null - ok 10:00:05.0379 5372 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 10:00:05.0382 5372 nvraid - ok 10:00:05.0396 5372 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 10:00:05.0399 5372 nvstor - ok 10:00:05.0436 5372 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 10:00:05.0440 5372 nv_agp - ok 10:00:05.0447 5372 NwlnkFlt - ok 10:00:05.0459 5372 NwlnkFwd - ok 10:00:05.0508 5372 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 10:00:05.0529 5372 odserv - ok 10:00:05.0565 5372 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 10:00:05.0568 5372 ohci1394 - ok 10:00:05.0594 5372 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 10:00:05.0598 5372 ose - ok 10:00:05.0662 5372 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 10:00:05.0684 5372 p2pimsvc - ok 10:00:05.0702 5372 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 10:00:05.0711 5372 p2psvc - ok 10:00:05.0729 5372 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 10:00:05.0733 5372 Parport - ok 10:00:05.0784 5372 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 10:00:05.0787 5372 partmgr - ok 10:00:05.0806 5372 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 10:00:05.0809 5372 Parvdm - ok 10:00:05.0836 5372 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 10:00:05.0840 5372 PcaSvc - ok 10:00:05.0914 5372 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys 10:00:05.0916 5372 pccsmcfd - ok 10:00:05.0976 5372 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 10:00:05.0981 5372 pci - ok 10:00:06.0009 5372 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys 10:00:06.0011 5372 pciide - ok 10:00:06.0035 5372 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 10:00:06.0040 5372 pcmcia - ok 10:00:06.0090 5372 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 10:00:06.0113 5372 PEAUTH - ok 10:00:06.0195 5372 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 10:00:06.0240 5372 pla - ok 10:00:06.0270 5372 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe 10:00:06.0273 5372 PLFlash DeviceIoControl Service - ok 10:00:06.0326 5372 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 10:00:06.0333 5372 PlugPlay - ok 10:00:06.0362 5372 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 10:00:06.0371 5372 PNRPAutoReg - ok 10:00:06.0396 5372 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 10:00:06.0405 5372 PNRPsvc - ok 10:00:06.0467 5372 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 10:00:06.0489 5372 PolicyAgent - ok 10:00:06.0523 5372 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 10:00:06.0526 5372 PptpMiniport - ok 10:00:06.0539 5372 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 10:00:06.0542 5372 Processor - ok 10:00:06.0588 5372 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 10:00:06.0593 5372 ProfSvc - ok 10:00:06.0654 5372 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 10:00:06.0656 5372 ProtectedStorage - ok 10:00:06.0700 5372 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 10:00:06.0702 5372 PSched - ok 10:00:06.0723 5372 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys 10:00:06.0725 5372 PxHelp20 - ok 10:00:06.0786 5372 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 10:00:06.0820 5372 ql2300 - ok 10:00:06.0848 5372 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 10:00:06.0852 5372 ql40xx - ok 10:00:06.0885 5372 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 10:00:06.0892 5372 QWAVE - ok 10:00:06.0904 5372 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 10:00:06.0906 5372 QWAVEdrv - ok 10:00:06.0916 5372 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 10:00:06.0918 5372 RasAcd - ok 10:00:06.0943 5372 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 10:00:06.0948 5372 RasAuto - ok 10:00:06.0973 5372 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 10:00:06.0976 5372 Rasl2tp - ok 10:00:07.0023 5372 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 10:00:07.0031 5372 RasMan - ok 10:00:07.0080 5372 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 10:00:07.0083 5372 RasPppoe - ok 10:00:07.0135 5372 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 10:00:07.0138 5372 RasSstp - ok 10:00:07.0186 5372 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 10:00:07.0191 5372 rdbss - ok 10:00:07.0215 5372 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 10:00:07.0217 5372 RDPCDD - ok 10:00:07.0262 5372 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 10:00:07.0268 5372 rdpdr - ok 10:00:07.0275 5372 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 10:00:07.0279 5372 RDPENCDD - ok 10:00:07.0336 5372 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 10:00:07.0341 5372 RDPWD - ok 10:00:07.0385 5372 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 10:00:07.0389 5372 RemoteAccess - ok 10:00:07.0445 5372 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 10:00:07.0450 5372 RemoteRegistry - ok 10:00:07.0482 5372 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 10:00:07.0485 5372 RpcLocator - ok 10:00:07.0514 5372 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 10:00:07.0523 5372 RpcSs - ok 10:00:07.0567 5372 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 10:00:07.0569 5372 rspndr - ok 10:00:07.0606 5372 [ 174B9514CD1A0C33CE4BBC02A3C81A62 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys 10:00:07.0630 5372 RTL8169 - ok 10:00:07.0666 5372 [ 01C64783DB1F40E1E3DF67DD36199B35 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS 10:00:07.0668 5372 RTSTOR - ok 10:00:07.0676 5372 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 10:00:07.0678 5372 SamSs - ok 10:00:07.0721 5372 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 10:00:07.0724 5372 sbp2port - ok 10:00:07.0777 5372 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 10:00:07.0782 5372 SCardSvr - ok 10:00:07.0849 5372 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 10:00:07.0872 5372 Schedule - ok 10:00:07.0924 5372 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 10:00:07.0925 5372 SCPolicySvc - ok 10:00:07.0946 5372 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 10:00:07.0951 5372 SDRSVC - ok 10:00:07.0966 5372 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 10:00:07.0968 5372 secdrv - ok 10:00:07.0984 5372 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 10:00:07.0988 5372 seclogon - ok 10:00:08.0004 5372 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll 10:00:08.0009 5372 SENS - ok 10:00:08.0022 5372 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 10:00:08.0025 5372 Serenum - ok 10:00:08.0042 5372 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 10:00:08.0046 5372 Serial - ok 10:00:08.0066 5372 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 10:00:08.0069 5372 sermouse - ok 10:00:08.0165 5372 [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 10:00:08.0188 5372 ServiceLayer - ok 10:00:08.0222 5372 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 10:00:08.0226 5372 SessionEnv - ok 10:00:08.0247 5372 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 10:00:08.0249 5372 sffdisk - ok 10:00:08.0265 5372 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 10:00:08.0267 5372 sffp_mmc - ok 10:00:08.0289 5372 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 10:00:08.0291 5372 sffp_sd - ok 10:00:08.0307 5372 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 10:00:08.0310 5372 sfloppy - ok 10:00:08.0341 5372 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 10:00:08.0348 5372 SharedAccess - ok 10:00:08.0417 5372 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 10:00:08.0425 5372 ShellHWDetection - ok 10:00:08.0444 5372 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 10:00:08.0447 5372 sisagp - ok 10:00:08.0464 5372 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 10:00:08.0467 5372 SiSRaid2 - ok 10:00:08.0485 5372 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 10:00:08.0489 5372 SiSRaid4 - ok 10:00:08.0621 5372 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 10:00:08.0706 5372 slsvc - ok 10:00:08.0762 5372 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 10:00:08.0765 5372 SLUINotify - ok 10:00:08.0808 5372 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 10:00:08.0810 5372 Smb - ok 10:00:08.0851 5372 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 10:00:08.0854 5372 SNMPTRAP - ok 10:00:08.0902 5372 [ 3BB48F7E33C2B76184DDF233000C09CD ] Sony SCSI Helper Service C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe 10:00:08.0905 5372 Sony SCSI Helper Service - ok 10:00:08.0943 5372 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 10:00:08.0945 5372 spldr - ok 10:00:08.0996 5372 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 10:00:09.0001 5372 Spooler - ok 10:00:09.0078 5372 [ E81F6CAEAB9AD5732E94C07C97866AA2 ] SRTSP C:\Windows\System32\Drivers\NIS\1008030.006\SRTSP.SYS 10:00:09.0084 5372 SRTSP - ok 10:00:09.0128 5372 [ E28DE499D942B08058BFFAC69D4122B6 ] SRTSPX C:\Windows\system32\drivers\NIS\1008030.006\SRTSPX.SYS 10:00:09.0130 5372 SRTSPX - ok 10:00:09.0201 5372 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 10:00:09.0207 5372 srv - ok 10:00:09.0270 5372 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 10:00:09.0274 5372 srv2 - ok 10:00:09.0332 5372 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 10:00:09.0335 5372 srvnet - ok 10:00:09.0360 5372 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 10:00:09.0365 5372 SSDPSRV - ok 10:00:09.0390 5372 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 10:00:09.0395 5372 SstpSvc - ok 10:00:09.0460 5372 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 10:00:09.0482 5372 stisvc - ok 10:00:09.0513 5372 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 10:00:09.0540 5372 swenum - ok 10:00:09.0592 5372 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 10:00:09.0598 5372 swprv - ok 10:00:09.0615 5372 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 10:00:09.0616 5372 Symc8xx - ok 10:00:09.0624 5372 SYMDNS - ok 10:00:09.0666 5372 [ D0885F6E24259A6C65E68D6AD749910A ] SymEFA C:\Windows\system32\drivers\NIS\1008030.006\SYMEFA.SYS 10:00:09.0672 5372 SymEFA - ok 10:00:09.0707 5372 [ A54FF04BD6E75DC4D8CB6F3E352635E0 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS 10:00:09.0710 5372 SymEvent - ok 10:00:09.0732 5372 SYMFW - ok 10:00:09.0773 5372 [ 34F1C9D5DCC19DF1E824D6B73767B8AF ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys 10:00:09.0775 5372 SymIM - ok 10:00:09.0781 5372 SYMNDISV - ok 10:00:09.0792 5372 SYMREDRV - ok 10:00:09.0816 5372 [ 26BC80EC79D7BA478249C266CBDF17B4 ] SYMTDI C:\Windows\System32\Drivers\NIS\1008030.006\SYMTDI.SYS 10:00:09.0820 5372 SYMTDI - ok 10:00:09.0840 5372 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 10:00:09.0843 5372 Sym_hi - ok 10:00:09.0855 5372 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 10:00:09.0857 5372 Sym_u3 - ok 10:00:09.0905 5372 [ D2AA5D5FDB821EB5F9366C5E3BC2D9EA ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 10:00:09.0909 5372 SynTP - ok 10:00:09.0977 5372 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 10:00:09.0999 5372 SysMain - ok 10:00:10.0033 5372 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 10:00:10.0037 5372 TabletInputService - ok 10:00:10.0079 5372 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 10:00:10.0086 5372 TapiSrv - ok 10:00:10.0100 5372 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 10:00:10.0106 5372 TBS - ok 10:00:10.0169 5372 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 10:00:10.0203 5372 Tcpip - ok 10:00:10.0230 5372 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 10:00:10.0240 5372 Tcpip6 - ok 10:00:10.0287 5372 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 10:00:10.0290 5372 tcpipreg - ok 10:00:10.0324 5372 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 10:00:10.0327 5372 TDPIPE - ok 10:00:10.0346 5372 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 10:00:10.0348 5372 TDTCP - ok 10:00:10.0395 5372 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 10:00:10.0399 5372 tdx - ok 10:00:10.0461 5372 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 10:00:10.0464 5372 TermDD - ok 10:00:10.0499 5372 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 10:00:10.0577 5372 TermService - ok 10:00:10.0595 5372 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 10:00:10.0601 5372 Themes - ok 10:00:10.0638 5372 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 10:00:10.0641 5372 THREADORDER - ok 10:00:10.0737 5372 [ EFEF22B9577E5051057FDE1AE381B50C ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 10:00:10.0740 5372 TomTomHOMEService - ok 10:00:10.0770 5372 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 10:00:10.0775 5372 TrkWks - ok 10:00:10.0844 5372 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 10:00:10.0846 5372 TrustedInstaller - ok 10:00:10.0883 5372 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 10:00:10.0886 5372 tssecsrv - ok 10:00:10.0931 5372 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 10:00:10.0933 5372 tunmp - ok 10:00:10.0983 5372 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 10:00:10.0985 5372 tunnel - ok 10:00:11.0005 5372 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 10:00:11.0008 5372 uagp35 - ok 10:00:11.0051 5372 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 10:00:11.0058 5372 udfs - ok 10:00:11.0092 5372 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 10:00:11.0096 5372 UI0Detect - ok 10:00:11.0118 5372 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 10:00:11.0122 5372 uliagpkx - ok 10:00:11.0138 5372 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 10:00:11.0144 5372 uliahci - ok 10:00:11.0171 5372 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 10:00:11.0174 5372 UlSata - ok 10:00:11.0206 5372 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 10:00:11.0210 5372 ulsata2 - ok 10:00:11.0229 5372 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 10:00:11.0231 5372 umbus - ok 10:00:11.0254 5372 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 10:00:11.0260 5372 upnphost - ok 10:00:11.0280 5372 [ EC01DA44B090D2651FC032C8B9257232 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys 10:00:11.0282 5372 upperdev - ok 10:00:11.0313 5372 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 10:00:11.0315 5372 USBAAPL - ok 10:00:11.0349 5372 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 10:00:11.0352 5372 usbaudio - ok 10:00:11.0372 5372 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 10:00:11.0375 5372 usbccgp - ok 10:00:11.0401 5372 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 10:00:11.0404 5372 usbcir - ok 10:00:11.0475 5372 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 10:00:11.0477 5372 usbehci - ok 10:00:11.0499 5372 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 10:00:11.0504 5372 usbhub - ok 10:00:11.0517 5372 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 10:00:11.0519 5372 usbohci - ok 10:00:11.0563 5372 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 10:00:11.0566 5372 usbprint - ok 10:00:11.0611 5372 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 10:00:11.0614 5372 usbscan - ok 10:00:11.0680 5372 [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser C:\Windows\system32\drivers\usbser.sys 10:00:11.0683 5372 usbser - ok 10:00:11.0713 5372 [ 4ABD37CFBD710E64F01F9DA8710C73F7 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys 10:00:11.0714 5372 UsbserFilt - ok 10:00:11.0736 5372 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 10:00:11.0739 5372 USBSTOR - ok 10:00:11.0770 5372 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 10:00:11.0773 5372 usbuhci - ok 10:00:11.0797 5372 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 10:00:11.0802 5372 usbvideo - ok 10:00:11.0852 5372 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 10:00:11.0857 5372 UxSms - ok 10:00:11.0907 5372 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 10:00:11.0929 5372 vds - ok 10:00:11.0980 5372 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 10:00:11.0982 5372 vga - ok 10:00:11.0999 5372 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 10:00:12.0002 5372 VgaSave - ok 10:00:12.0017 5372 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 10:00:12.0020 5372 viaagp - ok 10:00:12.0041 5372 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 10:00:12.0044 5372 ViaC7 - ok 10:00:12.0057 5372 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 10:00:12.0060 5372 viaide - ok 10:00:12.0082 5372 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 10:00:12.0085 5372 volmgr - ok 10:00:12.0141 5372 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 10:00:12.0148 5372 volmgrx - ok 10:00:12.0198 5372 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys 10:00:12.0204 5372 volsnap - ok 10:00:12.0230 5372 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 10:00:12.0234 5372 vsmraid - ok 10:00:12.0313 5372 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 10:00:12.0357 5372 VSS - ok 10:00:12.0480 5372 [ 3AD1E72748978D8B0B3B674741E4C3E2 ] vToolbarUpdater14.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe 10:00:12.0514 5372 vToolbarUpdater14.2.0 - ok 10:00:12.0562 5372 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 10:00:12.0572 5372 W32Time - ok 10:00:12.0604 5372 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 10:00:12.0607 5372 WacomPen - ok 10:00:12.0629 5372 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 10:00:12.0632 5372 Wanarp - ok 10:00:12.0639 5372 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 10:00:12.0641 5372 Wanarpv6 - ok 10:00:12.0671 5372 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 10:00:12.0693 5372 wcncsvc - ok 10:00:12.0752 5372 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 10:00:12.0756 5372 WcsPlugInService - ok 10:00:12.0775 5372 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 10:00:12.0777 5372 Wd - ok 10:00:12.0848 5372 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 10:00:12.0871 5372 Wdf01000 - ok 10:00:12.0890 5372 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 10:00:12.0896 5372 WdiServiceHost - ok 10:00:12.0902 5372 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 10:00:12.0907 5372 WdiSystemHost - ok 10:00:12.0959 5372 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 10:00:12.0966 5372 WebClient - ok 10:00:13.0031 5372 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 10:00:13.0037 5372 Wecsvc - ok 10:00:13.0057 5372 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 10:00:13.0062 5372 wercplsupport - ok 10:00:13.0116 5372 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 10:00:13.0122 5372 WerSvc - ok 10:00:13.0177 5372 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 10:00:13.0184 5372 WinDefend - ok 10:00:13.0194 5372 WinHttpAutoProxySvc - ok 10:00:13.0274 5372 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 10:00:13.0278 5372 Winmgmt - ok 10:00:13.0369 5372 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 10:00:13.0403 5372 WinRM - ok 10:00:13.0464 5372 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 10:00:13.0488 5372 Wlansvc - ok 10:00:13.0514 5372 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 10:00:13.0517 5372 WmiAcpi - ok 10:00:13.0581 5372 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 10:00:13.0589 5372 wmiApSrv - ok 10:00:13.0658 5372 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 10:00:13.0681 5372 WMPNetworkSvc - ok 10:00:13.0730 5372 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 10:00:13.0736 5372 WPCSvc - ok 10:00:13.0786 5372 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 10:00:13.0790 5372 WPDBusEnum - ok 10:00:13.0833 5372 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 10:00:13.0836 5372 WpdUsb - ok 10:00:14.0023 5372 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 10:00:14.0046 5372 WPFFontCache_v0400 - ok 10:00:14.0066 5372 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 10:00:14.0068 5372 ws2ifsl - ok 10:00:14.0118 5372 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll 10:00:14.0122 5372 wscsvc - ok 10:00:14.0128 5372 WSearch - ok 10:00:14.0197 5372 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 10:00:14.0241 5372 wuauserv - ok 10:00:14.0289 5372 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 10:00:14.0291 5372 WudfPf - ok 10:00:14.0325 5372 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 10:00:14.0329 5372 WUDFRd - ok 10:00:14.0383 5372 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 10:00:14.0387 5372 wudfsvc - ok 10:00:14.0407 5372 ================ Scan global =============================== 10:00:14.0443 5372 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 10:00:14.0595 5372 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 10:00:14.0682 5372 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 10:00:14.0747 5372 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 10:00:14.0753 5372 [Global] - ok 10:00:14.0753 5372 ================ Scan MBR ================================== 10:00:14.0766 5372 [ EF932EAA6EF4C94E66A7F6CEEC7EB422 ] \Device\Harddisk0\DR0 10:00:17.0330 5372 \Device\Harddisk0\DR0 - ok 10:00:17.0339 5372 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR3 10:00:17.0349 5372 \Device\Harddisk1\DR3 - ok 10:00:17.0350 5372 ================ Scan VBR ================================== 10:00:17.0353 5372 [ E5915C28F1F6005C1715BDA48BFC293E ] \Device\Harddisk0\DR0\Partition1 10:00:17.0355 5372 \Device\Harddisk0\DR0\Partition1 - ok 10:00:17.0362 5372 [ 4BAA6B11EF02DCB7271063E33110FE90 ] \Device\Harddisk1\DR3\Partition1 10:00:17.0364 5372 \Device\Harddisk1\DR3\Partition1 - ok 10:00:17.0365 5372 ============================================================ 10:00:17.0365 5372 Scan finished 10:00:17.0365 5372 ============================================================ 10:00:17.0377 2440 Detected object count: 0 10:00:17.0377 2440 Actual detected object count: 0

Ik heb een scan met AVG gedaan. Die geeft aan: 2 potentieel gevaarlijke threats, niet alles is verwijderd en 2 potentieel gevaarlijke rootkits, niet alles is verwijderd. Voor sommige items is extra aandacht vereist. Het zijn: service function NtalpcCo... en service function NtMapVie... Ik heb op alles verwijderen geklikt. Hoe gaan we verder?

Hoi, de combifix in veilige modus is me niet gelukt. Hij geeft een aantal meldingen: Error saving file c:windows/erdnt/Hiv-backup/ security Continue with the next file? RegCreatekeyEx:5-toegang geweigerd en zo nog een paar o.a. c:windows/erdnt/Hiv-backup/ user Daarna zie je het balkje lopen en verdwijnt Combifix uit beeld. Ik heb 20 minuten gewacht in de hoop nog iets terug te zien maar tevergeefs.

ComboFix 13-03-04.01 - Patrick 04-03-2013 19:19:14.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3000.1808 [GMT 1:00] Gestart vanuit: c:\users\Patrick\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\users\Patrick\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Delta c:\program files\Delta\delta\1.8.10.0\deltaApp.dll c:\program files\Delta\delta\1.8.10.0\deltaEng.dll c:\program files\Delta\delta\1.8.10.0\deltasrv.exe c:\program files\Delta\delta\1.8.10.0\deltaTlbr.dll c:\program files\Delta\delta\1.8.10.0\escortShld.dll c:\program files\Delta\delta\1.8.10.0\uninstall.exe c:\program files\TornTV.com c:\program files\TornTV.com\torn11.crx c:\program files\TornTV.com\torntemp.xpi c:\program files\TornTV.com\TornTV.exe c:\program files\TornTV.com\uninst.exe c:\programdata\BrowserProtect c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\chrome.manifest c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\bprotector-3.6.xpt c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-18.0.dll c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\bprotector.js c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\overlay.xul c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\install.rdf c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe c:\programdata\Tarma Installer c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico c:\windows\system32\Extensions c:\windows\system32\searchplugins . . (((((((((((((((((((( Bestanden Gemaakt van 2013-02-04 to 2013-03-04 )))))))))))))))))))))))))))))) . . 2013-03-04 18:33 . 2013-03-04 18:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-04 14:57 . 2013-03-04 14:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-03-04 11:40 . 2013-03-04 11:40 388096 ----a-r- c:\users\Patrick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-03-04 11:39 . 2013-03-04 11:39 14664 ----a-w- c:\windows\stinger.sys 2013-03-04 11:32 . 2013-03-04 12:30 -------- d-----w- c:\program files\stinger 2013-03-03 14:36 . 2013-03-03 14:36 -------- d-----w- c:\program files\Trend Micro 2013-03-03 12:00 . 2013-03-03 12:00 -------- d-----w- c:\program files\Gophoto.it 2013-03-03 11:58 . 2013-03-03 11:58 -------- d-----w- c:\users\Patrick\AppData\Roaming\BabSolution 2013-02-21 22:08 . 2013-02-21 22:08 -------- d-----w- c:\program files\iPod 2013-02-21 22:08 . 2013-02-21 22:09 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-02-21 22:08 . 2013-02-21 22:09 -------- d-----w- c:\program files\iTunes 2013-02-21 21:53 . 2013-02-21 21:53 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2013-02-21 21:48 . 2012-12-13 12:50 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll 2013-02-15 02:28 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll 2013-02-14 08:36 . 2013-01-04 01:38 2048512 ----a-w- c:\windows\system32\win32k.sys 2013-02-14 08:36 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\system32\quartz.dll 2013-02-14 08:36 . 2013-01-04 11:28 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-14 08:36 . 2013-01-05 05:26 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-02-14 08:36 . 2013-01-05 05:26 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-27 15:50 . 2012-09-22 08:02 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-27 15:50 . 2011-09-16 10:20 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-18 19:36 . 2012-10-07 21:19 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-12-16 13:12 . 2012-12-21 02:02 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 10:50 . 2012-12-21 02:02 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 15:49 . 2012-05-21 21:21 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-13 12:50 . 2012-12-13 12:50 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2013-03-03 13:32 . 2013-03-03 13:32 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-03 68856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "RtHDVCpl"="RtHDVCpl.exe" [2008-08-04 6265376] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-09 30192] "SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944] "Skytel"="Skytel.exe" [2008-08-04 1833504] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-02-18 1151152] "Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-12 906648] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2565520] "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392] . c:\users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MobileDocuments"=c:\program files\Common Files\Apple\Internet Services\ubd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" /run "HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" /DoAction "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files\Java\jre7\bin\jusched.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . Inhoud van de 'Gedeelde Taken' map . 2013-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-22 15:50] . 2013-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-16 21:55] . 2013-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-16 21:55] . . ------- Bijkomende Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&s=2&o=vp32&d=0809&m=easynote_mh45 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube to DVD Converter - c:\users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll FF - ProfilePath - c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\ FF - ExtSQL: 2013-03-03 12:54; torntv@torntv.com; c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\extensions\torntv@torntv.com.xpi FF - ExtSQL: 2013-03-03 12:59; ffxtlbr@delta.com; c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\extensions\ffxtlbr@delta.com FF - ExtSQL: 2013-03-03 13:00; {0F827075-B026-42F3-885D-98981EE7B1AE}; c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100482 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - e25071370000000000000017c473aeca FF - user.js: extensions.BabylonToolbar_i.hardId - e25071370000000000000017c473aeca FF - user.js: extensions.BabylonToolbar_i.instlDay - 15361 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:50 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - e25071370000000000000017c473aeca FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15767 FF - user.js: extensions.delta.vrsn - 1.8.10.0 FF - user.js: extensions.delta.vrsni - 1.8.10.0 FF - user.js: extensions.delta.vrsnTs - 1.8.10.012:59 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-1ClickDownload - c:\program files\TornTV.com\uninst.exe AddRemove-delta - c:\program files\Delta\delta\1.8.10.0\uninstall.exe AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-03-04 19:33 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-709391076-3668097275-2558483745-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**ÑeoEn] "LP_LastUpdateTime"="1326730806" "LP_LastCheckTime"=dword:4f144e39 "LP_ReloadIntervalInHours"=dword:000002a0 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2013-03-04 19:37:10 ComboFix-quarantined-files.txt 2013-03-04 18:37 ComboFix2.txt 2013-03-04 16:15 . Pre-Run: 219.893.583.872 bytes beschikbaar Post-Run: 219.881.304.064 bytes beschikbaar . - - End Of File - - 6A7E50566B713700EA077A1389D4DA67

Hoi, ik zag bij anderen dat een evt volgende stap ComboFix is en heb daar de log van. Dus hierbij indien van toepassing: ComboFix 13-03-04.01 - Patrick 04-03-2013 16:56:51.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3000.1625 [GMT 1:00] Gestart vanuit: c:\users\Patrick\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2013-02-04 to 2013-03-04 )))))))))))))))))))))))))))))) . . 2013-03-04 16:10 . 2013-03-04 16:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-04 14:57 . 2013-03-04 14:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-03-04 12:37 . 2013-03-04 12:37 -------- d-----w- c:\windows\system32\Extensions 2013-03-04 12:37 . 2013-03-04 12:37 -------- d-----w- c:\windows\system32\searchplugins 2013-03-04 11:40 . 2013-03-04 11:40 388096 ----a-r- c:\users\Patrick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-03-04 11:39 . 2013-03-04 11:39 14664 ----a-w- c:\windows\stinger.sys 2013-03-04 11:32 . 2013-03-04 12:30 -------- d-----w- c:\program files\stinger 2013-03-03 14:36 . 2013-03-03 14:36 -------- d-----w- c:\program files\Trend Micro 2013-03-03 12:00 . 2013-03-03 12:00 -------- d-----w- c:\program files\Gophoto.it 2013-03-03 11:59 . 2013-03-03 11:59 -------- d-----w- c:\program files\Delta 2013-03-03 11:59 . 2013-03-03 11:59 -------- d-----w- c:\programdata\BrowserProtect 2013-03-03 11:58 . 2013-03-03 11:58 -------- d-----w- c:\users\Patrick\AppData\Roaming\BabSolution 2013-03-03 11:54 . 2013-03-03 11:54 -------- d-----w- c:\programdata\Tarma Installer 2013-03-03 11:53 . 2013-03-03 11:54 -------- d-----w- c:\program files\TornTV.com 2013-02-21 22:08 . 2013-02-21 22:08 -------- d-----w- c:\program files\iPod 2013-02-21 22:08 . 2013-02-21 22:09 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-02-21 22:08 . 2013-02-21 22:09 -------- d-----w- c:\program files\iTunes 2013-02-21 21:53 . 2013-02-21 21:53 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2013-02-21 21:48 . 2012-12-13 12:50 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll 2013-02-15 02:28 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll 2013-02-14 08:36 . 2013-01-04 01:38 2048512 ----a-w- c:\windows\system32\win32k.sys 2013-02-14 08:36 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\system32\quartz.dll 2013-02-14 08:36 . 2013-01-04 11:28 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-14 08:36 . 2013-01-05 05:26 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-02-14 08:36 . 2013-01-05 05:26 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-27 15:50 . 2012-09-22 08:02 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-27 15:50 . 2011-09-16 10:20 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-18 19:36 . 2012-10-07 21:19 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-12-16 13:12 . 2012-12-21 02:02 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 10:50 . 2012-12-21 02:02 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 15:49 . 2012-05-21 21:21 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-13 12:50 . 2012-12-13 12:50 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2013-03-03 13:32 . 2013-03-03 13:32 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-03 68856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "RtHDVCpl"="RtHDVCpl.exe" [2008-08-04 6265376] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-09 30192] "SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944] "Skytel"="Skytel.exe" [2008-08-04 1833504] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-02-18 1151152] "Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-12 906648] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2565520] "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392] . c:\users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MobileDocuments"=c:\program files\Common Files\Apple\Internet Services\ubd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" /run "HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" /DoAction "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files\Java\jre7\bin\jusched.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . Inhoud van de 'Gedeelde Taken' map . 2013-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-22 15:50] . 2013-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-16 21:55] . 2013-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-16 21:55] . . ------- Bijkomende Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&s=2&o=vp32&d=0809&m=easynote_mh45 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube to DVD Converter - c:\users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll FF - ProfilePath - c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\ FF - prefs.js: browser.search.selectedEngine - Delta Search FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=e25071370000000000000017c473aeca FF - ExtSQL: 2013-03-03 12:54; torntv@torntv.com; c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\extensions\torntv@torntv.com.xpi FF - ExtSQL: 2013-03-03 12:59; ffxtlbr@delta.com; c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\extensions\ffxtlbr@delta.com FF - ExtSQL: 2013-03-03 13:00; {0F827075-B026-42F3-885D-98981EE7B1AE}; c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100482 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - e25071370000000000000017c473aeca FF - user.js: extensions.BabylonToolbar_i.hardId - e25071370000000000000017c473aeca FF - user.js: extensions.BabylonToolbar_i.instlDay - 15361 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:50 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - e25071370000000000000017c473aeca FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15767 FF - user.js: extensions.delta.vrsn - 1.8.10.0 FF - user.js: extensions.delta.vrsni - 1.8.10.0 FF - user.js: extensions.delta.vrsnTs - 1.8.10.012:59 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file) WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file) WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file) SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-Free Video to MP3 Converter_is1 - c:\program files\Common Files\DVDVideoSoft\Uninstall.exe AddRemove-Free YouTube to DVD Converter_is1 - c:\program files\Common Files\DVDVideoSoft\Uninstall.exe AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files\Complitly\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-03-04 17:10 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-709391076-3668097275-2558483745-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**ÑeoEn] "LP_LastUpdateTime"="1326730806" "LP_LastCheckTime"=dword:4f144e39 "LP_ReloadIntervalInHours"=dword:000002a0 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2013-03-04 17:15:30 ComboFix-quarantined-files.txt 2013-03-04 16:15 . Pre-Run: 219.768.680.448 bytes beschikbaar Post-Run: 219.890.409.472 bytes beschikbaar . - - End Of File - - 3815EF3C047359A18E3A37094A29534E

Hier zijn ze: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Databaseversie: v2013.03.04.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Patrick :: PC_VAN_PATRICK [administrator] 4-3-2013 14:40:32 mbam-log-2013-03-04 (14-40-32).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 210869 Verstreken tijd: 57 minuut/minuten, 25 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 1 C:\Users\Patrick\AppData\Local\Temp\Low\1jfuweif.exe (Exploit.Drop.GS) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:10:35, on 4-3-2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16464) Boot mode: Normal Running processes: C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\igfxsrvc.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\25.0.1364.97\npchrome_frame.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [smpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files\LastPass\context.html?cmd=fillforms O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\25.0.1364.97\npchrome_frame.dll O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- End of file - 11822 bytes

okee, scan met Hijackthis is gelukt en de scan met Malwarebytes loopt. Net daarvoor detecteerde AVG vier aanvallen van Trojaans paard Dropper.generic7.BZEE en heeft ze verwijderd, hoop ik!? Blijkt dit straks ook uit de scan?

Hoi, ik heb geen goeie selectie gemaakt in de scan van Hijack This ook niet als administrator aangemeld en heb ´m afgesloten. Als ik´m opnieuw probeer op te starten geeft hij aan dat ie al loopt maar dat is al een tijdje zo en ik zie niets gebeuren. Wat kan ik verder doen?