Neymar
-
Items
85 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door Neymar
-
Ik heb een systeemherstel gedaan. Daarna heb ik de cd van mijn moederbord geïnstalleerd. Het probleem werd hierdoor niet opgelost. Momenteel ben ik de drivers aan het downloaden van realtek. - - - Updated - - - Na installatie van de door u verwezen Realtek drivers is het probleem nog altijd niet opgelost.
-
Ja, ik heb eerst deze drivers geïnstalleerd. (Realtek). Maar blijkbaar was het verkeerd. Daarna heb ik GIGABYTE - Moederbord - Socket 775 - GA-EX38-DQ6 (rev. 1.1) (Realtek Function driver for Realtek Azalia audio chip (Including Microsoft UAA Driver in English edition) geinstalleerd zonder succes. Kan het zijn dat ik te veel drivers heb geinstalleerd voor de geluidskaart? p.s. Videokaart drivers etc zijn orde, enkel geluidkaart niet. groetjes - - - Updated - - - Ja, ik heb eerst deze drivers geïnstalleerd. (http://www.realtek.com.tw/downloads/). Maar blijkbaar was het verkeerd. Daarna heb ik http://www.gigabyte.co.nl/products/product-page.aspx?pid=2760&dl=1#dl (Realtek Function driver for Realtek Azalia audio chip (Including Microsoft UAA Driver in English edition) geinstalleerd zonder succes. Kan het zijn dat ik te veel drivers heb geinstalleerd voor de geluidskaart? p.s. Videokaart drivers etc zijn orde, enkel geluidkaart niet. groetjes
-
Beste, Ik heb windows 7 64 bit geinstalleerd op mijn computer. Alles werkt naar behoren behalve het geluid ontbreekt. Als ik op het icoontje van geluid ga staan, krijg ik de melding: "Geen apparaat voor geluidsweergave geïnstalleerd". Ik heb zelfs geen besturing voor geluid in het apparaatbeheer menu (zie bijlages) Indien ik via windows het probleem wil oplossen krijg ik dit allemaal: [TABLE=class: info] [TR] [TD=class: heading] Audio afspelen[/TD] [TD=align: right]Gedetailleerde informatie van de uitgever[/TD] [/TR] [/TABLE] [TABLE=class: info block] [TR] [TD=class: title, colspan: 3]Gevonden problemen[/TD] [/TR] [TR] [TD] Controleer het audioapparaat Controleer het audioapparaat Er is mogelijk een probleem met het audioapparaat.[/TD] [TD=width: 90] Gedetecteerd[/TD] [TD=width: 20][/TD] [/TR] [TR] [TD] Hardwarewijzigingen zijn mogelijk niet gedetecteerd Hardwarewijzigingen zijn mogelijk niet gedetecteerd[/TD] [TD=width: 90] Gedetecteerd[/TD] [TD=width: 20][/TD] [/TR] [TR] [TD=colspan: 4, align: right] [TABLE=width: 97%] [TR] [TD] Recente hardwarewijzigingen zoeken[/TD] [TD=width: 110, colspan: 2] Voltooid[/TD] [/TR] [/TABLE] [/TD] [/TR] [/TABLE] [TABLE=class: info] [TR] [TD=class: heading] Gevonden problemen[/TD] [TD=align: right]Details van detectieproces[/TD] [/TR] [/TABLE] [TABLE=class: info] [TR] [TD] [TABLE=class: info] [TR] [TD][/TD] [TD=class: title]Controleer het audioapparaat[/TD] [TD] Gedetecteerd[/TD] [TD][/TD] [/TR] [/TABLE] [/TD] [/TR] [TR] [TD=class: content] Er is mogelijk een probleem met het audioapparaat.[/TD] [/TR] [TR] [TD=class: content][/TD] [/TR] [/TABLE] [TABLE=class: info] [TR] [TD] [TABLE=class: info] [TR] [TD] 5[/TD] [TD=class: title]Hardwarewijzigingen zijn mogelijk niet gedetecteerd[/TD] [TD] Gedetecteerd[/TD] [TD][/TD] [/TR] [/TABLE] [/TD] [/TR] [TR] [TD=class: content] [TABLE=class: info] [TR] [TD=class: title] [TABLE=class: info] [TR] [TD=class: title]Recente hardwarewijzigingen zoeken[/TD] [TD] Voltooid[/TD] [/TR] [/TABLE] [/TD] [/TR] [TR] [TD] Tijdens het scannen worden er mogelijk nieuwe aangesloten apparaten gevonden en geïnstalleerd.[/TD] [/TR] [/TABLE] [/TD] [/TR] [/TABLE] [TABLE=class: info] [TR] [TD=class: heading] Details van detectieproces[/TD] [TD=align: right] [/TD] [/TR] [/TABLE] [TABLE=class: info] [TR] [TD] Geïnstalleerde audioapparaten[/TD] [/TR] [TR] [TD]Dit bestand bevat de in het register opgeslagen details voor alle geïnstalleerde audioapparaten.[/TD] [/TR] [TR] [TD] [TABLE=class: info] [TR] [TH]Bestandsnaam:[/TH] [TD=class: b1]Registry log.reg[/TD] [/TR] [/TABLE] [/TD] [/TR] [/TABLE] [TABLE=class: info] [TR] [TD=class: title, colspan: 2]Informatie over het verzamelen[/TD] [/TR] [TR] [TH]Computernaam:[/TH] [TD=class: b2]DESKTOP[/TD] [/TR] [TR] [TH]Windows-versie:[/TH] [TD=class: b1] 6.1[/TD] [/TR] [TR] [TH]Architectuur:[/TH] [TD=class: b2] amd64[/TD] [/TR] [TR] [TH]Tijd:[/TH] [TD=class: b1] zaterdag 13 april 2013 3:32:15[/TD] [/TR] [/TABLE] [TABLE=class: info] [TR] [TD=class: heading] Gedetailleerde informatie van de uitgever[/TD] [TD=align: right] [/TD] [/TR] [/TABLE] [TABLE=class: info] [TR] [TD=class: title, colspan: 2]Geluid[/TD] [/TR] [TR] [TD=colspan: 2]Problemen oplossen met het afspelen of opnemen van audio op uw computer.[/TD] [/TR] [TR] [TH]Pakketversie:[/TH] [TD=class: b1] 1.0[/TD] [/TR] [TR] [TH]Uitgever:[/TH] [TD=class: b2] Microsoft Windows[/TD] [/TR] [/TABLE] [TABLE=class: info] [TR] [TD=class: title, colspan: 2]Audio afspelen[/TD] [/TR] [TR] [TD=colspan: 2]Geluiden en andere audio zoals muziekbestanden afspelen.[/TD] [/TR] [TR] [TH]Pakketversie:[/TH] [TD=class: b1] 1.0[/TD] [/TR] [TR] [TH]Uitgever:[/TH] [TD=class: b2] Microsoft Corporation[/TD] [/TR] [/TABLE] [TABLE=class: info] [TR] [TD=class: title, colspan: 2]Hardware en apparaten[/TD] [/TR] [TR] [TD=colspan: 2]Hardware gebruiken en toegang tot apparaten die met deze computer zijn verbonden[/TD] [/TR] [TR] [TH]Pakketversie:[/TH] [TD=class: b1] 1.1[/TD] [/TR] [TR] [TH]Uitgever:[/TH] [TD=class: b2] Microsoft Windows[/TD] [/TR] [/TABLE] - - - Updated - - - Ik had ook geprobeerd drivers te installeren zonder succes. In bijlage systeem specs PC Helpforum moderator bericht: Textbestand aangepast omdat Windows sleutel zichtbaar was TENCHSDESKTOP.txt
-
Beste, Mijn internet browsers werken niet meer. Ik probeer Internet explorer of Firefox te openen maar beiden openen niet. Ik kreeg steeds een melding dat er een probleem opgetreden waardoor het programma niet meer werkte. "Windows hostproces rundll32 werkt meer" Ik heb wel een internet verbinding, ik kan op msn etc... Enig oplossing?
-
Oke alles gedaan, hartelijk bedankt om mij te helpen!
-
Geen virus detectie en ik hoor niks meer. Dus zal het opgelost zijn?
-
Zo te zien spelen er geen geluiden meer af op het achtergrond.. Zou de virus verwijderd zijn? Ik ben nu een housecall van Trenmicro bezig. Daarna ga ik ook een scan met mijn eigen antivirus
-
15:43:09.0589 3336 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 15:43:09.0734 3336 ============================================================ 15:43:09.0734 3336 Current date / time: 2012/09/21 15:43:09.0734 15:43:09.0734 3336 SystemInfo: 15:43:09.0734 3336 15:43:09.0734 3336 OS Version: 6.0.6002 ServicePack: 2.0 15:43:09.0734 3336 Product type: Workstation 15:43:09.0734 3336 ComputerName: GEBRUIK-VJ0OOQ1 15:43:09.0735 3336 UserName: Gebruiker 15:43:09.0735 3336 Windows directory: C:\Windows 15:43:09.0735 3336 System windows directory: C:\Windows 15:43:09.0735 3336 Processor architecture: Intel x86 15:43:09.0735 3336 Number of processors: 2 15:43:09.0735 3336 Page size: 0x1000 15:43:09.0735 3336 Boot type: Normal boot 15:43:09.0735 3336 ============================================================ 15:43:10.0230 3336 Drive \Device\Harddisk0\DR0 - Size: 0x3A36000000 (232.84 Gb), SectorSize: 0x200, Cylinders: 0x76BB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058 15:43:10.0242 3336 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058 15:43:10.0245 3336 ============================================================ 15:43:10.0245 3336 \Device\Harddisk0\DR0: 15:43:10.0245 3336 MBR partitions: 15:43:10.0245 3336 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1AF000 15:43:10.0245 3336 \Device\Harddisk1\DR1: 15:43:10.0245 3336 MBR partitions: 15:43:10.0245 3336 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542 15:43:10.0245 3336 ============================================================ 15:43:10.0273 3336 C: <-> \Device\Harddisk1\DR1\Partition1 15:43:10.0587 3336 D: <-> \Device\Harddisk0\DR0\Partition1 15:43:10.0587 3336 ============================================================ 15:43:10.0587 3336 Initialize success 15:43:10.0587 3336 ============================================================ 15:43:33.0553 4848 ============================================================ 15:43:33.0554 4848 Scan started 15:43:33.0554 4848 Mode: Manual; 15:43:33.0554 4848 ============================================================ 15:43:33.0863 4848 ================ Scan system memory ======================== 15:43:33.0863 4848 System memory - ok 15:43:33.0863 4848 ================ Scan services ============================= 15:43:33.0978 4848 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE 15:43:33.0979 4848 !SASCORE - ok 15:43:34.0104 4848 A2DDA - ok 15:43:34.0253 4848 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 15:43:34.0257 4848 ACPI - ok 15:43:34.0323 4848 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 15:43:34.0325 4848 AdobeARMservice - ok 15:43:34.0383 4848 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 15:43:34.0388 4848 AdobeFlashPlayerUpdateSvc - ok 15:43:34.0425 4848 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 15:43:34.0434 4848 adp94xx - ok 15:43:34.0459 4848 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 15:43:34.0465 4848 adpahci - ok 15:43:34.0487 4848 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 15:43:34.0490 4848 adpu160m - ok 15:43:34.0507 4848 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 15:43:34.0511 4848 adpu320 - ok 15:43:34.0590 4848 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe 15:43:34.0596 4848 AdvancedSystemCareService5 - ok 15:43:34.0618 4848 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 15:43:34.0619 4848 AeLookupSvc - ok 15:43:34.0654 4848 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 15:43:34.0658 4848 AFD - ok 15:43:34.0695 4848 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 15:43:34.0697 4848 agp440 - ok 15:43:34.0729 4848 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 15:43:34.0732 4848 aic78xx - ok 15:43:34.0945 4848 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files\common files\akamai/netsession_win_5891ae0.dll 15:43:34.0946 4848 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76 15:43:34.0955 4848 Akamai ( HiddenFile.Multi.Generic ) - warning 15:43:34.0955 4848 Akamai - detected HiddenFile.Multi.Generic (1) 15:43:34.0961 4848 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 15:43:34.0963 4848 ALG - ok 15:43:34.0987 4848 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 15:43:34.0989 4848 aliide - ok 15:43:35.0006 4848 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 15:43:35.0008 4848 amdagp - ok 15:43:35.0029 4848 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 15:43:35.0030 4848 amdide - ok 15:43:35.0050 4848 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 15:43:35.0052 4848 AmdK7 - ok 15:43:35.0069 4848 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 15:43:35.0071 4848 AmdK8 - ok 15:43:35.0103 4848 [ 459C0FFF8FF5EB4E8DF7E2EFDCB28DE1 ] apf003 C:\Windows\system32\apf003.sys 15:43:35.0104 4848 apf003 - ok 15:43:35.0131 4848 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 15:43:35.0133 4848 Appinfo - ok 15:43:35.0192 4848 [ D503DF3ABA595F551B98B9BAE017A271 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 15:43:35.0196 4848 Apple Mobile Device - ok 15:43:35.0213 4848 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 15:43:35.0216 4848 arc - ok 15:43:35.0229 4848 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 15:43:35.0232 4848 arcsas - ok 15:43:35.0263 4848 [ 294C60FAD24A5A5FC56117F69D7D69E4 ] arcs_x86 C:\Windows\system32\drivers\arcs_x86.sys 15:43:35.0265 4848 arcs_x86 - ok 15:43:35.0367 4848 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 15:43:35.0384 4848 aspnet_state - ok 15:43:35.0409 4848 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 15:43:35.0410 4848 aswFsBlk - ok 15:43:35.0444 4848 [ F76E51561562AC4105DBBE53FC99BC10 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 15:43:35.0445 4848 aswMonFlt - ok 15:43:35.0460 4848 [ B7D5E4486BA658ED08624D8084ABB830 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys 15:43:35.0461 4848 aswRdr - ok 15:43:35.0517 4848 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 15:43:35.0522 4848 aswSnx - ok 15:43:35.0551 4848 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\Windows\system32\drivers\aswSP.sys 15:43:35.0554 4848 aswSP - ok 15:43:35.0573 4848 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 15:43:35.0574 4848 aswTdi - ok 15:43:35.0604 4848 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 15:43:35.0606 4848 AsyncMac - ok 15:43:35.0626 4848 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 15:43:35.0628 4848 atapi - ok 15:43:35.0663 4848 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 15:43:35.0669 4848 AudioEndpointBuilder - ok 15:43:35.0686 4848 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 15:43:35.0688 4848 Audiosrv - ok 15:43:35.0724 4848 [ 76B04173A13A045523FD10DB483E2B25 ] Autodata Limited License Service C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe 15:43:35.0726 4848 Autodata Limited License Service - ok 15:43:35.0793 4848 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 15:43:35.0794 4848 avast! Antivirus - ok 15:43:35.0822 4848 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 15:43:35.0824 4848 Beep - ok 15:43:35.0855 4848 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 15:43:35.0862 4848 BFE - ok 15:43:35.0904 4848 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll 15:43:35.0936 4848 BITS - ok 15:43:35.0961 4848 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 15:43:35.0963 4848 blbdrive - ok 15:43:36.0032 4848 [ EBAD0F51D8D4DADE7660B1851ADDBD07 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 15:43:36.0039 4848 Bonjour Service - ok 15:43:36.0069 4848 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 15:43:36.0071 4848 bowser - ok 15:43:36.0088 4848 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 15:43:36.0089 4848 BrFiltLo - ok 15:43:36.0102 4848 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 15:43:36.0104 4848 BrFiltUp - ok 15:43:36.0140 4848 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 15:43:36.0142 4848 Browser - ok 15:43:36.0165 4848 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 15:43:36.0167 4848 Brserid - ok 15:43:36.0188 4848 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 15:43:36.0190 4848 BrSerWdm - ok 15:43:36.0209 4848 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 15:43:36.0210 4848 BrUsbMdm - ok 15:43:36.0228 4848 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 15:43:36.0230 4848 BrUsbSer - ok 15:43:36.0259 4848 [ 3472331B9D460212965B51A8D38E8BEC ] BthAvrcp C:\Windows\system32\DRIVERS\BthAvrcp.sys 15:43:36.0259 4848 BthAvrcp - ok 15:43:36.0273 4848 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 15:43:36.0274 4848 BthEnum - ok 15:43:36.0310 4848 [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 15:43:36.0312 4848 BTHMODEM - ok 15:43:36.0329 4848 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 15:43:36.0331 4848 BthPan - ok 15:43:36.0382 4848 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 15:43:36.0392 4848 BTHPORT - ok 15:43:36.0430 4848 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll 15:43:36.0432 4848 BthServ - ok 15:43:36.0449 4848 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 15:43:36.0450 4848 BTHUSB - ok 15:43:36.0497 4848 [ 166EBA385178229475B6AEB950E0A082 ] Cam5603D C:\Windows\system32\Drivers\BisonCam.sys 15:43:36.0514 4848 Cam5603D - ok 15:43:36.0607 4848 catchme - ok 15:43:36.0649 4848 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 15:43:36.0651 4848 cdfs - ok 15:43:36.0668 4848 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 15:43:36.0670 4848 cdrom - ok 15:43:36.0718 4848 [ 039F27EA2344C541CB6A0EF288BC8996 ] CEBFilter C:\Program Files\C&E\OSD\OsdService\cebuffer.sys 15:43:36.0719 4848 CEBFilter - ok 15:43:36.0731 4848 [ 147019ABEB922507F2FA107032C480CE ] CEIO C:\Program Files\C&E\OSD\OsdService\ceio.sys 15:43:36.0732 4848 CEIO - ok 15:43:36.0759 4848 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 15:43:36.0761 4848 CertPropSvc - ok 15:43:36.0784 4848 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys 15:43:36.0785 4848 circlass - ok 15:43:36.0789 4848 [ CB11E608025AA6E601FF0C097E6009BD ] cKBFilter C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys 15:43:36.0790 4848 cKBFilter - ok 15:43:36.0809 4848 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 15:43:36.0814 4848 CLFS - ok 15:43:36.0859 4848 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:43:36.0862 4848 clr_optimization_v2.0.50727_32 - ok 15:43:36.0898 4848 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:43:36.0926 4848 clr_optimization_v4.0.30319_32 - ok 15:43:36.0950 4848 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 15:43:36.0951 4848 CmBatt - ok 15:43:36.0968 4848 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 15:43:36.0970 4848 cmdide - ok 15:43:36.0991 4848 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 15:43:36.0992 4848 Compbatt - ok 15:43:36.0997 4848 COMSysApp - ok 15:43:37.0015 4848 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 15:43:37.0016 4848 crcdisk - ok 15:43:37.0029 4848 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 15:43:37.0031 4848 Crusoe - ok 15:43:37.0072 4848 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll 15:43:37.0075 4848 CryptSvc - ok 15:43:37.0118 4848 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 15:43:37.0140 4848 DcomLaunch - ok 15:43:37.0165 4848 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 15:43:37.0167 4848 DfsC - ok 15:43:37.0250 4848 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 15:43:37.0306 4848 DFSR - ok 15:43:37.0335 4848 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 15:43:37.0340 4848 Dhcp - ok 15:43:37.0362 4848 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 15:43:37.0364 4848 disk - ok 15:43:37.0402 4848 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 15:43:37.0405 4848 Dnscache - ok 15:43:37.0425 4848 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 15:43:37.0429 4848 dot3svc - ok 15:43:37.0447 4848 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 15:43:37.0451 4848 DPS - ok 15:43:37.0474 4848 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 15:43:37.0476 4848 drmkaud - ok 15:43:37.0526 4848 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 15:43:37.0530 4848 DXGKrnl - ok 15:43:37.0550 4848 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys 15:43:37.0555 4848 e1express - ok 15:43:37.0573 4848 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 15:43:37.0576 4848 E1G60 - ok 15:43:37.0580 4848 EagleNT - ok 15:43:37.0586 4848 EagleXNt - ok 15:43:37.0611 4848 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 15:43:37.0614 4848 EapHost - ok 15:43:37.0633 4848 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 15:43:37.0636 4848 Ecache - ok 15:43:37.0692 4848 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 15:43:37.0698 4848 ehRecvr - ok 15:43:37.0714 4848 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 15:43:37.0717 4848 ehSched - ok 15:43:37.0720 4848 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 15:43:37.0722 4848 ehstart - ok 15:43:37.0750 4848 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 15:43:37.0757 4848 elxstor - ok 15:43:37.0791 4848 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 15:43:37.0802 4848 EMDMgmt - ok 15:43:37.0835 4848 [ FC37A2212B56663BBABEF748266A58C7 ] EMSCR C:\Windows\system32\drivers\ems7sk.sys 15:43:37.0837 4848 EMSCR - ok 15:43:37.0865 4848 [ A81AB23EDDB4693612014D87367D014C ] ErrDev C:\Windows\system32\drivers\errdev.sys 15:43:37.0866 4848 ErrDev - ok 15:43:37.0885 4848 [ A498240D0E1F0B27702E3DF77B0C6E56 ] ESDCR C:\Windows\system32\drivers\esd7sk.sys 15:43:37.0887 4848 ESDCR - ok 15:43:37.0901 4848 [ CE6E1032802EE415955721A208A86718 ] ESMCR C:\Windows\system32\drivers\esm7sk.sys 15:43:37.0903 4848 ESMCR - ok 15:43:37.0926 4848 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 15:43:37.0932 4848 EventSystem - ok 15:43:37.0949 4848 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 15:43:37.0953 4848 exfat - ok 15:43:37.0979 4848 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 15:43:37.0982 4848 fastfat - ok 15:43:37.0999 4848 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 15:43:38.0001 4848 fdc - ok 15:43:38.0023 4848 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 15:43:38.0025 4848 fdPHost - ok 15:43:38.0045 4848 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 15:43:38.0047 4848 FDResPub - ok 15:43:38.0065 4848 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 15:43:38.0067 4848 FileInfo - ok 15:43:38.0088 4848 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 15:43:38.0090 4848 Filetrace - ok 15:43:38.0113 4848 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 15:43:38.0115 4848 flpydisk - ok 15:43:38.0138 4848 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 15:43:38.0143 4848 FltMgr - ok 15:43:38.0189 4848 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 15:43:38.0195 4848 FontCache - ok 15:43:38.0258 4848 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 15:43:38.0261 4848 FontCache3.0.0.0 - ok 15:43:38.0294 4848 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 15:43:38.0295 4848 Fs_Rec - ok 15:43:38.0313 4848 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 15:43:38.0315 4848 gagp30kx - ok 15:43:38.0353 4848 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 15:43:38.0353 4848 GEARAspiWDM - ok 15:43:38.0388 4848 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 15:43:38.0408 4848 gpsvc - ok 15:43:38.0503 4848 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 15:43:38.0506 4848 gupdate - ok 15:43:38.0512 4848 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 15:43:38.0513 4848 gupdatem - ok 15:43:38.0558 4848 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 15:43:38.0563 4848 gusvc - ok 15:43:38.0588 4848 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 15:43:38.0593 4848 HdAudAddService - ok 15:43:38.0626 4848 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 15:43:38.0636 4848 HDAudBus - ok 15:43:38.0649 4848 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 15:43:38.0651 4848 HidBth - ok 15:43:38.0682 4848 [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 15:43:38.0683 4848 HidIr - ok 15:43:38.0699 4848 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll 15:43:38.0701 4848 hidserv - ok 15:43:38.0714 4848 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 15:43:38.0715 4848 HidUsb - ok 15:43:38.0746 4848 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 15:43:38.0750 4848 hkmsvc - ok 15:43:38.0784 4848 [ 7EBEC5EB56B90ED65A8BBD91464E5CFB ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 15:43:38.0787 4848 HpCISSs - ok 15:43:38.0818 4848 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS 15:43:38.0824 4848 HSFHWAZL - ok 15:43:38.0863 4848 [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS 15:43:38.0897 4848 HSF_DPV - ok 15:43:38.0942 4848 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 15:43:38.0948 4848 HTTP - ok 15:43:38.0969 4848 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 15:43:38.0971 4848 i2omp - ok 15:43:39.0002 4848 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 15:43:39.0004 4848 i8042prt - ok 15:43:39.0087 4848 [ 582F2D900A3AC34C98FBDC2C0ABEF6B9 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 15:43:39.0094 4848 IAANTMON - ok 15:43:39.0121 4848 [ FD7F9D74C2B35DBDA400804A3F5ED5D8 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 15:43:39.0127 4848 iaStor - ok 15:43:39.0149 4848 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 15:43:39.0154 4848 iaStorV - ok 15:43:39.0217 4848 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:43:39.0237 4848 idsvc - ok 15:43:39.0260 4848 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 15:43:39.0262 4848 iirsp - ok 15:43:39.0304 4848 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 15:43:39.0314 4848 IKEEXT - ok 15:43:39.0431 4848 [ 37B96B2EC34819CBC145AD5AB3AFAB19 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 15:43:39.0448 4848 IntcAzAudAddService - ok 15:43:39.0476 4848 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 15:43:39.0485 4848 intelide - ok 15:43:39.0504 4848 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 15:43:39.0505 4848 intelppm - ok 15:43:39.0522 4848 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 15:43:39.0525 4848 IPBusEnum - ok 15:43:39.0545 4848 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:43:39.0547 4848 IpFilterDriver - ok 15:43:39.0589 4848 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 15:43:39.0592 4848 iphlpsvc - ok 15:43:39.0599 4848 IpInIp - ok 15:43:39.0613 4848 [ 4B9C0F4D4A3ACC535F9771039ECD6365 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 15:43:39.0615 4848 IPMIDRV - ok 15:43:39.0631 4848 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 15:43:39.0634 4848 IPNAT - ok 15:43:39.0685 4848 [ 3C30491045DBBD44A42876B3D6F3917D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 15:43:39.0696 4848 iPod Service - ok 15:43:39.0717 4848 [ E50A95179211B12946F7E035D60AF560 ] irda C:\Windows\system32\DRIVERS\irda.sys 15:43:39.0719 4848 irda - ok 15:43:39.0739 4848 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 15:43:39.0741 4848 IRENUM - ok 15:43:39.0752 4848 [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon C:\Windows\System32\irmon.dll 15:43:39.0755 4848 Irmon - ok 15:43:39.0771 4848 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 15:43:39.0774 4848 isapnp - ok 15:43:39.0822 4848 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 15:43:39.0825 4848 iScsiPrt - ok 15:43:39.0857 4848 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 15:43:39.0859 4848 iteatapi - ok 15:43:39.0888 4848 [ E4B04A0D8B237ECF026D849439F1BCCE ] itecir C:\Windows\system32\DRIVERS\itecir.sys 15:43:39.0890 4848 itecir - ok 15:43:39.0914 4848 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 15:43:39.0915 4848 iteraid - ok 15:43:39.0953 4848 [ FE372FDE0AFC9F724ED9393A33AC9AA7 ] JRAID C:\Windows\system32\DRIVERS\jraid.sys 15:43:39.0954 4848 JRAID - ok 15:43:39.0968 4848 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 15:43:39.0969 4848 kbdclass - ok 15:43:39.0984 4848 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 15:43:39.0986 4848 kbdhid - ok 15:43:40.0018 4848 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 15:43:40.0020 4848 KeyIso - ok 15:43:40.0065 4848 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 15:43:40.0074 4848 KSecDD - ok 15:43:40.0113 4848 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 15:43:40.0121 4848 KtmRm - ok 15:43:40.0153 4848 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll 15:43:40.0157 4848 LanmanServer - ok 15:43:40.0209 4848 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 15:43:40.0216 4848 LanmanWorkstation - ok 15:43:40.0245 4848 [ 05D6B85ECC3204931923AB7940B9596E ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 15:43:40.0248 4848 LHidFilt - ok 15:43:40.0289 4848 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 15:43:40.0291 4848 lltdio - ok 15:43:40.0332 4848 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 15:43:40.0338 4848 lltdsvc - ok 15:43:40.0344 4848 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 15:43:40.0347 4848 lmhosts - ok 15:43:40.0366 4848 [ 053DBCC1082FDF74AB145A71917A6556 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 15:43:40.0368 4848 LMouFilt - ok 15:43:40.0396 4848 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 15:43:40.0399 4848 LSI_FC - ok 15:43:40.0424 4848 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 15:43:40.0427 4848 LSI_SAS - ok 15:43:40.0452 4848 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 15:43:40.0455 4848 LSI_SCSI - ok 15:43:40.0475 4848 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 15:43:40.0477 4848 luafv - ok 15:43:40.0496 4848 [ 95DAB70D56BBAC7DDB7E6D0017D71369 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys 15:43:40.0498 4848 LUsbFilt - ok 15:43:40.0527 4848 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 15:43:40.0531 4848 Mcx2Svc - ok 15:43:40.0548 4848 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 15:43:40.0550 4848 megasas - ok 15:43:40.0581 4848 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 15:43:40.0589 4848 MegaSR - ok 15:43:40.0663 4848 Microsoft SharePoint Workspace Audit Service - ok 15:43:40.0683 4848 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 15:43:40.0687 4848 MMCSS - ok 15:43:40.0710 4848 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 15:43:40.0711 4848 Modem - ok 15:43:40.0747 4848 [ CBB59C41F19EFEA1A000793E08070A62 ] MODEMCSA C:\Windows\system32\drivers\MODEMCSA.sys 15:43:40.0748 4848 MODEMCSA - ok 15:43:40.0769 4848 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 15:43:40.0770 4848 monitor - ok 15:43:40.0790 4848 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 15:43:40.0792 4848 mouclass - ok 15:43:40.0810 4848 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 15:43:40.0811 4848 mouhid - ok 15:43:40.0835 4848 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 15:43:40.0837 4848 MountMgr - ok 15:43:40.0878 4848 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 15:43:40.0881 4848 MozillaMaintenance - ok 15:43:40.0898 4848 [ 5DA347912FD3AF24D7BFB3DE519D4BD0 ] mpio C:\Windows\system32\drivers\mpio.sys 15:43:40.0901 4848 mpio - ok 15:43:40.0918 4848 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 15:43:40.0920 4848 mpsdrv - ok 15:43:40.0951 4848 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 15:43:40.0961 4848 MpsSvc - ok 15:43:40.0991 4848 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 15:43:40.0993 4848 Mraid35x - ok 15:43:41.0017 4848 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 15:43:41.0020 4848 MRxDAV - ok 15:43:41.0049 4848 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 15:43:41.0051 4848 mrxsmb - ok 15:43:41.0097 4848 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:43:41.0101 4848 mrxsmb10 - ok 15:43:41.0121 4848 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:43:41.0123 4848 mrxsmb20 - ok 15:43:41.0144 4848 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys 15:43:41.0145 4848 msahci - ok 15:43:41.0174 4848 [ 2C563AEF15B8D0014C36C5F27742AC7B ] msdsm C:\Windows\system32\drivers\msdsm.sys 15:43:41.0177 4848 msdsm - ok 15:43:41.0196 4848 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 15:43:41.0200 4848 MSDTC - ok 15:43:41.0239 4848 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 15:43:41.0240 4848 Msfs - ok 15:43:41.0259 4848 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 15:43:41.0261 4848 msisadrv - ok 15:43:41.0290 4848 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 15:43:41.0295 4848 MSiSCSI - ok 15:43:41.0300 4848 msiserver - ok 15:43:41.0317 4848 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 15:43:41.0319 4848 MSKSSRV - ok 15:43:41.0341 4848 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 15:43:41.0343 4848 MSPCLOCK - ok 15:43:41.0360 4848 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 15:43:41.0362 4848 MSPQM - ok 15:43:41.0390 4848 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 15:43:41.0394 4848 MsRPC - ok 15:43:41.0415 4848 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 15:43:41.0416 4848 mssmbios - ok 15:43:41.0436 4848 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 15:43:41.0438 4848 MSTEE - ok 15:43:41.0466 4848 [ BB16693616427EAC1A436E106EA8D318 ] MTsensor C:\Windows\system32\drivers\atkacpi.sys 15:43:41.0467 4848 MTsensor - ok 15:43:41.0492 4848 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 15:43:41.0494 4848 Mup - ok 15:43:41.0536 4848 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 15:43:41.0544 4848 napagent - ok 15:43:41.0568 4848 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 15:43:41.0572 4848 NativeWifiP - ok 15:43:41.0608 4848 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 15:43:41.0617 4848 NDIS - ok 15:43:41.0650 4848 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 15:43:41.0652 4848 NdisTapi - ok 15:43:41.0667 4848 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 15:43:41.0668 4848 Ndisuio - ok 15:43:41.0688 4848 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 15:43:41.0691 4848 NdisWan - ok 15:43:41.0710 4848 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 15:43:41.0712 4848 NDProxy - ok 15:43:41.0730 4848 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 15:43:41.0732 4848 NetBIOS - ok 15:43:41.0751 4848 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 15:43:41.0755 4848 netbt - ok 15:43:41.0776 4848 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 15:43:41.0778 4848 Netlogon - ok 15:43:41.0811 4848 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 15:43:41.0820 4848 Netman - ok 15:43:41.0850 4848 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 15:43:41.0864 4848 NetMsmqActivator - ok 15:43:41.0872 4848 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 15:43:41.0874 4848 NetPipeActivator - ok 15:43:41.0919 4848 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 15:43:41.0926 4848 netprofm - ok 15:43:41.0932 4848 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 15:43:41.0934 4848 NetTcpActivator - ok 15:43:41.0941 4848 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 15:43:41.0943 4848 NetTcpPortSharing - ok 15:43:42.0124 4848 [ 39CBA1AE2A400EF99C3DEC9F9F601876 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys 15:43:42.0297 4848 NETw5v32 - ok 15:43:42.0329 4848 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 15:43:42.0331 4848 nfrd960 - ok 15:43:42.0369 4848 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 15:43:42.0375 4848 NlaSvc - ok 15:43:42.0396 4848 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 15:43:42.0397 4848 Npfs - ok 15:43:42.0404 4848 npggsvc - ok 15:43:42.0447 4848 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 15:43:42.0450 4848 nsi - ok 15:43:42.0465 4848 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 15:43:42.0466 4848 nsiproxy - ok 15:43:42.0508 4848 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 15:43:42.0541 4848 Ntfs - ok 15:43:42.0562 4848 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 15:43:42.0563 4848 ntrigdigi - ok 15:43:42.0583 4848 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 15:43:42.0585 4848 Null - ok 15:43:42.0619 4848 [ BC9795F928C1775286E207F55F4870CD ] nvamacpi C:\Windows\system32\drivers\nvamacpi.sys 15:43:42.0621 4848 nvamacpi - ok 15:43:42.0946 4848 [ AFB33A823AABC112FC7BD62AFBCDB0CD ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 15:43:43.0010 4848 nvlddmkm - ok 15:43:43.0055 4848 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 15:43:43.0058 4848 nvraid - ok 15:43:43.0095 4848 [ F13618F0CB1E95232F4C2401592A59E9 ] nvsmu C:\Windows\system32\drivers\nvsmu.sys 15:43:43.0096 4848 nvsmu - ok 15:43:43.0117 4848 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 15:43:43.0119 4848 nvstor - ok 15:43:43.0166 4848 [ 782945716AD010AC3D41758E8E52C735 ] nvsvc C:\Windows\system32\nvvsvc.exe 15:43:43.0186 4848 nvsvc - ok 15:43:43.0303 4848 [ A974E5C310B9B00894070CEB055D467F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 15:43:43.0335 4848 nvUpdatusService - ok 15:43:43.0359 4848 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 15:43:43.0362 4848 nv_agp - ok 15:43:43.0368 4848 NwlnkFlt - ok 15:43:43.0375 4848 NwlnkFwd - ok 15:43:43.0404 4848 [ D51942F12090FC947CA8AA01736DADE2 ] O2MDRDR C:\Windows\system32\drivers\o2media.sys 15:43:43.0407 4848 O2MDRDR - ok 15:43:43.0432 4848 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 15:43:43.0433 4848 ohci1394 - ok 15:43:43.0463 4848 [ FD8CE9DDE60565D4158F9DD7C179E002 ] OsdService C:\Program Files\C&E\OSD\OsdService\OsdService.exe 15:43:43.0464 4848 OsdService - ok 15:43:43.0538 4848 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:43:43.0542 4848 ose - ok 15:43:43.0723 4848 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 15:43:43.0843 4848 osppsvc - ok 15:43:43.0910 4848 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 15:43:43.0941 4848 p2pimsvc - ok 15:43:43.0956 4848 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 15:43:43.0963 4848 p2psvc - ok 15:43:43.0989 4848 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 15:43:43.0991 4848 Parport - ok 15:43:44.0032 4848 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 15:43:44.0034 4848 partmgr - ok 15:43:44.0055 4848 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 15:43:44.0056 4848 Parvdm - ok 15:43:44.0064 4848 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 15:43:44.0068 4848 PcaSvc - ok 15:43:44.0096 4848 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 15:43:44.0100 4848 pci - ok 15:43:44.0115 4848 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys 15:43:44.0116 4848 pciide - ok 15:43:44.0138 4848 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 15:43:44.0142 4848 pcmcia - ok 15:43:44.0196 4848 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 15:43:44.0228 4848 PEAUTH - ok 15:43:44.0307 4848 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 15:43:44.0350 4848 pla - ok 15:43:44.0377 4848 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 15:43:44.0385 4848 PlugPlay - ok 15:43:44.0423 4848 [ 1713D9DE407313138118D501B0E3C05B ] PnkBstrA C:\Windows\system32\PnkBstrA.exe 15:43:44.0428 4848 PnkBstrA - ok 15:43:44.0468 4848 [ 8C74C611ADAF9DA2A918B8E82E14766B ] Pnp680 C:\Windows\system32\drivers\pnp680.sys 15:43:44.0471 4848 Pnp680 - ok 15:43:44.0511 4848 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 15:43:44.0518 4848 PNRPAutoReg - ok 15:43:44.0544 4848 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 15:43:44.0551 4848 PNRPsvc - ok 15:43:44.0589 4848 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 15:43:44.0598 4848 PolicyAgent - ok 15:43:44.0637 4848 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 15:43:44.0639 4848 PptpMiniport - ok 15:43:44.0658 4848 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 15:43:44.0660 4848 Processor - ok 15:43:44.0697 4848 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 15:43:44.0703 4848 ProfSvc - ok 15:43:44.0723 4848 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 15:43:44.0726 4848 ProtectedStorage - ok 15:43:44.0748 4848 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 15:43:44.0749 4848 PSched - ok 15:43:44.0805 4848 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 15:43:44.0849 4848 ql2300 - ok 15:43:44.0887 4848 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 15:43:44.0890 4848 ql40xx - ok 15:43:44.0919 4848 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 15:43:44.0927 4848 QWAVE - ok 15:43:44.0944 4848 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 15:43:44.0946 4848 QWAVEdrv - ok 15:43:44.0953 4848 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 15:43:44.0955 4848 RasAcd - ok 15:43:44.0979 4848 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 15:43:44.0984 4848 RasAuto - ok 15:43:44.0992 4848 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 15:43:44.0995 4848 Rasl2tp - ok 15:43:45.0018 4848 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 15:43:45.0026 4848 RasMan - ok 15:43:45.0069 4848 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 15:43:45.0071 4848 RasPppoe - ok 15:43:45.0079 4848 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 15:43:45.0081 4848 RasSstp - ok 15:43:45.0091 4848 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 15:43:45.0096 4848 rdbss - ok 15:43:45.0104 4848 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 15:43:45.0106 4848 RDPCDD - ok 15:43:45.0131 4848 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 15:43:45.0136 4848 rdpdr - ok 15:43:45.0143 4848 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 15:43:45.0145 4848 RDPENCDD - ok 15:43:45.0193 4848 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 15:43:45.0198 4848 RDPWD - ok 15:43:45.0231 4848 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 15:43:45.0235 4848 RemoteAccess - ok 15:43:45.0248 4848 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 15:43:45.0255 4848 RemoteRegistry - ok 15:43:45.0266 4848 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 15:43:45.0269 4848 RFCOMM - ok 15:43:45.0295 4848 [ DF672613FBBCD58C38BB0BC2694BCFB0 ] rimmptsk C:\Windows\system32\drivers\rimmptsk.sys 15:43:45.0309 4848 rimmptsk - ok 15:43:45.0340 4848 [ AF213955C4D952C914620E8DB0CD0CF7 ] rimspci C:\Windows\system32\drivers\rimspe86.sys 15:43:45.0342 4848 rimspci - ok 15:43:45.0360 4848 [ 9BFB54D3559F2FF7301271D29D383564 ] rimsptsk C:\Windows\system32\drivers\rimsptsk.sys 15:43:45.0363 4848 rimsptsk - ok 15:43:45.0401 4848 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys 15:43:45.0404 4848 RimUsb - ok 15:43:45.0449 4848 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys 15:43:45.0451 4848 RimVSerPort - ok 15:43:45.0472 4848 [ 6978DECC2C38C5CE10A8B0F2B12F4451 ] risdpcie C:\Windows\system32\drivers\risdpe86.sys 15:43:45.0508 4848 risdpcie - ok 15:43:45.0531 4848 [ DCB87DA83CC1010CBC9FC4DC9E395BBC ] rismxdp C:\Windows\system32\drivers\rixdptsk.sys 15:43:45.0554 4848 rismxdp - ok 15:43:45.0586 4848 [ 764C1F3453E779724BA647327DE7DDD4 ] rixdpcie C:\Windows\system32\drivers\rixdpe86.sys 15:43:45.0638 4848 rixdpcie - ok 15:43:45.0726 4848 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys 15:43:45.0741 4848 ROOTMODEM - ok 15:43:45.0779 4848 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 15:43:45.0782 4848 RpcLocator - ok 15:43:45.0841 4848 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 15:43:45.0849 4848 RpcSs - ok 15:43:45.0861 4848 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 15:43:45.0864 4848 rspndr - ok 15:43:45.0901 4848 [ 83F7A29B659771E60CD71999EF57AA0C ] RSUSBSTOR C:\Windows\system32\drivers\rtsustor.sys 15:43:45.0905 4848 RSUSBSTOR - ok 15:43:45.0980 4848 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys 15:43:45.0982 4848 RTL8169 - ok 15:43:46.0014 4848 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 15:43:46.0016 4848 SamSs - ok 15:43:46.0093 4848 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 15:43:46.0094 4848 SASDIFSV - ok 15:43:46.0138 4848 [ 77B9FC20084B48408AD3E87570EB4A85 ] SAS***IL C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS 15:43:46.0140 4848 SAS***IL - ok 15:43:46.0159 4848 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 15:43:46.0162 4848 sbp2port - ok 15:43:46.0328 4848 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 15:43:46.0336 4848 SBSDWSCService - ok 15:43:46.0384 4848 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 15:43:46.0389 4848 SCardSvr - ok 15:43:46.0474 4848 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 15:43:46.0494 4848 Schedule - ok 15:43:46.0527 4848 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 15:43:46.0528 4848 SCPolicySvc - ok 15:43:46.0553 4848 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 15:43:46.0556 4848 sdbus - ok 15:43:46.0578 4848 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 15:43:46.0584 4848 SDRSVC - ok 15:43:46.0680 4848 [ 331E7BDE228914574FC9AE6CD520DAFA ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 15:43:46.0686 4848 SeaPort - ok 15:43:46.0693 4848 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 15:43:46.0695 4848 secdrv - ok 15:43:46.0740 4848 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 15:43:46.0744 4848 seclogon - ok 15:43:46.0758 4848 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll 15:43:46.0762 4848 SENS - ok 15:43:46.0770 4848 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 15:43:46.0773 4848 Serenum - ok 15:43:46.0781 4848 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 15:43:46.0784 4848 Serial - ok 15:43:46.0792 4848 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 15:43:46.0794 4848 sermouse - ok 15:43:46.0874 4848 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 15:43:46.0884 4848 SessionEnv - ok 15:43:46.0892 4848 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 15:43:46.0894 4848 sffdisk - ok 15:43:46.0905 4848 [ E5EAFE85815BD89095FEF3144A09AB68 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 15:43:46.0907 4848 sffp_mmc - ok 15:43:46.0930 4848 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 15:43:46.0931 4848 sffp_sd - ok 15:43:46.0939 4848 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 15:43:46.0941 4848 sfloppy - ok 15:43:46.0992 4848 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 15:43:46.0999 4848 SharedAccess - ok 15:43:47.0053 4848 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 15:43:47.0058 4848 ShellHWDetection - ok 15:43:47.0177 4848 [ 93BEACC3815A4653A655C8BD7622FF63 ] Si3531 C:\Windows\system32\DRIVERS\Si3531.sys 15:43:47.0180 4848 Si3531 - ok 15:43:47.0199 4848 [ 165448BC832D424B97270C8D1276E24A ] SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys 15:43:47.0212 4848 SiFilter - ok 15:43:47.0256 4848 [ 9BE8EA3A8C7E6D47E710F6FA14B7442B ] SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys 15:43:47.0265 4848 SiRemFil - ok 15:43:47.0301 4848 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 15:43:47.0304 4848 sisagp - ok 15:43:47.0328 4848 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 15:43:47.0330 4848 SiSRaid2 - ok 15:43:47.0341 4848 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 15:43:47.0344 4848 SiSRaid4 - ok 15:43:47.0462 4848 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 15:43:47.0548 4848 slsvc - ok 15:43:47.0562 4848 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 15:43:47.0567 4848 SLUINotify - ok 15:43:47.0576 4848 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 15:43:47.0578 4848 Smb - ok 15:43:47.0591 4848 [ 12B62474E707A26D662232C54A4EF322 ] SMSCIRDA C:\Windows\system32\DRIVERS\SMSCirda.sys 15:43:47.0593 4848 SMSCIRDA - ok 15:43:47.0637 4848 [ 2D97B7CC3F118620A704C5DA138CA120 ] smserial C:\Windows\system32\DRIVERS\smserial.sys 15:43:47.0672 4848 smserial - ok 15:43:47.0715 4848 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 15:43:47.0719 4848 SNMPTRAP - ok 15:43:47.0732 4848 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 15:43:47.0734 4848 spldr - ok 15:43:47.0773 4848 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 15:43:47.0779 4848 Spooler - ok 15:43:47.0853 4848 [ A199171385BE17973FD800FA91F8F78A ] sptd C:\Windows\system32\Drivers\sptd.sys 15:43:47.0854 4848 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: A199171385BE17973FD800FA91F8F78A 15:43:47.0858 4848 sptd ( LockedFile.Multi.Generic ) - warning 15:43:47.0858 4848 sptd - detected LockedFile.Multi.Generic (1) 15:43:47.0896 4848 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 15:43:47.0902 4848 srv - ok 15:43:47.0924 4848 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 15:43:47.0927 4848 srv2 - ok 15:43:47.0982 4848 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 15:43:47.0985 4848 srvnet - ok 15:43:48.0030 4848 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 15:43:48.0038 4848 SSDPSRV - ok 15:43:48.0073 4848 [ DF5C19F053EFF7F8BA25D73AEA899656 ] ssm_bus C:\Windows\system32\DRIVERS\ssm_bus.sys 15:43:48.0076 4848 ssm_bus - ok 15:43:48.0085 4848 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 15:43:48.0091 4848 SstpSvc - ok 15:43:48.0123 4848 Steam Client Service - ok 15:43:48.0174 4848 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 15:43:48.0181 4848 Stereo Service - ok 15:43:48.0215 4848 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 15:43:48.0216 4848 StillCam - ok 15:43:48.0261 4848 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 15:43:48.0280 4848 stisvc - ok 15:43:48.0332 4848 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 15:43:48.0333 4848 swenum - ok 15:43:48.0352 4848 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 15:43:48.0361 4848 swprv - ok 15:43:48.0370 4848 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 15:43:48.0372 4848 Symc8xx - ok 15:43:48.0380 4848 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 15:43:48.0383 4848 Sym_hi - ok 15:43:48.0394 4848 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 15:43:48.0397 4848 Sym_u3 - ok 15:43:48.0463 4848 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 15:43:48.0484 4848 SysMain - ok 15:43:48.0519 4848 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 15:43:48.0524 4848 TabletInputService - ok 15:43:48.0545 4848 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 15:43:48.0553 4848 TapiSrv - ok 15:43:48.0581 4848 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 15:43:48.0585 4848 TBS - ok 15:43:48.0640 4848 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 15:43:48.0660 4848 Tcpip - ok 15:43:48.0681 4848 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 15:43:48.0687 4848 Tcpip6 - ok 15:43:48.0737 4848 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 15:43:48.0738 4848 tcpipreg - ok 15:43:48.0778 4848 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 15:43:48.0780 4848 TDPIPE - ok 15:43:48.0788 4848 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 15:43:48.0790 4848 TDTCP - ok 15:43:48.0799 4848 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 15:43:48.0801 4848 tdx - ok 15:43:48.0989 4848 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe 15:43:49.0005 4848 TeamViewer7 - ok 15:43:49.0014 4848 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 15:43:49.0016 4848 TermDD - ok 15:43:49.0051 4848 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 15:43:49.0072 4848 TermService - ok 15:43:49.0112 4848 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 15:43:49.0117 4848 Themes - ok 15:43:49.0138 4848 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 15:43:49.0141 4848 THREADORDER - ok 15:43:49.0150 4848 [ CB258C2F726F1BE73C507022BE33EBB3 ] TPM C:\Windows\system32\drivers\tpm.sys 15:43:49.0152 4848 TPM - ok 15:43:49.0230 4848 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 15:43:49.0236 4848 TrkWks - ok 15:43:49.0283 4848 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 15:43:49.0285 4848 TrustedInstaller - ok 15:43:49.0299 4848 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 15:43:49.0301 4848 tssecsrv - ok 15:43:49.0309 4848 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 15:43:49.0311 4848 tunmp - ok 15:43:49.0361 4848 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 15:43:49.0363 4848 tunnel - ok 15:43:49.0382 4848 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 15:43:49.0386 4848 uagp35 - ok 15:43:49.0394 4848 ucos - ok 15:43:49.0408 4848 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 15:43:49.0413 4848 udfs - ok 15:43:49.0448 4848 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 15:43:49.0454 4848 UI0Detect - ok 15:43:49.0472 4848 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 15:43:49.0475 4848 uliagpkx - ok 15:43:49.0497 4848 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 15:43:49.0503 4848 uliahci - ok 15:43:49.0513 4848 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 15:43:49.0516 4848 UlSata - ok 15:43:49.0526 4848 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 15:43:49.0529 4848 ulsata2 - ok 15:43:49.0544 4848 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 15:43:49.0546 4848 umbus - ok 15:43:49.0564 4848 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 15:43:49.0572 4848 upnphost - ok 15:43:49.0627 4848 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 15:43:49.0630 4848 usbccgp - ok 15:43:49.0640 4848 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 15:43:49.0642 4848 usbcir - ok 15:43:49.0678 4848 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 15:43:49.0680 4848 usbehci - ok 15:43:49.0696 4848 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 15:43:49.0700 4848 usbhub - ok 15:43:49.0709 4848 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 15:43:49.0711 4848 usbohci - ok 15:43:49.0753 4848 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 15:43:49.0756 4848 usbprint - ok 15:43:49.0782 4848 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 15:43:49.0784 4848 usbscan - ok 15:43:49.0817 4848 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:43:49.0833 4848 USBSTOR - ok 15:43:49.0868 4848 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 15:43:49.0869 4848 usbuhci - ok 15:43:49.0896 4848 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 15:43:49.0901 4848 UxSms - ok 15:43:49.0923 4848 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 15:43:49.0934 4848 vds - ok 15:43:49.0943 4848 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 15:43:49.0946 4848 vga - ok 15:43:49.0955 4848 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 15:43:49.0957 4848 VgaSave - ok 15:43:49.0966 4848 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 15:43:49.0969 4848 viaagp - ok 15:43:49.0978 4848 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 15:43:49.0980 4848 ViaC7 - ok 15:43:50.0035 4848 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 15:43:50.0037 4848 viaide - ok 15:43:50.0046 4848 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 15:43:50.0048 4848 volmgr - ok 15:43:50.0094 4848 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 15:43:50.0100 4848 volmgrx - ok 15:43:50.0133 4848 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys 15:43:50.0138 4848 volsnap - ok 15:43:50.0148 4848 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 15:43:50.0152 4848 vsmraid - ok 15:43:50.0195 4848 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 15:43:50.0229 4848 VSS - ok 15:43:50.0259 4848 vtany - ok 15:43:50.0273 4848 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 15:43:50.0282 4848 W32Time - ok 15:43:50.0310 4848 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 15:43:50.0312 4848 WacomPen - ok 15:43:50.0321 4848 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 15:43:50.0323 4848 Wanarp - ok 15:43:50.0331 4848 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 15:43:50.0333 4848 Wanarpv6 - ok 15:43:50.0374 4848 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 15:43:50.0386 4848 wcncsvc - ok 15:43:50.0401 4848 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 15:43:50.0406 4848 WcsPlugInService - ok 15:43:50.0415 4848 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 15:43:50.0418 4848 Wd - ok 15:43:50.0462 4848 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 15:43:50.0470 4848 Wdf01000 - ok 15:43:50.0501 4848 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 15:43:50.0506 4848 WdiServiceHost - ok 15:43:50.0516 4848 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 15:43:50.0520 4848 WdiSystemHost - ok 15:43:50.0540 4848 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 15:43:50.0548 4848 WebClient - ok 15:43:50.0582 4848 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 15:43:50.0589 4848 Wecsvc - ok 15:43:50.0614 4848 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 15:43:50.0619 4848 wercplsupport - ok 15:43:50.0640 4848 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 15:43:50.0647 4848 WerSvc - ok 15:43:50.0688 4848 [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 15:43:50.0709 4848 winachsf - ok 15:43:50.0773 4848 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 15:43:50.0779 4848 WinDefend - ok 15:43:50.0799 4848 WinHttpAutoProxySvc - ok 15:43:50.0877 4848 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 15:43:50.0881 4848 Winmgmt - ok 15:43:50.0909 4848 WinRing0_1_2_0 - ok 15:43:50.0970 4848 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 15:43:51.0015 4848 WinRM - ok 15:43:51.0113 4848 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 15:43:51.0130 4848 Wlansvc - ok 15:43:51.0240 4848 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 15:43:51.0285 4848 wlidsvc - ok 15:43:51.0314 4848 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 15:43:51.0315 4848 WmiAcpi - ok 15:43:51.0352 4848 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 15:43:51.0356 4848 wmiApSrv - ok 15:43:51.0439 4848 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 15:43:51.0472 4848 WMPNetworkSvc - ok 15:43:51.0506 4848 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 15:43:51.0513 4848 WPCSvc - ok 15:43:51.0549 4848 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 15:43:51.0555 4848 WPDBusEnum - ok 15:43:51.0594 4848 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 15:43:51.0597 4848 WpdUsb - ok 15:43:51.0664 4848 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 15:43:51.0684 4848 WPFFontCache_v0400 - ok 15:43:51.0716 4848 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 15:43:51.0717 4848 ws2ifsl - ok 15:43:51.0731 4848 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll 15:43:51.0737 4848 wscsvc - ok 15:43:51.0745 4848 WSearch - ok 15:43:51.0833 4848 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 15:43:51.0864 4848 wuauserv - ok 15:43:51.0874 4848 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 15:43:51.0877 4848 WUDFRd - ok 15:43:51.0919 4848 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll 15:43:51.0924 4848 wudfsvc - ok 15:43:51.0948 4848 xhunter1 - ok 15:43:52.0031 4848 [ 0357445AB248C74DE6D5A383A1413D20 ] xsherlock C:\Windows\system32\xsherlock.xem 15:43:52.0051 4848 xsherlock - ok 15:43:52.0096 4848 ================ Scan global =============================== 15:43:52.0159 4848 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 15:43:52.0198 4848 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 15:43:52.0220 4848 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 15:43:52.0263 4848 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 15:43:52.0271 4848 [Global] - ok 15:43:52.0271 4848 ================ Scan MBR ================================== 15:43:52.0274 4848 [ 87D88FA4D3EFD4431866EA91949644BF ] \Device\Harddisk0\DR0 15:43:52.0274 4848 Suspicious mbr (Forged): \Device\Harddisk0\DR0 15:43:52.0562 4848 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected 15:43:52.0562 4848 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0) 15:43:52.0615 4848 [ 87D88FA4D3EFD4431866EA91949644BF ] \Device\Harddisk1\DR1 15:43:52.0647 4848 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - infected 15:43:52.0647 4848 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Wistler.a (0) 15:43:52.0648 4848 ================ Scan VBR ================================== 15:43:52.0651 4848 [ E4870E073C305E64B838282E0A1638F7 ] \Device\Harddisk0\DR0\Partition1 15:43:52.0652 4848 \Device\Harddisk0\DR0\Partition1 - ok 15:43:52.0655 4848 [ 4C2D5FEF3CB50ECDC5F3CCB7CC58A108 ] \Device\Harddisk1\DR1\Partition1 15:43:52.0656 4848 \Device\Harddisk1\DR1\Partition1 - ok 15:43:52.0657 4848 ============================================================ 15:43:52.0657 4848 Scan finished 15:43:52.0657 4848 ============================================================ 15:43:52.0666 4788 Detected object count: 4 15:43:52.0666 4788 Actual detected object count: 4 15:44:28.0755 4788 c:\program files\common files\akamai/netsession_win_5891ae0.dll - copied to quarantine 15:44:28.0823 4788 HKLM\SYSTEM\ControlSet001\services\Akamai - will be deleted on reboot 15:44:29.0150 4788 HKLM\SYSTEM\ControlSet011\services\Akamai - will be deleted on reboot 15:44:29.0190 4788 c:\program files\common files\akamai/netsession_win_5891ae0.dll - will be deleted on reboot 15:44:29.0190 4788 Akamai ( HiddenFile.Multi.Generic ) - User select action: Delete 15:44:29.0264 4788 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine 15:44:29.0285 4788 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot 15:44:29.0339 4788 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot 15:44:29.0351 4788 HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted on reboot 15:44:29.0362 4788 HKLM\SYSTEM\ControlSet004\services\sptd - will be deleted on reboot 15:44:29.0371 4788 HKLM\SYSTEM\ControlSet005\services\sptd - will be deleted on reboot 15:44:29.0383 4788 HKLM\SYSTEM\ControlSet006\services\sptd - will be deleted on reboot 15:44:29.0394 4788 HKLM\SYSTEM\ControlSet007\services\sptd - will be deleted on reboot 15:44:29.0405 4788 HKLM\SYSTEM\ControlSet008\services\sptd - will be deleted on reboot 15:44:29.0415 4788 HKLM\SYSTEM\ControlSet009\services\sptd - will be deleted on reboot 15:44:29.0415 4788 HKLM\SYSTEM\ControlSet011\services\sptd - will be deleted on reboot 15:44:29.0419 4788 C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot 15:44:29.0419 4788 sptd ( LockedFile.Multi.Generic ) - User select action: Delete 15:44:30.0082 4788 \Device\Harddisk0\DR0\# - copied to quarantine 15:44:30.0085 4788 \Device\Harddisk0\DR0 - copied to quarantine 15:44:30.0093 4788 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - will be cured on reboot 15:44:30.0095 4788 \Device\Harddisk0\DR0 - ok 15:44:30.0095 4788 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Cure 15:44:30.0581 4788 \Device\Harddisk1\DR1\# - copied to quarantine 15:44:30.0582 4788 \Device\Harddisk1\DR1 - copied to quarantine 15:44:30.0590 4788 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - will be cured on reboot 15:44:30.0591 4788 \Device\Harddisk1\DR1 - ok 15:44:30.0591 4788 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - User select action: Cure
-
ik heb nog steeds dezelfde virus. Ik krijg nog altijd reclame boodschappen in het engels terwijl ik niks doe met mn laptop. Ik heb het reclame boodschap opgenomen en ingepakt in een rar bestand. virus.rar
-
\\.\PhysicalDrive0 - Rootkits worden niet automatisch verwijderd. Raadpleeg aub de experts op het Emsisoft forum voor hulp bij het handmatig verwijderen van deze malware: Emsisoft Support Forum c:\users\gebruiker\appdata\roaming\microsoft\windows\start menu\programs\bitlord\bitlord.lnk
-
Emsisoft Emergency Kit - Versie 2.0 Laatste Update: 19/09/2012 13:32:07 Scaninstellingen: Scantype: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\, D:\ Scan archieven: Aan ADS Scan: Aan Scan gestart: 19/09/2012 13:32:44 \\.\PhysicalDrive0 Ontdekt: Heuristic.Possible.MBR.Rootkit!E1 c:\users\gebruiker\appdata\roaming\microsoft\windows\start menu\programs\bitlord Ontdekt: Trace.File.bitlord 1.1!E1 c:\users\gebruiker\appdata\roaming\microsoft\windows\start menu\programs\bitlord\bitlord.lnk Ontdekt: Trace.File.bitlord 1.1!E1 Value: hkey_current_user\software\bitlord\bitcomet\appwindow --> maximized Ontdekt: Trace.Registry.bitlord 1.1!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\bitlord --> displayicon Ontdekt: Trace.Registry.bitlord 1.1!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\bitlord --> displayname Ontdekt: Trace.Registry.bitlord 1.1!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\bitlord --> displayversion Ontdekt: Trace.Registry.bitlord 1.1!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\bitlord --> nsis:startmenudir Ontdekt: Trace.Registry.bitlord 1.1!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\bitlord --> publisher Ontdekt: Trace.Registry.bitlord 1.1!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\bitlord --> uninstallstring Ontdekt: Trace.Registry.bitlord 1.1!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\bitlord --> urlinfoabout Ontdekt: Trace.Registry.bitlord 1.1!E1 Value: hkey_current_user\software\bitlord\bitcomet\appwindow --> toolbar Ontdekt: Trace.Registry.bitlord 1.1!E1 Value: hkey_current_user\software\bitlord\bitcomet\appwindow --> favsite Ontdekt: Trace.Registry.bitlord 1.1!E1 Value: hkey_current_user\software\bitlord\bitcomet\appwindow --> statusbar Ontdekt: Trace.Registry.bitlord 1.1!E1 C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\3c81b473-59bfb511 -> Ejkteaa.class Ontdekt: JAVA.Agent!E2 C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\3c81b473-59bfb511 -> Lopok.class Ontdekt: JAVA.Agent!E2 C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\3c81b473-59bfb511 -> Strs.class Ontdekt: JAVA.Agent!E2 C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\3c81b473-59bfb511 -> Pipix.class Ontdekt: JAVA.Agent!E2 C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6d7f520c-2a5649c3 -> Bar.class Ontdekt: Exploit.-!E2 C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\3c81b473-59bfb511 -> Mimio.class Ontdekt: JAVA.Agent!E2 C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6d7f520c-2a5649c3 -> Esia$ffhg.class Ontdekt: Java.CVE!E2 C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6d7f520c-2a5649c3 -> Esia.class Ontdekt: Exploit.Java.CVE!E2 C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6d7f520c-2a5649c3 -> Etui.class Ontdekt: JAVA.Inject!E2 C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6d7f520c-2a5649c3 -> Lolp.class Ontdekt: Java.CVE!E2 C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6d7f520c-2a5649c3 -> Oi.class Ontdekt: Java.CVE!E2 C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6d7f520c-2a5649c3 -> Pol.class Ontdekt: JAVA.Agent!E2 C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\3c81b473-59bfb511 -> Soo$1.class Ontdekt: JAVA.Agent!E2 C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\3c81b473-59bfb511 -> Soo.class Ontdekt: JAVA.Agent!E2 C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6d7f520c-2a5649c3 -> Esia$fffgss.class Ontdekt: Java.CVE!E2 C:\Users\Gebruiker\Desktop\TRGoals TV 5.0\Ultrasurf\u1103.exe Ontdekt: Packed.Win32.Themida.AMN!E1 C:\Users\Gebruiker\Desktop\games\MHS-Bot-PW 2.3 With Country Memory Customizer And Source Code\MHS-Bot-PW 2.3 With Country Memory Customizer (Source Code).au3 Ontdekt: Riskware.AdWare.Win32.Reklosoft!E2 C:\Users\Gebruiker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\34460fd4-1366f486 -> payload\win32.bin Ontdekt: Trojan-Clicker.Win32.Wistler!E2 Gescand 732049 Gevonden 32 Scan geëindigd: 19/09/2012 17:31:11 Scantijd: 3:58:27
-
Ik krijg nog steeds reclames in het nederlands engels frans... ComboFix 12-09-16.01 - Gebruiker 17/09/2012 20:50:02.9.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3070.1913 [GMT 2:00] Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Gebruiker\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\DEBUG.log . . (((((((((((((((((((( Bestanden Gemaakt van 2012-08-17 to 2012-09-17 )))))))))))))))))))))))))))))) . . 2012-09-17 19:18 . 2012-09-17 19:18 -------- d-----w- c:\users\Gebruiker\AppData\Local\temp 2012-09-17 19:18 . 2012-09-17 19:18 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-09-17 19:18 . 2012-09-17 19:18 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-09-17 19:18 . 2012-09-17 19:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-11 21:22 . 2012-09-11 21:22 -------- d-----w- c:\programdata\Research In Motion 2012-08-27 15:35 . 2012-08-28 10:19 -------- d-----w- c:\program files\Guild Wars 2 2012-08-24 18:51 . 2012-08-24 18:51 -------- d-----w- c:\program files\SystemRequirementsLab 2012-08-24 18:51 . 2012-08-24 18:51 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\SystemRequirementsLab 2012-08-23 21:37 . 2012-08-23 21:37 -------- d-----w- c:\users\Gebruiker\temp 2012-08-23 21:37 . 2012-08-23 21:37 -------- d-----w- c:\program files\TeamViewer . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-12 11:41 . 2012-04-04 11:50 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-12 11:41 . 2011-06-12 12:19 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-07 15:04 . 2010-08-31 23:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-10 14:42 . 2012-08-10 14:42 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-08-10 14:42 . 2012-08-10 14:42 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-08-10 14:42 . 2012-08-10 14:42 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-10 14:42 . 2012-08-10 14:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-10 14:42 . 2012-08-10 14:42 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-10 14:42 . 2012-08-10 14:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-10 14:42 . 2012-08-10 14:42 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-08-10 14:41 . 2012-08-10 14:41 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-08-10 14:41 . 2012-08-10 14:41 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-08-10 14:41 . 2012-08-10 14:41 278528 ----a-w- c:\windows\system32\schannel.dll 2012-08-10 14:40 . 2012-08-10 14:40 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-07-20 18:37 . 2012-07-02 22:06 654944 ----a-w- c:\windows\system32\xsherlock.xem 2012-07-03 16:21 . 2011-09-23 21:17 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-07-03 16:21 . 2011-09-23 21:17 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-07-03 16:21 . 2011-09-23 21:17 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-07-03 16:21 . 2011-09-23 21:17 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21 . 2011-09-23 21:17 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-03 16:21 . 2011-09-23 21:17 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-07-03 16:21 . 2011-09-23 21:16 41224 ----a-w- c:\windows\avastSS.scr 2012-07-03 16:21 . 2011-09-23 21:16 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-09-06 23:35 . 2012-09-06 23:34 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Akamai NetSession Interface"="c:\users\Gebruiker\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-25 8129056] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-10-06 638976] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872] "OSD"="c:\program files\C&E\OSD\osd.exe" [2007-09-20 561152] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe" [2012-08-16 686792] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKLM\~\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] path=c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk backup=c:\windows\pss\Dropbox.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk] path=c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk backup=c:\windows\pss\Facebook Messenger.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5] 2012-05-28 13:56 288128 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update] 2012-07-27 15:42 138096 ----atw- c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify] 2012-08-21 10:50 5576408 ----a-w- c:\users\Gebruiker\AppData\Roaming\Spotify\spotify.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] 2012-08-21 10:49 1193176 ----a-w- c:\users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-954086183-1671949515-1526744126-1002] "EnableNotificationsRef"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map . 2012-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 11:41] . 2012-09-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954086183-1671949515-1526744126-1002Core.job - c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-18 15:42] . 2012-09-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954086183-1671949515-1526744126-1002UA.job - c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-18 15:42] . 2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-12 19:56] . 2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-12 19:56] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = local;<local> IE: &Verzenden naar OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{2E63F5B9-1F12-40AA-B9E9-0B9FFEEEC37E}: NameServer = 8.8.8.8,8.8.4.4 FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\2sz174i5.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.google.be/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-09-17 21:18 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . c:\program files\Internet Explorer\iexplore.exe [4012] 0x8A933B30 c:\program files\Internet Explorer\iexplore.exe [2516] 0x8772A4D0 c:\program files\Internet Explorer\iexplore.exe [4388] 0x86283210 . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xsherlock] "ImagePath"="c:\windows\system32\xsherlock.xem" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{6CF8B227-DCD0-43A1-BD25-07F7A4573198}"=hex:51,66,7a,6c,4c,1d,38,12,49,b1,eb, 68,e2,92,cf,06,c2,33,44,b7,a1,09,75,8c "{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d, 8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:de,1e,e0,de,7f,e2,cc,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,d8,1f,e3,a0,15,c6,43,96,25,a6,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,d8,1f,e3,a0,15,c6,43,96,25,a6,\ . [HKEY_USERS\S-1-5-21-954086183-1671949515-1526744126-1002\Software\SecuROM\License information*] "datasecu"=hex:20,ba,75,f5,a2,0a,36,8b,1a,81,b7,cd,eb,84,0a,85,28,2b,3e,14,b0, f9,8f,8b,ac,2e,47,a1,82,22,b8,30,db,af,e5,04,45,7c,1e,39,3c,e4,8a,84,c8,c2,\ "rkeysecu"=hex:98,61,79,c9,42,0c,bd,70,31,d2,f3,74,78,48,ee,a9 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2012-09-17 21:24:30 ComboFix-quarantined-files.txt 2012-09-17 19:24 ComboFix2.txt 2012-09-16 17:05 ComboFix3.txt 2012-06-30 14:41 ComboFix4.txt 2012-06-29 20:40 ComboFix5.txt 2012-09-17 18:40 . Pre-Run: 70.952.030.208 bytes beschikbaar Post-Run: 70.910.607.360 bytes beschikbaar . - - End Of File - - 1DDAF61B67B946C783DD581DFE4D0BA3
-
cComboFix 12-09-15.02 - Gebruiker 16/09/2012 18:36:43.8.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3070.1421 [GMT 2:00] Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Gebruiker\AppData\Local\assembly\tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2012-08-16 to 2012-09-16 )))))))))))))))))))))))))))))) . . 2012-09-16 17:01 . 2012-09-16 17:02 -------- d-----w- c:\users\Gebruiker\AppData\Local\temp 2012-09-16 17:01 . 2012-09-16 17:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-09-16 17:01 . 2012-09-16 17:01 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-09-16 17:01 . 2012-09-16 17:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-11 21:22 . 2012-09-11 21:22 -------- d-----w- c:\programdata\Research In Motion 2012-08-27 15:35 . 2012-08-28 10:19 -------- d-----w- c:\program files\Guild Wars 2 2012-08-24 18:51 . 2012-08-24 18:51 -------- d-----w- c:\program files\SystemRequirementsLab 2012-08-24 18:51 . 2012-08-24 18:51 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\SystemRequirementsLab 2012-08-23 21:37 . 2012-08-23 21:37 -------- d-----w- c:\users\Gebruiker\temp 2012-08-23 21:37 . 2012-08-23 21:37 -------- d-----w- c:\program files\TeamViewer . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-12 11:41 . 2012-04-04 11:50 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-12 11:41 . 2011-06-12 12:19 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-07 15:04 . 2010-08-31 23:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-10 14:42 . 2012-08-10 14:42 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-08-10 14:42 . 2012-08-10 14:42 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-08-10 14:42 . 2012-08-10 14:42 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-10 14:42 . 2012-08-10 14:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-10 14:42 . 2012-08-10 14:42 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-10 14:42 . 2012-08-10 14:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-10 14:42 . 2012-08-10 14:42 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-08-10 14:41 . 2012-08-10 14:41 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-08-10 14:41 . 2012-08-10 14:41 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-08-10 14:41 . 2012-08-10 14:41 278528 ----a-w- c:\windows\system32\schannel.dll 2012-08-10 14:40 . 2012-08-10 14:40 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-07-20 18:37 . 2012-07-02 22:06 654944 ----a-w- c:\windows\system32\xsherlock.xem 2012-07-03 16:21 . 2011-09-23 21:17 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-07-03 16:21 . 2011-09-23 21:17 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-07-03 16:21 . 2011-09-23 21:17 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-07-03 16:21 . 2011-09-23 21:17 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21 . 2011-09-23 21:17 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-03 16:21 . 2011-09-23 21:17 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-07-03 16:21 . 2011-09-23 21:16 41224 ----a-w- c:\windows\avastSS.scr 2012-07-03 16:21 . 2011-09-23 21:16 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-06-19 11:08 . 2012-06-19 11:09 772592 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-19 11:08 . 2010-10-01 16:10 687600 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-06 23:35 . 2012-09-06 23:34 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Akamai NetSession Interface"="c:\users\Gebruiker\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-25 8129056] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-10-06 638976] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872] "OSD"="c:\program files\C&E\OSD\osd.exe" [2007-09-20 561152] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe" [2012-08-16 686792] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKLM\~\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] path=c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk backup=c:\windows\pss\Dropbox.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk] path=c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk backup=c:\windows\pss\Facebook Messenger.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5] 2012-05-28 13:56 288128 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update] 2012-07-27 15:42 138096 ----atw- c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify] 2012-08-21 10:50 5576408 ----a-w- c:\users\Gebruiker\AppData\Roaming\Spotify\spotify.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] 2012-08-21 10:49 1193176 ----a-w- c:\users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-954086183-1671949515-1526744126-1002] "EnableNotificationsRef"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map . 2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 11:41] . 2012-09-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954086183-1671949515-1526744126-1002Core.job - c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-18 15:42] . 2012-09-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954086183-1671949515-1526744126-1002UA.job - c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-18 15:42] . 2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-12 19:56] . 2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-12 19:56] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = local;<local> IE: &Verzenden naar OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{2E63F5B9-1F12-40AA-B9E9-0B9FFEEEC37E}: NameServer = 8.8.8.8,8.8.4.4 FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\2sz174i5.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.google.be/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=2&q= . - - - - ORPHANS VERWIJDERD - - - - . MSConfigStartUp-FlashGet 3 - c:\program files\FlashGet Network\FlashGet 3\FlashGet3.exe MSConfigStartUp-MurGee - c:\program files\Auto Clicker\AutoClicker.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-09-16 19:02 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . c:\program files\Internet Explorer\iexplore.exe [3636] 0x8A8E9D90 c:\program files\Internet Explorer\iexplore.exe [2356] 0x91A409B8 c:\program files\Internet Explorer\iexplore.exe [7992] 0x8623EBF8 c:\program files\Internet Explorer\iexplore.exe [7684] 0x86045708 c:\program files\Internet Explorer\iexplore.exe [5564] 0x85E4FD90 . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xsherlock] "ImagePath"="c:\windows\system32\xsherlock.xem" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{6CF8B227-DCD0-43A1-BD25-07F7A4573198}"=hex:51,66,7a,6c,4c,1d,38,12,49,b1,eb, 68,e2,92,cf,06,c2,33,44,b7,a1,09,75,8c "{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d, 8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:de,1e,e0,de,7f,e2,cc,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,d8,1f,e3,a0,15,c6,43,96,25,a6,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,d8,1f,e3,a0,15,c6,43,96,25,a6,\ . [HKEY_USERS\S-1-5-21-954086183-1671949515-1526744126-1002\Software\SecuROM\License information*] "datasecu"=hex:20,ba,75,f5,a2,0a,36,8b,1a,81,b7,cd,eb,84,0a,85,28,2b,3e,14,b0, f9,8f,8b,ac,2e,47,a1,82,22,b8,30,db,af,e5,04,45,7c,1e,39,3c,e4,8a,84,c8,c2,\ "rkeysecu"=hex:98,61,79,c9,42,0c,bd,70,31,d2,f3,74,78,48,ee,a9 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(13548) c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . Voltooingstijd: 2012-09-16 19:05:54 ComboFix-quarantined-files.txt 2012-09-16 17:05 ComboFix2.txt 2012-06-30 14:41 ComboFix3.txt 2012-06-29 20:40 ComboFix4.txt 2010-11-09 16:31 . Pre-Run: 70.491.267.072 bytes beschikbaar Post-Run: 71.623.778.304 bytes beschikbaar . - - End Of File - - C0D1B253331E77A4C53E8D0EF71F16AC
-
cComboFix 12-09-15.02 - Gebruiker 16/09/2012 18:36:43.8.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3070.1421 [GMT 2:00] Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Gebruiker\AppData\Local\assembly\tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2012-08-16 to 2012-09-16 )))))))))))))))))))))))))))))) . . 2012-09-16 17:01 . 2012-09-16 17:02 -------- d-----w- c:\users\Gebruiker\AppData\Local\temp 2012-09-16 17:01 . 2012-09-16 17:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-09-16 17:01 . 2012-09-16 17:01 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-09-16 17:01 . 2012-09-16 17:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-11 21:22 . 2012-09-11 21:22 -------- d-----w- c:\programdata\Research In Motion 2012-08-27 15:35 . 2012-08-28 10:19 -------- d-----w- c:\program files\Guild Wars 2 2012-08-24 18:51 . 2012-08-24 18:51 -------- d-----w- c:\program files\SystemRequirementsLab 2012-08-24 18:51 . 2012-08-24 18:51 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\SystemRequirementsLab 2012-08-23 21:37 . 2012-08-23 21:37 -------- d-----w- c:\users\Gebruiker\temp 2012-08-23 21:37 . 2012-08-23 21:37 -------- d-----w- c:\program files\TeamViewer . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-12 11:41 . 2012-04-04 11:50 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-12 11:41 . 2011-06-12 12:19 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-07 15:04 . 2010-08-31 23:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-10 14:42 . 2012-08-10 14:42 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-08-10 14:42 . 2012-08-10 14:42 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-08-10 14:42 . 2012-08-10 14:42 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-10 14:42 . 2012-08-10 14:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-10 14:42 . 2012-08-10 14:42 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-10 14:42 . 2012-08-10 14:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-10 14:42 . 2012-08-10 14:42 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-08-10 14:41 . 2012-08-10 14:41 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-08-10 14:41 . 2012-08-10 14:41 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-08-10 14:41 . 2012-08-10 14:41 278528 ----a-w- c:\windows\system32\schannel.dll 2012-08-10 14:40 . 2012-08-10 14:40 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-07-20 18:37 . 2012-07-02 22:06 654944 ----a-w- c:\windows\system32\xsherlock.xem 2012-07-03 16:21 . 2011-09-23 21:17 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-07-03 16:21 . 2011-09-23 21:17 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-07-03 16:21 . 2011-09-23 21:17 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-07-03 16:21 . 2011-09-23 21:17 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21 . 2011-09-23 21:17 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-03 16:21 . 2011-09-23 21:17 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-07-03 16:21 . 2011-09-23 21:16 41224 ----a-w- c:\windows\avastSS.scr 2012-07-03 16:21 . 2011-09-23 21:16 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-06-19 11:08 . 2012-06-19 11:09 772592 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-19 11:08 . 2010-10-01 16:10 687600 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-06 23:35 . 2012-09-06 23:34 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Akamai NetSession Interface"="c:\users\Gebruiker\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-25 8129056] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-10-06 638976] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872] "OSD"="c:\program files\C&E\OSD\osd.exe" [2007-09-20 561152] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe" [2012-08-16 686792] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKLM\~\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] path=c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk backup=c:\windows\pss\Dropbox.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk] path=c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk backup=c:\windows\pss\Facebook Messenger.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5] 2012-05-28 13:56 288128 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update] 2012-07-27 15:42 138096 ----atw- c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify] 2012-08-21 10:50 5576408 ----a-w- c:\users\Gebruiker\AppData\Roaming\Spotify\spotify.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] 2012-08-21 10:49 1193176 ----a-w- c:\users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-954086183-1671949515-1526744126-1002] "EnableNotificationsRef"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map . 2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 11:41] . 2012-09-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954086183-1671949515-1526744126-1002Core.job - c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-18 15:42] . 2012-09-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954086183-1671949515-1526744126-1002UA.job - c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-18 15:42] . 2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-12 19:56] . 2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-12 19:56] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = local;<local> IE: &Verzenden naar OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{2E63F5B9-1F12-40AA-B9E9-0B9FFEEEC37E}: NameServer = 8.8.8.8,8.8.4.4 FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\2sz174i5.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.google.be/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=2&q= . - - - - ORPHANS VERWIJDERD - - - - . MSConfigStartUp-FlashGet 3 - c:\program files\FlashGet Network\FlashGet 3\FlashGet3.exe MSConfigStartUp-MurGee - c:\program files\Auto Clicker\AutoClicker.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-09-16 19:02 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . c:\program files\Internet Explorer\iexplore.exe [3636] 0x8A8E9D90 c:\program files\Internet Explorer\iexplore.exe [2356] 0x91A409B8 c:\program files\Internet Explorer\iexplore.exe [7992] 0x8623EBF8 c:\program files\Internet Explorer\iexplore.exe [7684] 0x86045708 c:\program files\Internet Explorer\iexplore.exe [5564] 0x85E4FD90 . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xsherlock] "ImagePath"="c:\windows\system32\xsherlock.xem" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{6CF8B227-DCD0-43A1-BD25-07F7A4573198}"=hex:51,66,7a,6c,4c,1d,38,12,49,b1,eb, 68,e2,92,cf,06,c2,33,44,b7,a1,09,75,8c "{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d, 8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:de,1e,e0,de,7f,e2,cc,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,d8,1f,e3,a0,15,c6,43,96,25,a6,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,d8,1f,e3,a0,15,c6,43,96,25,a6,\ . [HKEY_USERS\S-1-5-21-954086183-1671949515-1526744126-1002\Software\SecuROM\License information*] "datasecu"=hex:20,ba,75,f5,a2,0a,36,8b,1a,81,b7,cd,eb,84,0a,85,28,2b,3e,14,b0, f9,8f,8b,ac,2e,47,a1,82,22,b8,30,db,af,e5,04,45,7c,1e,39,3c,e4,8a,84,c8,c2,\ "rkeysecu"=hex:98,61,79,c9,42,0c,bd,70,31,d2,f3,74,78,48,ee,a9 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(13548) c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . Voltooingstijd: 2012-09-16 19:05:54 ComboFix-quarantined-files.txt 2012-09-16 17:05 ComboFix2.txt 2012-06-30 14:41 ComboFix3.txt 2012-06-29 20:40 ComboFix4.txt 2010-11-09 16:31 . Pre-Run: 70.491.267.072 bytes beschikbaar Post-Run: 71.623.778.304 bytes beschikbaar . - - End Of File - - C0D1B253331E77A4C53E8D0EF71F16AC
-
Hallo, ik denk dat ik met een virus te maken heb. M'n laptop speelt de om de uur of twee reclame af "nurofen children". Het lijkt erop dat iets deze reclame activeert, ik krijg uit het niets reclame te horen in het engels. Als ik bijvoorbeeld een spel speel hoor ik het opeens tijdens het spelen. Het is zeer irritant, ik heb dit al enkele dagen. Ik weet niet hoe ik dit moet oplossen. Geen enkele programma is actief in m'n taakbalk. Mvg Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:21:58, on 15/09/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\C&E\OSD\osd.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Windows\ehome\ehtray.exe C:\Users\Gebruiker\AppData\Local\Akamai\netsession_win.exe C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Windows\ehome\ehmsas.exe C:\Users\Gebruiker\AppData\Local\Akamai\netsession_win.exe C:\Windows\system32\DllHost.exe D:\Program Files\COH\RelicDownloader\RelicDownloader.exe C:\Windows\System32\mobsync.exe C:\Windows\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\Explorer.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local> O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Gebruiker\AppData\Local\Akamai\netsession_win.exe" O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe -update activex (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe -update activex (User 'Default user') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{2E63F5B9-1F12-40AA-B9E9-0B9FFEEEC37E}: NameServer = 8.8.8.8,8.8.4.4 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: OsdService - Unknown owner - C:\Program Files\C&E\OSD\OsdService\OsdService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\system32\xsherlock.xem -- End of file - 8390 bytes
-
ComboFix 12-06-28.03 - Gebruiker 08/07/2012 22:06:40.7.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3070.1660 [GMT 2:00] Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-08 to 2012-07-08 )))))))))))))))))))))))))))))) . . 2012-07-08 20:31 . 2012-07-08 20:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-07-08 20:31 . 2012-07-08 20:31 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-07-08 20:31 . 2012-07-08 20:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-05 10:30 . 2012-07-05 10:30 -------- d-----w- c:\program files\FLVPlayer 2012-07-04 15:28 . 2012-07-04 15:28 -------- d-----w- c:\users\Gebruiker\AppData\Local\TVU Networks 2012-07-04 15:28 . 2012-07-04 15:28 -------- d-----w- c:\programdata\TVU Networks 2012-07-04 15:28 . 2012-07-04 15:28 -------- d-----w- c:\program files\TVUPlayer 2012-07-02 22:06 . 2012-07-02 22:06 670816 ----a-w- c:\windows\system32\xsherlock.xem 2012-07-02 22:03 . 2012-03-27 17:13 230920 ----a-w- c:\windows\system32\EPWZCmnCtrl.dll 2012-07-02 22:03 . 2012-07-02 22:03 -------- d-----w- c:\program files\WEBZEN 2012-07-02 22:03 . 2012-07-02 22:03 -------- d-----w- c:\programdata\WEBZEN 2012-07-02 21:59 . 2012-07-02 21:59 -------- d-----w- c:\users\Gebruiker\AppData\Local\Overwolf 2012-07-02 21:59 . 2012-07-02 21:59 -------- d-----w- c:\windows\DEA314C409294250BC9298E4C105F28D.TMP 2012-07-02 14:18 . 2012-07-02 14:18 -------- d-----w- c:\users\Gebruiker\AppData\Local\WinZip 2012-07-02 14:17 . 2012-07-02 14:18 -------- d-----w- c:\programdata\WinZip 2012-07-02 12:19 . 2012-07-08 16:39 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\BITS 2012-07-02 12:19 . 2012-07-02 12:19 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\FlashgetSetup 2012-07-02 12:19 . 2012-07-02 14:10 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\FlashGet 2012-07-02 12:19 . 2012-07-02 12:19 -------- d-----w- c:\program files\FlashGet Network 2012-06-30 22:16 . 2012-06-30 22:16 -------- d-----w- c:\users\Gebruiker\AppData\Local\Chromium 2012-06-30 14:41 . 2012-07-08 20:31 -------- d-----w- c:\users\Gebruiker\AppData\Local\temp 2012-06-30 11:40 . 2012-06-30 11:40 -------- d-----w- c:\users\Gebruiker\AppData\Local\Pando_Temp 2012-06-29 19:27 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-29 19:27 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-29 19:27 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-29 19:27 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-29 19:26 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-29 19:26 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-29 19:26 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-29 19:26 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-29 19:26 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-24 16:23 . 2012-06-18 01:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{239579C0-C81E-42A6-9868-8087978E50E7}\mpengine.dll 2012-06-24 16:21 . 2011-10-19 20:16 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2012-06-24 15:51 . 2012-06-24 16:07 -------- d-----w- c:\programdata\IObit 2012-06-24 15:50 . 2012-06-24 15:55 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\IObit 2012-06-24 15:50 . 2012-06-24 16:07 -------- d-----w- c:\program files\IObit 2012-06-24 12:12 . 2011-09-01 09:38 767952 ----a-w- c:\windows\BDTSupport.dll 2012-06-24 12:12 . 2011-09-01 09:39 1533904 ----a-w- c:\windows\PCTBDRes.dll 2012-06-24 12:12 . 2011-09-01 09:39 149456 ----a-w- c:\windows\SGDetectionTool.dll 2012-06-24 12:12 . 2011-09-01 09:39 2189264 ----a-w- c:\windows\PCTBDCore.dll 2012-06-24 12:09 . 2012-06-24 12:23 -------- d-----w- c:\program files\PC Tools Security 2012-06-19 11:36 . 2012-05-15 10:26 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll 2012-06-19 11:35 . 2012-05-15 10:26 19607872 ----a-w- c:\windows\system32\nvoglv32.dll 2012-06-19 11:35 . 2012-05-15 10:26 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-06-19 11:35 . 2012-05-15 10:26 5982528 ----a-w- c:\windows\system32\nvcuda.dll 2012-06-19 11:35 . 2012-05-15 10:26 2524992 ----a-w- c:\windows\system32\nvcuvid.dll 2012-06-19 11:35 . 2012-05-15 10:26 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-06-19 11:35 . 2012-05-15 10:26 17551680 ----a-w- c:\windows\system32\nvcompiler.dll 2012-06-19 11:09 . 2012-06-19 11:08 772592 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-19 11:06 . 2012-06-19 11:06 -------- d-----w- c:\users\Gebruiker\AppData\Local\Macromedia 2012-06-19 11:05 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll 2012-06-19 11:05 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-19 11:05 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-19 11:03 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-19 11:03 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-06-09 23:46 . 2012-06-09 23:46 -------- d-----w- c:\program files\Microsoft Synchronization Services 2012-06-09 23:45 . 2012-06-09 23:45 -------- d-----w- c:\program files\Microsoft Sync Framework 2012-06-09 23:45 . 2012-06-09 23:45 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2012-06-09 23:40 . 2012-06-09 23:40 -------- d-----w- c:\program files\Microsoft Analysis Services 2012-06-08 20:44 . 2011-07-20 13:13 35328 ----a-w- c:\windows\system32\drivers\RimSerial.sys 2012-06-08 20:42 . 2012-06-08 20:42 -------- d-----w- c:\programdata\Research In Motion 2012-06-08 20:41 . 2012-06-08 20:42 -------- d-----w- c:\program files\Common Files\XCPCSync.OEM . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-23 18:36 . 2012-04-04 11:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-23 18:36 . 2011-06-12 12:19 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-19 11:08 . 2010-10-01 16:10 687600 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-23 18:46 . 2012-05-23 18:46 16304 ----a-w- c:\windows\system32\apl003.sys 2012-05-23 18:46 . 2012-05-23 18:46 13232 ----a-w- c:\windows\system32\apf003.sys 2012-05-15 10:26 . 2011-08-10 11:59 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-15 10:26 . 2011-08-10 11:59 61248 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:26 . 2011-08-10 11:59 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-15 10:26 . 2007-07-19 00:31 2368832 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:26 . 2007-07-19 00:31 15322432 ----a-w- c:\windows\system32\nvd3dum.dll 2012-05-15 09:28 . 2011-01-07 19:06 2561344 ----a-w- c:\windows\system32\nvsvcr.dll 2012-05-15 09:28 . 2011-01-07 19:06 645440 ----a-w- c:\windows\system32\nvvsvc.exe 2012-05-15 09:28 . 2011-01-07 19:06 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-05-15 09:28 . 2009-09-01 01:10 62272 ----a-w- c:\windows\system32\nvshext.dll 2012-05-15 09:28 . 2011-01-07 19:06 3931456 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:27 . 2011-01-07 19:06 2759488 ----a-w- c:\windows\system32\nvsvc.dll 2012-05-15 00:21 . 2012-05-15 00:21 423744 ----a-w- c:\windows\system32\nvStreaming.exe 2012-06-16 16:23 . 2012-05-14 17:13 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Akamai NetSession Interface"="c:\users\Gebruiker\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744] "Facebook Update"="c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-18 137536] "Spotify Web Helper"="c:\users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-29 1192664] "Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448] "FlashGet 3"="c:\program files\FlashGet Network\FlashGet 3\FlashGet3.exe" [2012-03-15 3090056] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-25 8129056] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-10-06 638976] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872] "OSD"="c:\program files\C&E\OSD\osd.exe" [2007-09-20 561152] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448] "PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-09-01 247760] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe" [2012-05-05 351904] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKLM\~\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MurGee.com Auto Clicker] 2012-02-07 11:03 49480 ----a-w- c:\program files\Auto Clicker\AutoClicker.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify] 2012-06-29 20:51 7609560 ----a-w- c:\users\Gebruiker\AppData\Roaming\Spotify\spotify.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-954086183-1671949515-1526744126-1002] "EnableNotificationsRef"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map . 2012-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:36] . 2012-07-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954086183-1671949515-1526744126-1002Core.job - c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-18 16:55] . 2012-07-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954086183-1671949515-1526744126-1002UA.job - c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-18 16:55] . 2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-12 19:56] . 2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-12 19:56] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = local;<local> IE: &Verzenden naar OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download all links by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm IE: Download by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 LSP: pcapwsp.dll TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{2E63F5B9-1F12-40AA-B9E9-0B9FFEEEC37E}: NameServer = 8.8.8.8,8.8.4.4 FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\2sz174i5.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.google.be/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=2&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-07-08 22:31 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . c:\program files\Internet Explorer\iexplore.exe [3372] 0x8A982468 c:\program files\Internet Explorer\iexplore.exe [2968] 0x85B731D0 c:\program files\Internet Explorer\iexplore.exe [3284] 0x85C6B1C0 c:\program files\Internet Explorer\iexplore.exe [5564] 0x8ADD4D90 scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . . C:\avast! sandbox . Scan succesvol afgerond verborgen bestanden: 1 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xsherlock] "ImagePath"="c:\windows\system32\xsherlock.xem" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{6CF8B227-DCD0-43A1-BD25-07F7A4573198}"=hex:51,66,7a,6c,4c,1d,38,12,49,b1,eb, 68,e2,92,cf,06,c2,33,44,b7,a1,09,75,8c "{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d, 8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:de,1e,e0,de,7f,e2,cc,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,d8,1f,e3,a0,15,c6,43,96,25,a6,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,d8,1f,e3,a0,15,c6,43,96,25,a6,\ . [HKEY_USERS\S-1-5-21-954086183-1671949515-1526744126-1002\Software\SecuROM\License information*] "datasecu"=hex:cf,68,81,e5,ef,66,c3,b4,b5,1f,d9,ca,30,85,e3,06,74,bc,42,80,10, a6,ef,0c,e3,c3,4c,fa,8c,08,79,77,81,aa,e3,c4,79,b3,12,3c,d0,87,8b,77,1d,1a,\ "rkeysecu"=hex:98,61,79,c9,42,0c,bd,70,31,d2,f3,74,78,48,ee,a9 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(4396) c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . Voltooingstijd: 2012-07-08 22:35:07 ComboFix-quarantined-files.txt 2012-07-08 20:35 ComboFix2.txt 2012-06-30 14:41 ComboFix3.txt 2012-06-29 20:40 ComboFix4.txt 2010-11-09 16:31 . Pre-Run: 68.874.801.152 bytes beschikbaar Post-Run: 68.872.130.560 bytes beschikbaar . - - End Of File - - 94C63F6FA24A3FBE5C1640B268970A74
-
In ieder geval beter, ik had schrik voor virussen maar dat is dus niet het geval?
-
ComboFix 12-06-28.03 - Gebruiker 30/06/2012 16:07:18.6.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3070.553 [GMT 2:00] Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Gebruiker\Desktop\CFScript.txt AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Gebruiker\AppData\Local\assembly\tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))) . . 2012-06-30 14:33 . 2012-06-30 14:33 -------- d-----w- c:\users\Gebruiker\AppData\Local\temp 2012-06-30 14:33 . 2012-06-30 14:33 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-06-30 14:33 . 2012-06-30 14:33 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-06-30 14:33 . 2012-06-30 14:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-30 11:40 . 2012-06-30 11:40 -------- d-----w- c:\users\Gebruiker\AppData\Local\Pando_Temp 2012-06-29 19:27 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-29 19:27 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-29 19:27 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-29 19:27 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-29 19:26 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-29 19:26 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-24 16:23 . 2012-06-18 01:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{239579C0-C81E-42A6-9868-8087978E50E7}\mpengine.dll 2012-06-24 16:21 . 2011-10-19 20:16 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2012-06-24 15:51 . 2012-06-24 16:07 -------- d-----w- c:\programdata\IObit 2012-06-24 15:50 . 2012-06-24 15:55 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\IObit 2012-06-24 15:50 . 2012-06-24 16:07 -------- d-----w- c:\program files\IObit 2012-06-24 12:12 . 2011-09-01 09:38 767952 ----a-w- c:\windows\BDTSupport.dll 2012-06-24 12:12 . 2011-09-01 09:39 1533904 ----a-w- c:\windows\PCTBDRes.dll 2012-06-24 12:12 . 2011-09-01 09:39 149456 ----a-w- c:\windows\SGDetectionTool.dll 2012-06-24 12:12 . 2011-09-01 09:39 2189264 ----a-w- c:\windows\PCTBDCore.dll 2012-06-24 12:09 . 2012-06-24 12:23 -------- d-----w- c:\program files\PC Tools Security 2012-06-19 11:36 . 2012-05-15 10:26 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll 2012-06-19 11:35 . 2012-05-15 10:26 19607872 ----a-w- c:\windows\system32\nvoglv32.dll 2012-06-19 11:35 . 2012-05-15 10:26 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-06-19 11:35 . 2012-05-15 10:26 5982528 ----a-w- c:\windows\system32\nvcuda.dll 2012-06-19 11:35 . 2012-05-15 10:26 2524992 ----a-w- c:\windows\system32\nvcuvid.dll 2012-06-19 11:35 . 2012-05-15 10:26 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-06-19 11:35 . 2012-05-15 10:26 17551680 ----a-w- c:\windows\system32\nvcompiler.dll 2012-06-19 11:09 . 2012-06-19 11:08 772592 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-19 11:06 . 2012-06-19 11:06 -------- d-----w- c:\users\Gebruiker\AppData\Local\Macromedia 2012-06-19 11:05 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll 2012-06-19 11:05 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-19 11:05 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-19 11:03 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-19 11:03 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-06-09 23:46 . 2012-06-09 23:46 -------- d-----w- c:\program files\Microsoft Synchronization Services 2012-06-09 23:45 . 2012-06-09 23:45 -------- d-----w- c:\program files\Microsoft Sync Framework 2012-06-09 23:45 . 2012-06-09 23:45 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2012-06-09 23:40 . 2012-06-09 23:40 -------- d-----w- c:\program files\Microsoft Analysis Services 2012-06-08 20:44 . 2011-07-20 13:13 35328 ----a-w- c:\windows\system32\drivers\RimSerial.sys 2012-06-08 20:42 . 2012-06-08 20:42 -------- d-----w- c:\programdata\Research In Motion 2012-06-08 20:41 . 2012-06-08 20:42 -------- d-----w- c:\program files\Common Files\XCPCSync.OEM 2012-06-07 16:41 . 2012-06-07 16:41 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-06-07 16:41 . 2012-06-07 16:41 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-01 18:45 . 2012-06-24 14:40 -------- d-----r- c:\users\Gebruiker\Dropbox 2012-06-01 18:43 . 2012-06-01 18:43 -------- d-----w- c:\program files\Dropbox 2012-06-01 18:42 . 2012-06-24 14:40 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Dropbox . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-23 18:36 . 2012-04-04 11:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-23 18:36 . 2011-06-12 12:19 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-19 11:08 . 2010-10-01 16:10 687600 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-23 18:46 . 2012-05-23 18:46 16304 ----a-w- c:\windows\system32\apl003.sys 2012-05-23 18:46 . 2012-05-23 18:46 13232 ----a-w- c:\windows\system32\apf003.sys 2012-05-15 10:26 . 2011-08-10 11:59 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-15 10:26 . 2011-08-10 11:59 61248 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:26 . 2011-08-10 11:59 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-15 10:26 . 2007-07-19 00:31 2368832 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:26 . 2007-07-19 00:31 15322432 ----a-w- c:\windows\system32\nvd3dum.dll 2012-05-15 09:28 . 2011-01-07 19:06 2561344 ----a-w- c:\windows\system32\nvsvcr.dll 2012-05-15 09:28 . 2011-01-07 19:06 645440 ----a-w- c:\windows\system32\nvvsvc.exe 2012-05-15 09:28 . 2011-01-07 19:06 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-05-15 09:28 . 2009-09-01 01:10 62272 ----a-w- c:\windows\system32\nvshext.dll 2012-05-15 09:28 . 2011-01-07 19:06 3931456 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:27 . 2011-01-07 19:06 2759488 ----a-w- c:\windows\system32\nvsvc.dll 2012-05-15 00:21 . 2012-05-15 00:21 423744 ----a-w- c:\windows\system32\nvStreaming.exe 2012-04-04 13:56 . 2010-08-31 23:00 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 08:16 . 2012-05-11 18:47 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16 . 2012-05-11 18:47 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-16 16:23 . 2012-05-14 17:13 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Akamai NetSession Interface"="c:\users\Gebruiker\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744] "Facebook Update"="c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-18 137536] "Spotify Web Helper"="c:\users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-29 1192664] "Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-25 8129056] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-10-06 638976] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872] "OSD"="c:\program files\C&E\OSD\osd.exe" [2007-09-20 561152] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448] "PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-09-01 247760] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe" [2012-05-05 351904] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKLM\~\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MurGee.com Auto Clicker] 2012-02-07 11:03 49480 ----a-w- c:\program files\Auto Clicker\AutoClicker.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify] 2012-06-29 20:51 7609560 ----a-w- c:\users\Gebruiker\AppData\Roaming\Spotify\spotify.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-954086183-1671949515-1526744126-1002] "EnableNotificationsRef"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map . 2012-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:36] . 2012-06-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954086183-1671949515-1526744126-1002Core.job - c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-18 16:55] . 2012-06-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954086183-1671949515-1526744126-1002UA.job - c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-18 16:55] . 2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-12 19:56] . 2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-12 19:56] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = local;<local> IE: &Verzenden naar OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 LSP: pcapwsp.dll TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{2E63F5B9-1F12-40AA-B9E9-0B9FFEEEC37E}: NameServer = 8.8.8.8,8.8.4.4 FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\2sz174i5.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.google.be/ . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-PlayNC Launcher - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-06-30 16:33 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . c:\program files\Internet Explorer\iexplore.exe [3016] 0x88F57348 c:\program files\Internet Explorer\iexplore.exe [5424] 0x8544B020 c:\program files\Internet Explorer\iexplore.exe [6080] 0x8A0D0CB0 c:\program files\Internet Explorer\iexplore.exe [2796] 0x88EF2D20 scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{6CF8B227-DCD0-43A1-BD25-07F7A4573198}"=hex:51,66,7a,6c,4c,1d,38,12,49,b1,eb, 68,e2,92,cf,06,c2,33,44,b7,a1,09,75,8c "{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d, 8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:de,1e,e0,de,7f,e2,cc,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,d8,1f,e3,a0,15,c6,43,96,25,a6,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,d8,1f,e3,a0,15,c6,43,96,25,a6,\ . [HKEY_USERS\S-1-5-21-954086183-1671949515-1526744126-1002\Software\SecuROM\License information*] "datasecu"=hex:cf,68,81,e5,ef,66,c3,b4,b5,1f,d9,ca,30,85,e3,06,74,bc,42,80,10, a6,ef,0c,e3,c3,4c,fa,8c,08,79,77,81,aa,e3,c4,79,b3,12,3c,d0,87,8b,77,1d,1a,\ "rkeysecu"=hex:98,61,79,c9,42,0c,bd,70,31,d2,f3,74,78,48,ee,a9 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(3048) c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . Voltooingstijd: 2012-06-30 16:41:38 ComboFix-quarantined-files.txt 2012-06-30 14:41 ComboFix2.txt 2012-06-29 20:40 ComboFix3.txt 2010-11-09 16:31 . Pre-Run: 76.881.440.768 bytes beschikbaar Post-Run: 76.830.240.768 bytes beschikbaar . - - End Of File - - 4D4DC26F15A251882421BE4B8354AA38 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:43:46, on 30/06/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Windows\ehome\ehtray.exe C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\ComboFix\CF1114.3XE C:\Windows\Explorer.exe C:\ComboFix\handle.3XE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local> O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Gebruiker\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /Manual O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex (User 'Default user') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: pcapwsp.dll O10 - Unknown file in Winsock LSP: pcapwsp.dll O10 - Unknown file in Winsock LSP: pcapwsp.dll O10 - Unknown file in Winsock LSP: pcapwsp.dll O10 - Unknown file in Winsock LSP: pcapwsp.dll O10 - Unknown file in Winsock LSP: pcapwsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2E63F5B9-1F12-40AA-B9E9-0B9FFEEEC37E}: NameServer = 8.8.8.8,8.8.4.4 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: OsdService - Unknown owner - C:\Program Files\C&E\OSD\OsdService\OsdService.exe O23 - Service: ProxyCap Service (pcapsvc) - Proxy Labs - C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 9234 bytes
-
Ja het is een bekende locatie maar het mag verwijderd worden.
-
ComboFix 12-06-28.03 - Gebruiker 29/06/2012 22:14:09.5.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3070.1735 [GMT 2:00] Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\lol c:\program files\lol\LeagueOfLegends\0x0407.ini c:\program files\lol\LeagueOfLegends\0x0409.ini c:\program files\lol\LeagueOfLegends\0x040a.ini c:\program files\lol\LeagueOfLegends\0x040c.ini c:\program files\lol\LeagueOfLegends\data1.cab c:\program files\lol\LeagueOfLegends\data1.hdr c:\program files\lol\LeagueOfLegends\data2.cab c:\program files\lol\LeagueOfLegends\ISSetup.dll c:\program files\lol\LeagueOfLegends\layout.bin c:\program files\lol\LeagueOfLegends\setup.exe c:\program files\lol\LeagueOfLegends\setup.ini c:\program files\lol\LeagueOfLegends\setup.inx c:\program files\lol\LeagueOfLegends\setup.isn c:\program files\StartSearch plugin c:\program files\StartSearch plugin\IEhelperActiveX.dll c:\program files\StartSearch plugin\StartBar.dll c:\program files\StartSearch plugin\uninst.exe c:\program files\StartSearch plugin\vshareplg.crx c:\users\Gebruiker\AppData\Local\assembly\tmp c:\windows\system32\drivers\etc\hosts.ics D:\install.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))) . . 2012-06-29 20:37 . 2012-06-29 20:37 -------- d-----w- c:\users\Gebruiker\AppData\Local\temp 2012-06-29 20:37 . 2012-06-29 20:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-06-29 20:37 . 2012-06-29 20:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-29 19:27 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-29 19:27 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-29 19:27 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-29 19:27 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-29 19:26 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-29 19:26 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-24 16:23 . 2012-06-18 01:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{239579C0-C81E-42A6-9868-8087978E50E7}\mpengine.dll 2012-06-24 16:21 . 2011-10-19 20:16 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2012-06-24 15:51 . 2012-06-24 16:07 -------- d-----w- c:\programdata\IObit 2012-06-24 15:50 . 2012-06-24 15:55 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\IObit 2012-06-24 15:50 . 2012-06-24 16:07 -------- d-----w- c:\program files\IObit 2012-06-24 12:12 . 2011-09-01 09:38 767952 ----a-w- c:\windows\BDTSupport.dll 2012-06-24 12:12 . 2011-09-01 09:39 1533904 ----a-w- c:\windows\PCTBDRes.dll 2012-06-24 12:12 . 2011-09-01 09:39 149456 ----a-w- c:\windows\SGDetectionTool.dll 2012-06-24 12:12 . 2011-09-01 09:39 2189264 ----a-w- c:\windows\PCTBDCore.dll 2012-06-24 12:09 . 2012-06-24 12:23 -------- d-----w- c:\program files\PC Tools Security 2012-06-19 11:36 . 2012-05-15 10:26 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll 2012-06-19 11:35 . 2012-05-15 10:26 19607872 ----a-w- c:\windows\system32\nvoglv32.dll 2012-06-19 11:35 . 2012-05-15 10:26 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-06-19 11:35 . 2012-05-15 10:26 5982528 ----a-w- c:\windows\system32\nvcuda.dll 2012-06-19 11:35 . 2012-05-15 10:26 2524992 ----a-w- c:\windows\system32\nvcuvid.dll 2012-06-19 11:35 . 2012-05-15 10:26 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-06-19 11:35 . 2012-05-15 10:26 17551680 ----a-w- c:\windows\system32\nvcompiler.dll 2012-06-19 11:09 . 2012-06-19 11:08 772592 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-19 11:06 . 2012-06-19 11:06 -------- d-----w- c:\users\Gebruiker\AppData\Local\Macromedia 2012-06-19 11:05 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll 2012-06-19 11:05 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-19 11:05 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-19 11:03 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-19 11:03 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-06-09 23:46 . 2012-06-09 23:46 -------- d-----w- c:\program files\Microsoft Synchronization Services 2012-06-09 23:45 . 2012-06-09 23:45 -------- d-----w- c:\program files\Microsoft Sync Framework 2012-06-09 23:45 . 2012-06-09 23:45 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2012-06-09 23:40 . 2012-06-09 23:40 -------- d-----w- c:\program files\Microsoft Analysis Services 2012-06-08 20:44 . 2011-07-20 13:13 35328 ----a-w- c:\windows\system32\drivers\RimSerial.sys 2012-06-08 20:42 . 2012-06-08 20:42 -------- d-----w- c:\programdata\Research In Motion 2012-06-08 20:41 . 2012-06-08 20:42 -------- d-----w- c:\program files\Common Files\XCPCSync.OEM 2012-06-07 16:41 . 2012-06-07 16:41 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-06-07 16:41 . 2012-06-07 16:41 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-01 18:45 . 2012-06-24 14:40 -------- d-----r- c:\users\Gebruiker\Dropbox 2012-06-01 18:43 . 2012-06-01 18:43 -------- d-----w- c:\program files\Dropbox 2012-06-01 18:42 . 2012-06-24 14:40 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Dropbox . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-23 18:36 . 2012-04-04 11:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-23 18:36 . 2011-06-12 12:19 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-19 11:08 . 2010-10-01 16:10 687600 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-23 18:46 . 2012-05-23 18:46 16304 ----a-w- c:\windows\system32\apl003.sys 2012-05-23 18:46 . 2012-05-23 18:46 13232 ----a-w- c:\windows\system32\apf003.sys 2012-05-15 10:26 . 2011-08-10 11:59 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-15 10:26 . 2011-08-10 11:59 61248 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:26 . 2011-08-10 11:59 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-15 10:26 . 2007-07-19 00:31 2368832 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:26 . 2007-07-19 00:31 15322432 ----a-w- c:\windows\system32\nvd3dum.dll 2012-05-15 09:28 . 2011-01-07 19:06 2561344 ----a-w- c:\windows\system32\nvsvcr.dll 2012-05-15 09:28 . 2011-01-07 19:06 645440 ----a-w- c:\windows\system32\nvvsvc.exe 2012-05-15 09:28 . 2011-01-07 19:06 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-05-15 09:28 . 2009-09-01 01:10 62272 ----a-w- c:\windows\system32\nvshext.dll 2012-05-15 09:28 . 2011-01-07 19:06 3931456 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:27 . 2011-01-07 19:06 2759488 ----a-w- c:\windows\system32\nvsvc.dll 2012-05-15 00:21 . 2012-05-15 00:21 423744 ----a-w- c:\windows\system32\nvStreaming.exe 2012-04-04 13:56 . 2010-08-31 23:00 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 08:16 . 2012-05-11 18:47 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16 . 2012-05-11 18:47 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-16 16:23 . 2012-05-14 17:13 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{6cf8b227-dcd0-43a1-bd25-07f7a4573198}"= "c:\program files\KHLim_mediatheek_HB-IWT\prxtbKHL2.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{6cf8b227-dcd0-43a1-bd25-07f7a4573198}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cf8b227-dcd0-43a1-bd25-07f7a4573198}] 2011-05-09 09:49 176936 ----a-w- c:\program files\KHLim_mediatheek_HB-IWT\prxtbKHL2.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{6cf8b227-dcd0-43a1-bd25-07f7a4573198}"= "c:\program files\KHLim_mediatheek_HB-IWT\prxtbKHL2.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{6cf8b227-dcd0-43a1-bd25-07f7a4573198}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{6CF8B227-DCD0-43A1-BD25-07F7A4573198}"= "c:\program files\KHLim_mediatheek_HB-IWT\prxtbKHL2.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{6cf8b227-dcd0-43a1-bd25-07f7a4573198}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Akamai NetSession Interface"="c:\users\Gebruiker\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744] "Facebook Update"="c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-18 137536] "Spotify Web Helper"="c:\users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-02 932528] "Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-25 8129056] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-10-06 638976] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872] "OSD"="c:\program files\C&E\OSD\osd.exe" [2007-09-20 561152] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448] "PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-09-01 247760] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe" [2012-05-05 351904] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKLM\~\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MurGee.com Auto Clicker] 2012-02-07 11:03 49480 ----a-w- c:\program files\Auto Clicker\AutoClicker.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify] 2012-05-02 16:38 9478320 ----a-w- c:\users\Gebruiker\AppData\Roaming\Spotify\spotify.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-954086183-1671949515-1526744126-1002] "EnableNotificationsRef"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map . 2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:36] . 2012-06-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954086183-1671949515-1526744126-1002Core.job - c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-18 16:55] . 2012-06-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954086183-1671949515-1526744126-1002UA.job - c:\users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-18 16:55] . 2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-12 19:56] . 2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-12 19:56] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = local;<local> IE: &Verzenden naar OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 LSP: pcapwsp.dll TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{2E63F5B9-1F12-40AA-B9E9-0B9FFEEEC37E}: NameServer = 8.8.8.8,8.8.4.4 FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\2sz174i5.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.google.be/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=2&q= . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-LiveVDO plugin - c:\program files\StartSearch plugin\uninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-29 22:37 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . c:\program files\Internet Explorer\iexplore.exe [3016] 0x88F57348 c:\program files\Internet Explorer\iexplore.exe [5424] 0x8544B020 c:\program files\Internet Explorer\iexplore.exe [6080] 0x8A0D0CB0 c:\program files\Internet Explorer\iexplore.exe [1928] 0x85440950 scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . . c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\2sz174i5.default\places.sqlite-shm c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\2sz174i5.default\places.sqlite-wal c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\2sz174i5.default\cookies.sqlite-shm c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\2sz174i5.default\cookies.sqlite-wal . Scan succesvol afgerond verborgen bestanden: 4 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{6CF8B227-DCD0-43A1-BD25-07F7A4573198}"=hex:51,66,7a,6c,4c,1d,38,12,49,b1,eb, 68,e2,92,cf,06,c2,33,44,b7,a1,09,75,8c "{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d, 8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:de,1e,e0,de,7f,e2,cc,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,d8,1f,e3,a0,15,c6,43,96,25,a6,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,d8,1f,e3,a0,15,c6,43,96,25,a6,\ . [HKEY_USERS\S-1-5-21-954086183-1671949515-1526744126-1002\Software\SecuROM\License information*] "datasecu"=hex:cf,68,81,e5,ef,66,c3,b4,b5,1f,d9,ca,30,85,e3,06,74,bc,42,80,10, a6,ef,0c,e3,c3,4c,fa,8c,08,79,77,81,aa,e3,c4,79,b3,12,3c,d0,87,8b,77,1d,1a,\ "rkeysecu"=hex:98,61,79,c9,42,0c,bd,70,31,d2,f3,74,78,48,ee,a9 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2012-06-29 22:40:58 ComboFix-quarantined-files.txt 2012-06-29 20:40 ComboFix2.txt 2010-11-09 16:31 . Pre-Run: 78.787.633.152 bytes beschikbaar Post-Run: 78.117.621.760 bytes beschikbaar . - - End Of File - - A6E661BECE1FB90321B171D95E2FFBE7
-
Ik heb systeemherstel uitgevoerd. Nu kan ik wel terug op mijn browser surfen :S. Hier zijn mijn logjes Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:24:22, on 29/06/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\rstrui.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\C&E\OSD\osd.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files\PC Tools Security\BDT\FGuard.exe C:\Windows\ehome\ehtray.exe C:\Users\Gebruiker\AppData\Local\Akamai\netsession_win.exe C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe C:\Windows\ehome\ehmsas.exe C:\Users\Gebruiker\AppData\Local\Akamai\netsession_win.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\wermgr.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local> R3 - URLSearchHook: KHLim mediatheek HB-IWT Toolbar - {6cf8b227-dcd0-43a1-bd25-07f7a4573198} - C:\Program Files\KHLim_mediatheek_HB-IWT\prxtbKHL2.dll R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: KHLim mediatheek HB-IWT - {6cf8b227-dcd0-43a1-bd25-07f7a4573198} - C:\Program Files\KHLim_mediatheek_HB-IWT\prxtbKHL2.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: KHLim mediatheek HB-IWT Toolbar - {6cf8b227-dcd0-43a1-bd25-07f7a4573198} - C:\Program Files\KHLim_mediatheek_HB-IWT\prxtbKHL2.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Gebruiker\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /Manual O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex (User 'SYSTEEM') O4 - HKUS\S-1-5-18\..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex (User 'Default user') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: pcapwsp.dll O10 - Unknown file in Winsock LSP: pcapwsp.dll O10 - Unknown file in Winsock LSP: pcapwsp.dll O10 - Unknown file in Winsock LSP: pcapwsp.dll O10 - Unknown file in Winsock LSP: pcapwsp.dll O10 - Unknown file in Winsock LSP: pcapwsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2E63F5B9-1F12-40AA-B9E9-0B9FFEEEC37E}: NameServer = 8.8.8.8,8.8.4.4 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: OsdService - Unknown owner - C:\Program Files\C&E\OSD\OsdService\OsdService.exe O23 - Service: ProxyCap Service (pcapsvc) - Proxy Labs - C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 10073 bytes Malwarebytes Anti-Malware 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: v2012.06.20.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Gebruiker :: GEBRUIK-VJ0OOQ1 [administrator] 29/06/2012 12:54:59 mbam-log-2012-06-29 (12-54-59).txt Scantype: Volledige scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 506026 Verstreken tijd: 3 uur/uren, 19 minuut/minuten, 47 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde)
-
Hoi, klein probleem: na het verwijderen van pcapwsp.dll kan ik niet meer surfen op mn webbrowsers. Ik heb wel internetverbinding, ik kan bv online muziekluisteren via spotify... Moet ik een systeemherstel uitvoeren of? met vriendelijke groeten
-
enig reactie?
-
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:20:03, on 25/06/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\taskeng.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\C&E\OSD\osd.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files\PC Tools Security\BDT\FGuard.exe C:\Windows\ehome\ehtray.exe C:\Users\Gebruiker\AppData\Local\Akamai\netsession_win.exe C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\Users\Gebruiker\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local> R3 - URLSearchHook: KHLim mediatheek HB-IWT Toolbar - {6cf8b227-dcd0-43a1-bd25-07f7a4573198} - C:\Program Files\KHLim_mediatheek_HB-IWT\prxtbKHL2.dll R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: KHLim mediatheek HB-IWT - {6cf8b227-dcd0-43a1-bd25-07f7a4573198} - C:\Program Files\KHLim_mediatheek_HB-IWT\prxtbKHL2.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: KHLim mediatheek HB-IWT Toolbar - {6cf8b227-dcd0-43a1-bd25-07f7a4573198} - C:\Program Files\KHLim_mediatheek_HB-IWT\prxtbKHL2.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Gebruiker\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /Manual O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex (User 'SYSTEEM') O4 - HKUS\S-1-5-18\..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex (User 'Default user') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: pcapwsp.dll O10 - Unknown file in Winsock LSP: pcapwsp.dll O10 - Unknown file in Winsock LSP: pcapwsp.dll O10 - Unknown file in Winsock LSP: pcapwsp.dll O10 - Unknown file in Winsock LSP: pcapwsp.dll O10 - Unknown file in Winsock LSP: pcapwsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2E63F5B9-1F12-40AA-B9E9-0B9FFEEEC37E}: NameServer = 8.8.8.8,8.8.4.4 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: OsdService - Unknown owner - C:\Program Files\C&E\OSD\OsdService\OsdService.exe O23 - Service: ProxyCap Service (pcapsvc) - Proxy Labs - C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 9845 bytes
-
Geen bug check string Bug check code: 0x00000116 caused by driver: nvlddmkm.sys ik heb ondertussen mijn nvidea drivers geupdated
