Ga naar inhoud

signer

Lid
  • Items

    10
  • Registratiedatum

  • Laatst bezocht

signer's prestaties

  1. AVS meld niks meer. Nogmaals
  2. Terug,hieronder het logje van combofix. En heb nog eens een scan met TDSS gedaan eveneens. ComboFix 11-08-30.02 - HP_Administrator 31/08/2011 9:52.5.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1015.477 [GMT 2:00] Gestart vanuit: c:\documents and settings\HP_Administrator\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\HP_Administrator\Bureaublad\CFScript.txt AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} * Nieuw herstelpunt werd aangemaakt . WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . . (((((((((((((((((((( Bestanden Gemaakt van 2011-07-28 to 2011-08-31 )))))))))))))))))))))))))))))) . . 2011-08-29 20:24 . 2011-08-29 20:24 -------- d-----w- C:\$AVG8.VAULT$ 2011-08-29 18:52 . 2011-08-29 18:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes 2011-08-29 18:52 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-29 18:52 . 2011-08-29 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-08-29 18:52 . 2011-08-29 18:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-29 18:52 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-28 20:12 . 2011-08-29 18:49 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Sammsoft 2011-08-28 11:29 . 2011-08-28 11:29 388096 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-08-28 11:29 . 2011-08-28 11:29 -------- d-----w- c:\program files\Trend Micro 2011-08-28 10:43 . 2011-08-28 10:43 1152 ----a-w- c:\windows\system32\windrv.sys 2011-08-28 10:43 . 2011-08-28 11:58 -------- d-----w- c:\program files\SpyNoMore 2011-08-28 10:35 . 2011-08-28 10:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\GetRightToGo . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-27 06:19 . 2011-06-03 05:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29 . 2009-01-12 06:27 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2009-01-12 06:27 10496 ------w- c:\windows\system32\drivers\ndistapi.sys 2011-06-28 17:37 . 2011-02-15 16:54 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-06-28 17:37 . 2011-02-15 16:54 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-06-24 14:10 . 2009-01-21 06:39 139656 ------w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:31 . 2009-01-12 06:27 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:31 . 2009-01-12 06:27 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:31 . 2009-01-12 06:27 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05 . 2009-01-12 06:27 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2009-01-12 06:27 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-06-06 11:35 . 2009-01-12 06:27 1859072 ----a-w- c:\windows\system32\win32k.sys 2011-08-27 09:20 . 2011-07-17 14:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-08-30_05.59.28 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-31 07:37 . 2011-08-31 07:37 16384 c:\windows\Temp\Perflib_Perfdata_490.dat + 2009-01-12 06:27 . 2011-08-30 09:53 91118 c:\windows\system32\perfc013.dat + 2009-01-12 06:27 . 2011-08-30 09:53 71478 c:\windows\system32\perfc009.dat + 2009-01-12 06:27 . 2011-08-30 09:53 509046 c:\windows\system32\perfh013.dat + 2009-01-12 06:27 . 2011-08-30 09:53 441160 c:\windows\system32\perfh009.dat + 2011-08-30 07:52 . 2011-08-30 07:52 807936 c:\windows\Installer\2590525.msi . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2011-03-18 06:11 2471240 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2011-03-18 2471240] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2011-03-18 2471240] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-26 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-26 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-26 137752] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-06-04 2056192] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] "FLMOFFICE4DMOUSE"="c:\program files\Labtec\Desktop\V5.1\moffice.exe" [2009-06-30 958464] "OFFICEKB"="c:\program files\Labtec\Desktop\V5.1\kbdap32a.exe" [2009-06-30 387584] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-17 2048352] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "RTHDCPL"="RTHDCPL.EXE" [2008-10-26 17021440] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "SNM"="c:\program files\SpyNoMore\SNM.exe" [2010-07-12 1067984] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-12 110592] HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-6-5 479232] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\Hp\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\wamp\\bin\\apache\\Apache2.2.17\\bin\\httpd.exe"= "c:\\Program Files\\GIMPshop\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"= . R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/09/2009 8:25 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/09/2009 8:25 108552] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15/02/2011 18:54 136360] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13/09/2009 8:25 297752] R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [20/01/2009 8:56 712704] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/01/2011 14:44 136176] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [24/03/2006 19:14 33536] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [5/11/2010 10:48 947528] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20/01/2011 14:44 136176] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2011-06-25 c:\windows\Tasks\AdobeAAMUpdater-1.0-UW-3223ECC21047-HP_Administrator.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-06-25 15:42] . 2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-20 12:44] . 2011-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-20 12:44] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://decopains.be/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: taxonweb.be TCP: DhcpNameServer = 192.168.1.1 192.168.123.254 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\6pac91jj.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-31 10:06 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,02,91,99,7c,1d,9c,47,8e,16,97,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,02,91,99,7c,1d,9c,47,8e,16,97,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(756) c:\windows\system32\igfxdev.dll . - - - - - - - > 'explorer.exe'(3104) c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui c:\windows\system32\webcheck.dll . Voltooingstijd: 2011-08-31 10:17:07 ComboFix-quarantined-files.txt 2011-08-31 08:16 ComboFix2.txt 2011-08-30 16:52 ComboFix3.txt 2011-08-30 13:46 ComboFix4.txt 2011-08-30 12:27 ComboFix5.txt 2011-08-31 07:49 . Pre-Run: 27.917.856.768 bytes beschikbaar Post-Run: 27.970.703.360 bytes beschikbaar . - - End Of File - - 98752A7BB30FA1DB4A49C024A803B7FF 2011/08/31 10:39:04.0250 1696 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57 2011/08/31 10:39:04.0609 1696 ================================================================================ 2011/08/31 10:39:04.0609 1696 SystemInfo: 2011/08/31 10:39:04.0609 1696 2011/08/31 10:39:04.0609 1696 OS Version: 5.1.2600 ServicePack: 3.0 2011/08/31 10:39:04.0609 1696 Product type: Workstation 2011/08/31 10:39:04.0609 1696 ComputerName: UW-3223ECC21047 2011/08/31 10:39:04.0609 1696 UserName: HP_Administrator 2011/08/31 10:39:04.0609 1696 Windows directory: C:\windows 2011/08/31 10:39:04.0609 1696 System windows directory: C:\windows 2011/08/31 10:39:04.0609 1696 Processor architecture: Intel x86 2011/08/31 10:39:04.0609 1696 Number of processors: 2 2011/08/31 10:39:04.0609 1696 Page size: 0x1000 2011/08/31 10:39:04.0609 1696 Boot type: Normal boot 2011/08/31 10:39:04.0609 1696 ================================================================================ 2011/08/31 10:39:06.0375 1696 Initialize success 2011/08/31 10:39:08.0937 2784 ================================================================================ 2011/08/31 10:39:08.0937 2784 Scan started 2011/08/31 10:39:08.0937 2784 Mode: Manual; 2011/08/31 10:39:08.0937 2784 ================================================================================ 2011/08/31 10:39:10.0906 2784 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\windows\system32\drivers\abp480n5.sys 2011/08/31 10:39:10.0984 2784 ACPI (02273a448ba21a7d447daeb47810d40c) C:\windows\system32\DRIVERS\ACPI.sys 2011/08/31 10:39:11.0109 2784 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\windows\system32\drivers\ACPIEC.sys 2011/08/31 10:39:11.0296 2784 ACSSCR (b6a0f723a54884e77fce0f69083f90c9) C:\windows\system32\DRIVERS\a38usb.sys 2011/08/31 10:39:11.0359 2784 adpu160m (9a11864873da202c996558b2106b0bbc) C:\windows\system32\drivers\adpu160m.sys 2011/08/31 10:39:11.0406 2784 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys 2011/08/31 10:39:11.0484 2784 AFD (355556d9e580915118cd7ef736653a89) C:\windows\System32\drivers\afd.sys 2011/08/31 10:39:11.0531 2784 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\windows\system32\drivers\Aha154x.sys 2011/08/31 10:39:11.0578 2784 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\windows\system32\drivers\aic78u2.sys 2011/08/31 10:39:11.0625 2784 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\windows\system32\drivers\aic78xx.sys 2011/08/31 10:39:11.0671 2784 AliIde (1140ab9938809700b46bb88e46d72a96) C:\windows\system32\drivers\AliIde.sys 2011/08/31 10:39:11.0734 2784 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\windows\system32\drivers\amsint.sys 2011/08/31 10:39:11.0812 2784 asc (62d318e9a0c8fc9b780008e724283707) C:\windows\system32\drivers\asc.sys 2011/08/31 10:39:11.0859 2784 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\windows\system32\drivers\asc3350p.sys 2011/08/31 10:39:11.0906 2784 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\windows\system32\drivers\asc3550.sys 2011/08/31 10:39:12.0000 2784 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys 2011/08/31 10:39:12.0062 2784 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys 2011/08/31 10:39:12.0140 2784 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys 2011/08/31 10:39:12.0187 2784 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys 2011/08/31 10:39:12.0343 2784 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/08/31 10:39:12.0406 2784 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\windows\System32\Drivers\avgldx86.sys 2011/08/31 10:39:12.0453 2784 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\windows\System32\Drivers\avgmfx86.sys 2011/08/31 10:39:12.0500 2784 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys 2011/08/31 10:39:12.0562 2784 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\windows\System32\Drivers\avgtdix.sys 2011/08/31 10:39:12.0609 2784 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys 2011/08/31 10:39:12.0671 2784 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys 2011/08/31 10:39:12.0906 2784 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys 2011/08/31 10:39:12.0953 2784 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\windows\system32\drivers\cd20xrnt.sys 2011/08/31 10:39:13.0000 2784 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys 2011/08/31 10:39:13.0062 2784 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys 2011/08/31 10:39:13.0125 2784 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys 2011/08/31 10:39:13.0187 2784 Changer (2a5815ca6fff24b688c01f828b96819c) C:\windows\system32\drivers\Changer.sys 2011/08/31 10:39:13.0265 2784 CmdIde (026ba1f2d9c9f742ec3823d0214cd67c) C:\windows\system32\drivers\CmdIde.sys 2011/08/31 10:39:13.0359 2784 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\windows\system32\drivers\Cpqarray.sys 2011/08/31 10:39:13.0421 2784 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\windows\system32\drivers\dac2w2k.sys 2011/08/31 10:39:13.0468 2784 dac960nt (683789caa3864eb46125ae86ff677d34) C:\windows\system32\drivers\dac960nt.sys 2011/08/31 10:39:13.0546 2784 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys 2011/08/31 10:39:13.0656 2784 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\windows\system32\drivers\dmboot.sys 2011/08/31 10:39:13.0718 2784 dmio (7268e66259722f6228c730685b201092) C:\windows\system32\drivers\dmio.sys 2011/08/31 10:39:13.0765 2784 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys 2011/08/31 10:39:13.0812 2784 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys 2011/08/31 10:39:13.0890 2784 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\windows\system32\drivers\dpti2o.sys 2011/08/31 10:39:13.0937 2784 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys 2011/08/31 10:39:14.0046 2784 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys 2011/08/31 10:39:14.0125 2784 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\drivers\Fdc.sys 2011/08/31 10:39:14.0156 2784 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\windows\system32\drivers\Fips.sys 2011/08/31 10:39:14.0218 2784 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\drivers\Flpydisk.sys 2011/08/31 10:39:14.0281 2784 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\DRIVERS\fltMgr.sys 2011/08/31 10:39:14.0375 2784 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys 2011/08/31 10:39:14.0453 2784 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\windows\system32\DRIVERS\ftdisk.sys 2011/08/31 10:39:14.0531 2784 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys 2011/08/31 10:39:14.0656 2784 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\windows\system32\DRIVERS\HDAudBus.sys 2011/08/31 10:39:14.0750 2784 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys 2011/08/31 10:39:14.0828 2784 hpn (b028377dea0546a5fcfba928a8aefae0) C:\windows\system32\drivers\hpn.sys 2011/08/31 10:39:14.0906 2784 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\windows\system32\DRIVERS\HPZid412.sys 2011/08/31 10:39:14.0953 2784 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\windows\system32\DRIVERS\HPZipr12.sys 2011/08/31 10:39:15.0015 2784 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\windows\system32\DRIVERS\HPZius12.sys 2011/08/31 10:39:15.0468 2784 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys 2011/08/31 10:39:15.0703 2784 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\windows\system32\drivers\i2omgmt.sys 2011/08/31 10:39:15.0828 2784 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\windows\system32\drivers\i2omp.sys 2011/08/31 10:39:16.0156 2784 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\windows\system32\DRIVERS\i8042prt.sys 2011/08/31 10:39:17.0109 2784 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\windows\system32\DRIVERS\igxpmp32.sys 2011/08/31 10:39:17.0687 2784 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys 2011/08/31 10:39:17.0765 2784 ini910u (4a40e045faee58631fd8d91afc620719) C:\windows\system32\drivers\ini910u.sys 2011/08/31 10:39:17.0937 2784 IntcAzAudAddService (bd4d6e6f708aa8503653e2be9d53459b) C:\windows\system32\drivers\RtkHDAud.sys 2011/08/31 10:39:18.0140 2784 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\windows\system32\drivers\IntelIde.sys 2011/08/31 10:39:18.0171 2784 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\windows\system32\DRIVERS\intelppm.sys 2011/08/31 10:39:18.0218 2784 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\DRIVERS\Ip6Fw.sys 2011/08/31 10:39:18.0250 2784 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys 2011/08/31 10:39:18.0281 2784 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys 2011/08/31 10:39:18.0328 2784 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys 2011/08/31 10:39:18.0390 2784 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys 2011/08/31 10:39:18.0437 2784 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys 2011/08/31 10:39:18.0500 2784 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\windows\system32\DRIVERS\isapnp.sys 2011/08/31 10:39:18.0578 2784 Jukebox3 (6c24d3878f44c271d94ea6cab1acd739) C:\windows\system32\DRIVERS\ctpdusb.sys 2011/08/31 10:39:18.0625 2784 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\windows\system32\DRIVERS\kbdclass.sys 2011/08/31 10:39:18.0687 2784 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\windows\system32\DRIVERS\kbdhid.sys 2011/08/31 10:39:18.0734 2784 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys 2011/08/31 10:39:18.0781 2784 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys 2011/08/31 10:39:18.0843 2784 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\windows\system32\drivers\lbrtfdc.sys 2011/08/31 10:39:18.0953 2784 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys 2011/08/31 10:39:19.0078 2784 Modem (8114eeac353f549331ab73e9af4219ed) C:\windows\system32\drivers\Modem.sys 2011/08/31 10:39:19.0125 2784 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\windows\system32\DRIVERS\mouclass.sys 2011/08/31 10:39:19.0187 2784 mouhid (18017899254e01371e1a39754d6bf98c) C:\windows\system32\DRIVERS\mouhid.sys 2011/08/31 10:39:19.0234 2784 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys 2011/08/31 10:39:19.0281 2784 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\windows\system32\drivers\mraid35x.sys 2011/08/31 10:39:19.0328 2784 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys 2011/08/31 10:39:19.0390 2784 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\windows\system32\DRIVERS\mrxsmb.sys 2011/08/31 10:39:19.0484 2784 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys 2011/08/31 10:39:19.0531 2784 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys 2011/08/31 10:39:19.0578 2784 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys 2011/08/31 10:39:19.0625 2784 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys 2011/08/31 10:39:19.0671 2784 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys 2011/08/31 10:39:19.0718 2784 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\windows\system32\drivers\Mup.sys 2011/08/31 10:39:19.0796 2784 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys 2011/08/31 10:39:19.0843 2784 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\windows\system32\DRIVERS\ndistapi.sys 2011/08/31 10:39:19.0906 2784 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys 2011/08/31 10:39:19.0968 2784 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys 2011/08/31 10:39:20.0015 2784 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\windows\system32\drivers\NDProxy.sys 2011/08/31 10:39:20.0140 2784 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys 2011/08/31 10:39:20.0203 2784 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys 2011/08/31 10:39:20.0296 2784 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys 2011/08/31 10:39:20.0359 2784 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys 2011/08/31 10:39:20.0437 2784 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys 2011/08/31 10:39:20.0484 2784 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys 2011/08/31 10:39:20.0531 2784 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys 2011/08/31 10:39:20.0593 2784 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\windows\system32\drivers\Parport.sys 2011/08/31 10:39:20.0625 2784 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys 2011/08/31 10:39:20.0671 2784 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\windows\system32\drivers\ParVdm.sys 2011/08/31 10:39:20.0734 2784 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\windows\system32\DRIVERS\pci.sys 2011/08/31 10:39:20.0812 2784 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\windows\system32\DRIVERS\pciide.sys 2011/08/31 10:39:20.0859 2784 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\windows\system32\drivers\Pcmcia.sys 2011/08/31 10:39:21.0015 2784 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\windows\system32\drivers\perc2.sys 2011/08/31 10:39:21.0062 2784 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\windows\system32\drivers\perc2hib.sys 2011/08/31 10:39:21.0218 2784 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys 2011/08/31 10:39:21.0250 2784 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys 2011/08/31 10:39:21.0312 2784 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys 2011/08/31 10:39:21.0375 2784 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\windows\system32\Drivers\PxHelp20.sys 2011/08/31 10:39:21.0437 2784 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\windows\system32\drivers\ql1080.sys 2011/08/31 10:39:21.0484 2784 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\windows\system32\drivers\Ql10wnt.sys 2011/08/31 10:39:21.0531 2784 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\windows\system32\drivers\ql12160.sys 2011/08/31 10:39:21.0578 2784 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\windows\system32\drivers\ql1240.sys 2011/08/31 10:39:21.0625 2784 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\windows\system32\drivers\ql1280.sys 2011/08/31 10:39:21.0671 2784 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys 2011/08/31 10:39:21.0734 2784 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys 2011/08/31 10:39:21.0796 2784 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys 2011/08/31 10:39:21.0859 2784 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys 2011/08/31 10:39:21.0906 2784 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys 2011/08/31 10:39:21.0953 2784 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys 2011/08/31 10:39:22.0031 2784 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\windows\system32\drivers\RDPWD.sys 2011/08/31 10:39:22.0078 2784 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\windows\system32\DRIVERS\redbook.sys 2011/08/31 10:39:22.0234 2784 RT80x86 (ed36e76a08971e133c3c5e2440bfbe84) C:\windows\system32\DRIVERS\RT2860.sys 2011/08/31 10:39:22.0281 2784 RTLE8023xp (f0a21c62b9b835e1c96268eaae31d239) C:\windows\system32\DRIVERS\Rtenicxp.sys 2011/08/31 10:39:22.0375 2784 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys 2011/08/31 10:39:22.0437 2784 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\windows\system32\drivers\Serial.sys 2011/08/31 10:39:22.0500 2784 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys 2011/08/31 10:39:22.0625 2784 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\windows\system32\drivers\Sparrow.sys 2011/08/31 10:39:22.0671 2784 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys 2011/08/31 10:39:22.0734 2784 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\windows\system32\DRIVERS\sr.sys 2011/08/31 10:39:22.0812 2784 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\windows\system32\DRIVERS\srv.sys 2011/08/31 10:39:22.0875 2784 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys 2011/08/31 10:39:22.0906 2784 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys 2011/08/31 10:39:22.0984 2784 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys 2011/08/31 10:39:23.0046 2784 symc810 (1ff3217614018630d0a6758630fc698c) C:\windows\system32\drivers\symc810.sys 2011/08/31 10:39:23.0093 2784 symc8xx (070e001d95cf725186ef8b20335f933c) C:\windows\system32\drivers\symc8xx.sys 2011/08/31 10:39:23.0140 2784 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\windows\system32\drivers\sym_hi.sys 2011/08/31 10:39:23.0203 2784 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\windows\system32\drivers\sym_u3.sys 2011/08/31 10:39:23.0296 2784 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys 2011/08/31 10:39:23.0375 2784 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys 2011/08/31 10:39:23.0437 2784 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys 2011/08/31 10:39:23.0468 2784 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys 2011/08/31 10:39:23.0531 2784 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys 2011/08/31 10:39:23.0625 2784 TosIde (5bc2144ab4f6090f12e49e9648b5a702) C:\windows\system32\drivers\TosIde.sys 2011/08/31 10:39:23.0703 2784 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys 2011/08/31 10:39:23.0750 2784 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\windows\system32\drivers\ultra.sys 2011/08/31 10:39:23.0812 2784 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys 2011/08/31 10:39:23.0906 2784 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys 2011/08/31 10:39:23.0968 2784 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys 2011/08/31 10:39:24.0031 2784 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys 2011/08/31 10:39:24.0078 2784 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys 2011/08/31 10:39:24.0125 2784 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys 2011/08/31 10:39:24.0171 2784 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\windows\system32\DRIVERS\usbser.sys 2011/08/31 10:39:24.0234 2784 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS 2011/08/31 10:39:24.0312 2784 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\windows\system32\DRIVERS\usbuhci.sys 2011/08/31 10:39:24.0359 2784 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys 2011/08/31 10:39:24.0406 2784 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\windows\system32\drivers\ViaIde.sys 2011/08/31 10:39:24.0453 2784 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\windows\system32\drivers\VolSnap.sys 2011/08/31 10:39:24.0578 2784 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys 2011/08/31 10:39:24.0640 2784 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys 2011/08/31 10:39:24.0875 2784 MBR (0x1B8) (326b1b82aff839009448e346f5d9ac45) \Device\Harddisk0\DR0 2011/08/31 10:39:25.0515 2784 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3 2011/08/31 10:39:25.0562 2784 Boot (0x1200) (7f95df88909490bb0600e5854c337a93) \Device\Harddisk0\DR0\Partition0 2011/08/31 10:39:25.0625 2784 Boot (0x1200) (0202d0a0837c799bff628e1f9e740a55) \Device\Harddisk0\DR0\Partition1 2011/08/31 10:39:25.0640 2784 Boot (0x1200) (d9494b52412302b6d824720c6f3a432d) \Device\Harddisk1\DR3\Partition0 2011/08/31 10:39:25.0671 2784 ================================================================================ 2011/08/31 10:39:25.0671 2784 Scan finished 2011/08/31 10:39:25.0671 2784 ================================================================================ 2011/08/31 10:39:25.0703 4092 Detected object count: 0 2011/08/31 10:39:25.0703 4092 Actual detected object count: 0
  3. Hopelijk is deze ok. ComboFix 11-08-30.01 - HP_Administrator 30/08/2011 15:22:00.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1015.380 [GMT 2:00] Gestart vanuit: c:\documents and settings\HP_Administrator\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\HP_Administrator\Bureaublad\CFScript.txt AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . . (((((((((((((((((((( Bestanden Gemaakt van 2011-07-28 to 2011-08-30 )))))))))))))))))))))))))))))) . . 2011-08-29 20:24 . 2011-08-29 20:24 -------- d-----w- C:\$AVG8.VAULT$ 2011-08-29 18:52 . 2011-08-29 18:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes 2011-08-29 18:52 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-29 18:52 . 2011-08-29 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-08-29 18:52 . 2011-08-29 18:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-29 18:52 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-28 20:12 . 2011-08-29 18:49 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Sammsoft 2011-08-28 11:29 . 2011-08-28 11:29 388096 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-08-28 11:29 . 2011-08-28 11:29 -------- d-----w- c:\program files\Trend Micro 2011-08-28 10:43 . 2011-08-28 10:43 1152 ----a-w- c:\windows\system32\windrv.sys 2011-08-28 10:43 . 2011-08-28 11:58 -------- d-----w- c:\program files\SpyNoMore 2011-08-28 10:35 . 2011-08-28 10:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\GetRightToGo . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-27 06:19 . 2011-06-03 05:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29 . 2009-01-12 06:27 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2009-01-12 06:27 10496 ------w- c:\windows\system32\drivers\ndistapi.sys 2011-06-28 17:37 . 2011-02-15 16:54 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-06-28 17:37 . 2011-02-15 16:54 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-06-24 14:10 . 2009-01-21 06:39 139656 ------w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:31 . 2009-01-12 06:27 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:31 . 2009-01-12 06:27 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:31 . 2009-01-12 06:27 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05 . 2009-01-12 06:27 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2009-01-12 06:27 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-06-06 11:35 . 2009-01-12 06:27 1859072 ----a-w- c:\windows\system32\win32k.sys 2011-08-27 09:20 . 2011-07-17 14:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-08-30_05.59.28 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-30 11:58 . 2011-08-30 11:58 16384 c:\windows\Temp\Perflib_Perfdata_55c.dat + 2009-01-12 06:27 . 2011-08-30 09:53 91118 c:\windows\system32\perfc013.dat + 2009-01-12 06:27 . 2011-08-30 09:53 71478 c:\windows\system32\perfc009.dat + 2009-01-12 06:27 . 2011-08-30 09:53 509046 c:\windows\system32\perfh013.dat + 2009-01-12 06:27 . 2011-08-30 09:53 441160 c:\windows\system32\perfh009.dat + 2011-08-30 07:52 . 2011-08-30 07:52 807936 c:\windows\Installer\2590525.msi . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2011-03-18 06:11 2471240 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2011-03-18 2471240] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2011-03-18 2471240] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-26 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-26 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-26 137752] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-06-04 2056192] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] "FLMOFFICE4DMOUSE"="c:\program files\Labtec\Desktop\V5.1\moffice.exe" [2009-06-30 958464] "OFFICEKB"="c:\program files\Labtec\Desktop\V5.1\kbdap32a.exe" [2009-06-30 387584] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-17 2048352] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "RTHDCPL"="RTHDCPL.EXE" [2008-10-26 17021440] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "SNM"="c:\program files\SpyNoMore\SNM.exe" [2010-07-12 1067984] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-12 110592] HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-6-5 479232] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\Hp\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\wamp\\bin\\apache\\Apache2.2.17\\bin\\httpd.exe"= "c:\\Program Files\\GIMPshop\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"= . R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/09/2009 8:25 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/09/2009 8:25 108552] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15/02/2011 18:54 136360] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13/09/2009 8:25 297752] R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [20/01/2009 8:56 712704] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/01/2011 14:44 136176] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [24/03/2006 19:14 33536] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [5/11/2010 10:48 947528] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20/01/2011 14:44 136176] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - 59942266 *Deregistered* - 59942266 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2011-06-25 c:\windows\Tasks\AdobeAAMUpdater-1.0-UW-3223ECC21047-HP_Administrator.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-06-25 15:42] . 2011-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-20 12:44] . 2011-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-20 12:44] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://decopains.be/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: taxonweb.be TCP: DhcpNameServer = 192.168.1.1 192.168.123.254 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\6pac91jj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q= FF - prefs.js: browser.search.selectedEngine - SweetIM Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2603445&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-30 15:35 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,02,91,99,7c,1d,9c,47,8e,16,97,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,02,91,99,7c,1d,9c,47,8e,16,97,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(756) c:\windows\system32\CLBCATQ.DLL c:\windows\system32\igfxdev.dll . - - - - - - - > 'explorer.exe'(3084) c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui c:\windows\system32\webcheck.dll . Voltooingstijd: 2011-08-30 15:46:37 ComboFix-quarantined-files.txt 2011-08-30 13:46 ComboFix2.txt 2011-08-30 12:27 ComboFix3.txt 2011-08-30 06:07 . Pre-Run: 28.013.846.528 bytes beschikbaar Post-Run: 28.005.797.888 bytes beschikbaar . - - End Of File - - 49FA8FA8CC200CB48A1DEFCAB09F4A17
  4. Srry,was al weer eens veel te vlug:embarassed: Hieronder de logjes. 2011/08/30 14:28:59.0765 2284 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57 2011/08/30 14:28:59.0953 2284 ================================================================================ 2011/08/30 14:28:59.0953 2284 SystemInfo: 2011/08/30 14:28:59.0953 2284 2011/08/30 14:28:59.0953 2284 OS Version: 5.1.2600 ServicePack: 3.0 2011/08/30 14:28:59.0953 2284 Product type: Workstation 2011/08/30 14:28:59.0953 2284 ComputerName: UW-3223ECC21047 2011/08/30 14:28:59.0953 2284 UserName: HP_Administrator 2011/08/30 14:28:59.0953 2284 Windows directory: C:\windows 2011/08/30 14:28:59.0953 2284 System windows directory: C:\windows 2011/08/30 14:28:59.0953 2284 Processor architecture: Intel x86 2011/08/30 14:28:59.0953 2284 Number of processors: 2 2011/08/30 14:28:59.0953 2284 Page size: 0x1000 2011/08/30 14:28:59.0953 2284 Boot type: Normal boot 2011/08/30 14:28:59.0953 2284 ================================================================================ 2011/08/30 14:29:01.0265 2284 Initialize success 2011/08/30 14:29:03.0765 2320 ================================================================================ 2011/08/30 14:29:03.0765 2320 Scan started 2011/08/30 14:29:03.0765 2320 Mode: Manual; 2011/08/30 14:29:03.0765 2320 ================================================================================ 2011/08/30 14:29:04.0906 2320 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\windows\system32\drivers\abp480n5.sys 2011/08/30 14:29:04.0953 2320 ACPI (02273a448ba21a7d447daeb47810d40c) C:\windows\system32\DRIVERS\ACPI.sys 2011/08/30 14:29:05.0046 2320 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\windows\system32\drivers\ACPIEC.sys 2011/08/30 14:29:05.0109 2320 ACSSCR (b6a0f723a54884e77fce0f69083f90c9) C:\windows\system32\DRIVERS\a38usb.sys 2011/08/30 14:29:05.0187 2320 adpu160m (9a11864873da202c996558b2106b0bbc) C:\windows\system32\drivers\adpu160m.sys 2011/08/30 14:29:05.0296 2320 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys 2011/08/30 14:29:05.0375 2320 AFD (355556d9e580915118cd7ef736653a89) C:\windows\System32\drivers\afd.sys 2011/08/30 14:29:05.0484 2320 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\windows\system32\drivers\Aha154x.sys 2011/08/30 14:29:05.0531 2320 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\windows\system32\drivers\aic78u2.sys 2011/08/30 14:29:05.0546 2320 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\windows\system32\drivers\aic78xx.sys 2011/08/30 14:29:05.0609 2320 AliIde (1140ab9938809700b46bb88e46d72a96) C:\windows\system32\drivers\AliIde.sys 2011/08/30 14:29:05.0656 2320 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\windows\system32\drivers\amsint.sys 2011/08/30 14:29:05.0718 2320 asc (62d318e9a0c8fc9b780008e724283707) C:\windows\system32\drivers\asc.sys 2011/08/30 14:29:05.0734 2320 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\windows\system32\drivers\asc3350p.sys 2011/08/30 14:29:05.0781 2320 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\windows\system32\drivers\asc3550.sys 2011/08/30 14:29:05.0859 2320 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys 2011/08/30 14:29:05.0906 2320 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys 2011/08/30 14:29:05.0968 2320 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys 2011/08/30 14:29:06.0015 2320 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys 2011/08/30 14:29:06.0093 2320 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/08/30 14:29:06.0171 2320 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\windows\System32\Drivers\avgldx86.sys 2011/08/30 14:29:06.0234 2320 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\windows\System32\Drivers\avgmfx86.sys 2011/08/30 14:29:06.0265 2320 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys 2011/08/30 14:29:06.0296 2320 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\windows\System32\Drivers\avgtdix.sys 2011/08/30 14:29:06.0359 2320 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys 2011/08/30 14:29:06.0406 2320 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys 2011/08/30 14:29:06.0671 2320 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys 2011/08/30 14:29:06.0703 2320 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\windows\system32\drivers\cd20xrnt.sys 2011/08/30 14:29:06.0750 2320 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys 2011/08/30 14:29:06.0781 2320 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys 2011/08/30 14:29:06.0843 2320 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys 2011/08/30 14:29:06.0890 2320 Changer (2a5815ca6fff24b688c01f828b96819c) C:\windows\system32\drivers\Changer.sys 2011/08/30 14:29:06.0968 2320 CmdIde (026ba1f2d9c9f742ec3823d0214cd67c) C:\windows\system32\drivers\CmdIde.sys 2011/08/30 14:29:07.0046 2320 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\windows\system32\drivers\Cpqarray.sys 2011/08/30 14:29:07.0109 2320 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\windows\system32\drivers\dac2w2k.sys 2011/08/30 14:29:07.0156 2320 dac960nt (683789caa3864eb46125ae86ff677d34) C:\windows\system32\drivers\dac960nt.sys 2011/08/30 14:29:07.0234 2320 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys 2011/08/30 14:29:07.0296 2320 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\windows\system32\drivers\dmboot.sys 2011/08/30 14:29:07.0375 2320 dmio (7268e66259722f6228c730685b201092) C:\windows\system32\drivers\dmio.sys 2011/08/30 14:29:07.0406 2320 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys 2011/08/30 14:29:07.0468 2320 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys 2011/08/30 14:29:07.0531 2320 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\windows\system32\drivers\dpti2o.sys 2011/08/30 14:29:07.0578 2320 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys 2011/08/30 14:29:07.0718 2320 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys 2011/08/30 14:29:07.0781 2320 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\drivers\Fdc.sys 2011/08/30 14:29:07.0812 2320 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\windows\system32\drivers\Fips.sys 2011/08/30 14:29:07.0859 2320 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\drivers\Flpydisk.sys 2011/08/30 14:29:07.0906 2320 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\DRIVERS\fltMgr.sys 2011/08/30 14:29:07.0968 2320 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys 2011/08/30 14:29:08.0015 2320 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\windows\system32\DRIVERS\ftdisk.sys 2011/08/30 14:29:08.0062 2320 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys 2011/08/30 14:29:08.0156 2320 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\windows\system32\DRIVERS\HDAudBus.sys 2011/08/30 14:29:08.0281 2320 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys 2011/08/30 14:29:08.0328 2320 hpn (b028377dea0546a5fcfba928a8aefae0) C:\windows\system32\drivers\hpn.sys 2011/08/30 14:29:08.0390 2320 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\windows\system32\DRIVERS\HPZid412.sys 2011/08/30 14:29:08.0421 2320 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\windows\system32\DRIVERS\HPZipr12.sys 2011/08/30 14:29:08.0484 2320 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\windows\system32\DRIVERS\HPZius12.sys 2011/08/30 14:29:08.0531 2320 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys 2011/08/30 14:29:08.0593 2320 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\windows\system32\drivers\i2omgmt.sys 2011/08/30 14:29:08.0640 2320 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\windows\system32\drivers\i2omp.sys 2011/08/30 14:29:08.0687 2320 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\windows\system32\DRIVERS\i8042prt.sys 2011/08/30 14:29:08.0921 2320 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\windows\system32\DRIVERS\igxpmp32.sys 2011/08/30 14:29:09.0171 2320 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys 2011/08/30 14:29:09.0234 2320 ini910u (4a40e045faee58631fd8d91afc620719) C:\windows\system32\drivers\ini910u.sys 2011/08/30 14:29:09.0406 2320 IntcAzAudAddService (bd4d6e6f708aa8503653e2be9d53459b) C:\windows\system32\drivers\RtkHDAud.sys 2011/08/30 14:29:09.0562 2320 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\windows\system32\drivers\IntelIde.sys 2011/08/30 14:29:09.0593 2320 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\windows\system32\DRIVERS\intelppm.sys 2011/08/30 14:29:09.0625 2320 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\DRIVERS\Ip6Fw.sys 2011/08/30 14:29:09.0656 2320 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys 2011/08/30 14:29:09.0687 2320 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys 2011/08/30 14:29:09.0750 2320 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys 2011/08/30 14:29:09.0812 2320 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys 2011/08/30 14:29:09.0937 2320 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys 2011/08/30 14:29:10.0000 2320 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\windows\system32\DRIVERS\isapnp.sys 2011/08/30 14:29:10.0062 2320 Jukebox3 (6c24d3878f44c271d94ea6cab1acd739) C:\windows\system32\DRIVERS\ctpdusb.sys 2011/08/30 14:29:10.0125 2320 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\windows\system32\DRIVERS\kbdclass.sys 2011/08/30 14:29:10.0187 2320 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\windows\system32\DRIVERS\kbdhid.sys 2011/08/30 14:29:10.0421 2320 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys 2011/08/30 14:29:10.0609 2320 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys 2011/08/30 14:29:10.0687 2320 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\windows\system32\drivers\lbrtfdc.sys 2011/08/30 14:29:10.0781 2320 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys 2011/08/30 14:29:10.0828 2320 Modem (8114eeac353f549331ab73e9af4219ed) C:\windows\system32\drivers\Modem.sys 2011/08/30 14:29:10.0890 2320 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\windows\system32\DRIVERS\mouclass.sys 2011/08/30 14:29:10.0937 2320 mouhid (18017899254e01371e1a39754d6bf98c) C:\windows\system32\DRIVERS\mouhid.sys 2011/08/30 14:29:10.0968 2320 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys 2011/08/30 14:29:11.0093 2320 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\windows\system32\drivers\mraid35x.sys 2011/08/30 14:29:11.0140 2320 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys 2011/08/30 14:29:11.0203 2320 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\windows\system32\DRIVERS\mrxsmb.sys 2011/08/30 14:29:11.0296 2320 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys 2011/08/30 14:29:11.0343 2320 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys 2011/08/30 14:29:11.0390 2320 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys 2011/08/30 14:29:11.0421 2320 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys 2011/08/30 14:29:11.0484 2320 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys 2011/08/30 14:29:11.0531 2320 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\windows\system32\drivers\Mup.sys 2011/08/30 14:29:11.0609 2320 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys 2011/08/30 14:29:11.0656 2320 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\windows\system32\DRIVERS\ndistapi.sys 2011/08/30 14:29:11.0703 2320 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys 2011/08/30 14:29:11.0750 2320 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys 2011/08/30 14:29:11.0781 2320 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\windows\system32\drivers\NDProxy.sys 2011/08/30 14:29:11.0828 2320 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys 2011/08/30 14:29:11.0890 2320 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys 2011/08/30 14:29:12.0000 2320 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys 2011/08/30 14:29:12.0078 2320 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys 2011/08/30 14:29:12.0203 2320 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys 2011/08/30 14:29:12.0265 2320 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys 2011/08/30 14:29:12.0281 2320 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys 2011/08/30 14:29:12.0343 2320 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\windows\system32\drivers\Parport.sys 2011/08/30 14:29:12.0421 2320 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys 2011/08/30 14:29:12.0468 2320 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\windows\system32\drivers\ParVdm.sys 2011/08/30 14:29:12.0531 2320 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\windows\system32\DRIVERS\pci.sys 2011/08/30 14:29:12.0593 2320 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\windows\system32\DRIVERS\pciide.sys 2011/08/30 14:29:12.0640 2320 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\windows\system32\drivers\Pcmcia.sys 2011/08/30 14:29:12.0796 2320 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\windows\system32\drivers\perc2.sys 2011/08/30 14:29:12.0828 2320 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\windows\system32\drivers\perc2hib.sys 2011/08/30 14:29:12.0953 2320 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys 2011/08/30 14:29:12.0984 2320 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys 2011/08/30 14:29:13.0031 2320 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys 2011/08/30 14:29:13.0078 2320 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\windows\system32\Drivers\PxHelp20.sys 2011/08/30 14:29:13.0140 2320 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\windows\system32\drivers\ql1080.sys 2011/08/30 14:29:13.0171 2320 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\windows\system32\drivers\Ql10wnt.sys 2011/08/30 14:29:13.0218 2320 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\windows\system32\drivers\ql12160.sys 2011/08/30 14:29:13.0375 2320 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\windows\system32\drivers\ql1240.sys 2011/08/30 14:29:13.0421 2320 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\windows\system32\drivers\ql1280.sys 2011/08/30 14:29:13.0468 2320 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys 2011/08/30 14:29:13.0531 2320 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys 2011/08/30 14:29:13.0609 2320 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys 2011/08/30 14:29:13.0671 2320 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys 2011/08/30 14:29:13.0734 2320 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys 2011/08/30 14:29:13.0765 2320 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys 2011/08/30 14:29:13.0843 2320 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\windows\system32\drivers\RDPWD.sys 2011/08/30 14:29:13.0890 2320 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\windows\system32\DRIVERS\redbook.sys 2011/08/30 14:29:14.0015 2320 RT80x86 (ed36e76a08971e133c3c5e2440bfbe84) C:\windows\system32\DRIVERS\RT2860.sys 2011/08/30 14:29:14.0062 2320 RTLE8023xp (f0a21c62b9b835e1c96268eaae31d239) C:\windows\system32\DRIVERS\Rtenicxp.sys 2011/08/30 14:29:14.0156 2320 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys 2011/08/30 14:29:14.0250 2320 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\windows\system32\drivers\Serial.sys 2011/08/30 14:29:14.0312 2320 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys 2011/08/30 14:29:14.0421 2320 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\windows\system32\drivers\Sparrow.sys 2011/08/30 14:29:14.0468 2320 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys 2011/08/30 14:29:14.0531 2320 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\windows\system32\DRIVERS\sr.sys 2011/08/30 14:29:14.0593 2320 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\windows\system32\DRIVERS\srv.sys 2011/08/30 14:29:14.0656 2320 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys 2011/08/30 14:29:14.0718 2320 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys 2011/08/30 14:29:14.0765 2320 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys 2011/08/30 14:29:14.0828 2320 symc810 (1ff3217614018630d0a6758630fc698c) C:\windows\system32\drivers\symc810.sys 2011/08/30 14:29:14.0859 2320 symc8xx (070e001d95cf725186ef8b20335f933c) C:\windows\system32\drivers\symc8xx.sys 2011/08/30 14:29:14.0906 2320 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\windows\system32\drivers\sym_hi.sys 2011/08/30 14:29:14.0937 2320 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\windows\system32\drivers\sym_u3.sys 2011/08/30 14:29:14.0984 2320 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys 2011/08/30 14:29:15.0078 2320 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys 2011/08/30 14:29:15.0125 2320 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys 2011/08/30 14:29:15.0156 2320 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys 2011/08/30 14:29:15.0203 2320 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys 2011/08/30 14:29:15.0281 2320 TosIde (5bc2144ab4f6090f12e49e9648b5a702) C:\windows\system32\drivers\TosIde.sys 2011/08/30 14:29:15.0359 2320 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys 2011/08/30 14:29:15.0421 2320 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\windows\system32\drivers\ultra.sys 2011/08/30 14:29:15.0468 2320 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys 2011/08/30 14:29:15.0562 2320 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys 2011/08/30 14:29:15.0625 2320 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys 2011/08/30 14:29:15.0656 2320 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys 2011/08/30 14:29:15.0718 2320 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys 2011/08/30 14:29:15.0750 2320 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys 2011/08/30 14:29:15.0796 2320 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\windows\system32\DRIVERS\usbser.sys 2011/08/30 14:29:15.0859 2320 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS 2011/08/30 14:29:15.0906 2320 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\windows\system32\DRIVERS\usbuhci.sys 2011/08/30 14:29:15.0953 2320 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys 2011/08/30 14:29:16.0000 2320 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\windows\system32\drivers\ViaIde.sys 2011/08/30 14:29:16.0046 2320 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\windows\system32\drivers\VolSnap.sys 2011/08/30 14:29:16.0156 2320 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys 2011/08/30 14:29:16.0250 2320 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys 2011/08/30 14:29:16.0468 2320 MBR (0x1B8) (326b1b82aff839009448e346f5d9ac45) \Device\Harddisk0\DR0 2011/08/30 14:29:16.0609 2320 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3 2011/08/30 14:29:16.0656 2320 Boot (0x1200) (7f95df88909490bb0600e5854c337a93) \Device\Harddisk0\DR0\Partition0 2011/08/30 14:29:16.0718 2320 Boot (0x1200) (0202d0a0837c799bff628e1f9e740a55) \Device\Harddisk0\DR0\Partition1 2011/08/30 14:29:16.0765 2320 Boot (0x1200) (d9494b52412302b6d824720c6f3a432d) \Device\Harddisk1\DR3\Partition0 2011/08/30 14:29:16.0781 2320 ================================================================================ 2011/08/30 14:29:16.0781 2320 Scan finished 2011/08/30 14:29:16.0781 2320 ================================================================================ 2011/08/30 14:29:16.0812 1712 Detected object count: 0 2011/08/30 14:29:16.0812 1712 Actual detected object count: 0 ComboFix 11-08-30.01 - HP_Administrator 30/08/2011 14:13:00.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1015.216 [GMT 2:00] Gestart vanuit: c:\documents and settings\HP_Administrator\Bureaublad\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Gast\Mijn documenten\~WRL1230.tmp c:\documents and settings\Gast\Mijn documenten\~WRL1916.tmp c:\documents and settings\Gast\Mijn documenten\~WRL2093.tmp c:\documents and settings\Gast\Mijn documenten\~WRL3297.tmp c:\documents and settings\Gast\Mijn documenten\120.doc c:\windows\system32\Thumbs.db . . (((((((((((((((((((( Bestanden Gemaakt van 2011-07-28 to 2011-08-30 )))))))))))))))))))))))))))))) . . 2011-08-29 18:52 . 2011-08-29 18:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes 2011-08-29 18:52 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-29 18:52 . 2011-08-29 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-08-29 18:52 . 2011-08-29 18:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-29 18:52 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-28 20:12 . 2011-08-29 18:49 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Sammsoft 2011-08-28 11:29 . 2011-08-28 11:29 388096 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-08-28 11:29 . 2011-08-28 11:29 -------- d-----w- c:\program files\Trend Micro 2011-08-28 10:43 . 2011-08-28 10:43 1152 ----a-w- c:\windows\system32\windrv.sys 2011-08-28 10:43 . 2011-08-28 11:58 -------- d-----w- c:\program files\SpyNoMore 2011-08-28 10:35 . 2011-08-28 10:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\GetRightToGo . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-27 06:19 . 2011-06-03 05:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29 . 2009-01-12 06:27 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2009-01-12 06:27 10496 ------w- c:\windows\system32\drivers\ndistapi.sys 2011-06-28 17:37 . 2011-02-15 16:54 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-06-28 17:37 . 2011-02-15 16:54 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-06-24 14:10 . 2009-01-21 06:39 139656 ------w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:31 . 2009-01-12 06:27 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:31 . 2009-01-12 06:27 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:31 . 2009-01-12 06:27 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05 . 2009-01-12 06:27 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2009-01-12 06:27 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-06-06 11:35 . 2009-01-12 06:27 1859072 ----a-w- c:\windows\system32\win32k.sys 2011-08-27 09:20 . 2011-07-17 14:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-08-30_05.59.28 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-30 11:58 . 2011-08-30 11:58 16384 c:\windows\Temp\Perflib_Perfdata_55c.dat + 2009-01-12 06:27 . 2011-08-30 09:53 91118 c:\windows\system32\perfc013.dat + 2009-01-12 06:27 . 2011-08-30 09:53 71478 c:\windows\system32\perfc009.dat + 2009-01-12 06:27 . 2011-08-30 09:53 509046 c:\windows\system32\perfh013.dat + 2009-01-12 06:27 . 2011-08-30 09:53 441160 c:\windows\system32\perfh009.dat + 2011-08-30 07:52 . 2011-08-30 07:52 807936 c:\windows\Installer\2590525.msi . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2011-03-18 06:11 2471240 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2011-03-18 2471240] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2011-03-18 2471240] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-26 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-26 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-26 137752] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-06-04 2056192] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] "FLMOFFICE4DMOUSE"="c:\program files\Labtec\Desktop\V5.1\moffice.exe" [2009-06-30 958464] "OFFICEKB"="c:\program files\Labtec\Desktop\V5.1\kbdap32a.exe" [2009-06-30 387584] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-17 2048352] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "RTHDCPL"="RTHDCPL.EXE" [2008-10-26 17021440] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "SNM"="c:\program files\SpyNoMore\SNM.exe" [2010-07-12 1067984] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-12 110592] HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-6-5 479232] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\Hp\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\wamp\\bin\\apache\\Apache2.2.17\\bin\\httpd.exe"= "c:\\Program Files\\GIMPshop\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"= . R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/09/2009 8:25 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/09/2009 8:25 108552] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15/02/2011 18:54 136360] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13/09/2009 8:25 297752] R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [20/01/2009 8:56 712704] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/01/2011 14:44 136176] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [24/03/2006 19:14 33536] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [5/11/2010 10:48 947528] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20/01/2011 14:44 136176] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2011-06-25 c:\windows\Tasks\AdobeAAMUpdater-1.0-UW-3223ECC21047-HP_Administrator.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-06-25 15:42] . 2011-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-20 12:44] . 2011-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-20 12:44] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://decopains.be/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: taxonweb.be TCP: DhcpNameServer = 192.168.1.1 192.168.123.254 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\6pac91jj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q= FF - prefs.js: browser.search.selectedEngine - SweetIM Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2603445&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-30 14:24 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,02,91,99,7c,1d,9c,47,8e,16,97,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,02,91,99,7c,1d,9c,47,8e,16,97,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(756) c:\windows\system32\CLBCATQ.DLL . Voltooingstijd: 2011-08-30 14:27:40 ComboFix-quarantined-files.txt 2011-08-30 12:27 ComboFix2.txt 2011-08-30 06:07 . Pre-Run: 44.253.048.832 bytes beschikbaar Post-Run: 44.252.524.544 bytes beschikbaar . - - End Of File - - F47E6BDA99974D79C2EFBADAD89D5DB3
  5. Hmmm,lekker die wijn. Zal vlugger terugkeren naar het PC helpforum en hopelijk whitout problems omdat fotofgrafie en PS ook beoefend worden als hobby,bijleren nooit te oud voor:top:
  6. Onder het logbestand van ComboFix. Vroeger avondonderwijs webdesign gevolgd,zal er eens eentje moeten volgen PC probs solver Thx iedereen voor het vlug oplossen voor mijn conhost.exe probleem (hopelijk zie ik dit nooit meer terug) Zonder jullie was het niet gelukt en de helft wat ik gedaan heb is latijn for me. Bedankt ComboFix 11-08-29.03 - HP_Administrator 29/08/2011 22:35:55.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1015.140 [GMT 2:00] Gestart vanuit: c:\documents and settings\HP_Administrator\Bureaublad\ComboFix.exe AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Gast\Application Data\facemoods.com c:\documents and settings\HP_Administrator\Application Data\facemoods.com c:\documents and settings\HP_Administrator\Application Data\PriceGong c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\1.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\a.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\b.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\c.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\d.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\e.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\f.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\g.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\h.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\i.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\J.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\k.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\l.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\m.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\mru.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\n.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\o.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\p.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\q.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\r.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\s.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\t.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\u.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\v.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\w.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\x.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\y.xml c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\z.xml c:\documents and settings\HP_Administrator\System c:\documents and settings\HP_Administrator\System\win_qs8.jqx c:\documents and settings\HP_Administrator\WINDOWS c:\documents and settings\NetworkService\Application Data\facemoods.com c:\documents and settings\NetworkService\Application Data\PriceGong c:\documents and settings\NetworkService\Application Data\PriceGong\Data\1.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\a.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\b.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\c.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\d.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\e.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\f.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\g.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\h.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\i.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\j.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\k.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\l.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\m.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\n.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\o.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\p.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\q.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\r.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\s.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\t.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\u.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\v.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\w.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\wlu.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\x.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\y.txt c:\documents and settings\NetworkService\Application Data\PriceGong\Data\z.txt c:\program files\AA Antimalware c:\program files\AA Antimalware\AdwareAway_Scan_Result_20110827_130910.log c:\program files\AA Antimalware\debug.log c:\program files\AA Antimalware\LastScanResult.log c:\windows\system32\config\systemprofile\Application Data\facemoods.com c:\windows\system32\config\systemprofile\Application Data\PriceGong c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\1.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\a.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\b.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\c.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\d.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\e.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\f.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\g.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\h.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\i.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\j.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\k.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\l.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\m.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\n.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\o.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\p.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\q.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\r.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\s.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\t.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\u.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\v.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\w.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\wlu.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\x.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\y.txt c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\z.txt . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_DIAGNOSTICSCAN -------\Legacy_SSHNAS -------\Legacy_START1DRIVER . . (((((((((((((((((((( Bestanden Gemaakt van 2011-07-28 to 2011-08-30 )))))))))))))))))))))))))))))) . . 2011-08-29 20:24 . 2011-08-29 20:24 -------- d-----w- C:\$AVG8.VAULT$ 2011-08-29 18:52 . 2011-08-29 18:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes 2011-08-29 18:52 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-29 18:52 . 2011-08-29 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-08-29 18:52 . 2011-08-29 18:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-29 18:52 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-28 20:12 . 2011-08-29 18:49 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Sammsoft 2011-08-28 11:29 . 2011-08-28 11:29 388096 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-08-28 11:29 . 2011-08-28 11:29 -------- d-----w- c:\program files\Trend Micro 2011-08-28 10:43 . 2011-08-28 10:43 1152 ----a-w- c:\windows\system32\windrv.sys 2011-08-28 10:43 . 2011-08-28 11:58 -------- d-----w- c:\program files\SpyNoMore 2011-08-28 10:35 . 2011-08-28 10:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\GetRightToGo . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-27 06:19 . 2011-06-03 05:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29 . 2009-01-12 06:27 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2009-01-12 06:27 10496 ------w- c:\windows\system32\drivers\ndistapi.sys 2011-06-28 17:37 . 2011-02-15 16:54 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-06-28 17:37 . 2011-02-15 16:54 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-06-24 14:10 . 2009-01-21 06:39 139656 ------w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:31 . 2009-01-12 06:27 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:31 . 2009-01-12 06:27 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:31 . 2009-01-12 06:27 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05 . 2009-01-12 06:27 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2009-01-12 06:27 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-06-06 11:35 . 2009-01-12 06:27 1859072 ----a-w- c:\windows\system32\win32k.sys 2011-08-27 09:20 . 2011-07-17 14:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2011-03-18 06:11 2471240 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2011-03-18 2471240] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2011-03-18 2471240] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-26 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-26 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-26 137752] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-06-04 2056192] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] "FLMOFFICE4DMOUSE"="c:\program files\Labtec\Desktop\V5.1\moffice.exe" [2009-06-30 958464] "OFFICEKB"="c:\program files\Labtec\Desktop\V5.1\kbdap32a.exe" [2009-06-30 387584] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-17 2048352] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "RTHDCPL"="RTHDCPL.EXE" [2008-10-26 17021440] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "SNM"="c:\program files\SpyNoMore\SNM.exe" [2010-07-12 1067984] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-12 110592] HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-6-5 479232] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\Hp\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\wamp\\bin\\apache\\Apache2.2.17\\bin\\httpd.exe"= "c:\\Program Files\\GIMPshop\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"= . R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/09/2009 8:25 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/09/2009 8:25 108552] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15/02/2011 18:54 136360] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13/09/2009 8:25 297752] R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [20/01/2009 8:56 712704] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/01/2011 14:44 136176] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [24/03/2006 19:14 33536] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [5/11/2010 10:48 947528] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20/01/2011 14:44 136176] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2011-06-25 c:\windows\Tasks\AdobeAAMUpdater-1.0-UW-3223ECC21047-HP_Administrator.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-06-25 15:42] . 2011-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-20 12:44] . 2011-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-20 12:44] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://decopains.be/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: taxonweb.be TCP: DhcpNameServer = 192.168.1.1 192.168.123.254 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\6pac91jj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q= FF - prefs.js: browser.search.selectedEngine - SweetIM Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2603445&q= . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll WebBrowser-{65CA59EE-9920-4D7F-8C41-BFA12403261A} - (no file) HKCU-Run-Polar Sync - (no file) HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe AddRemove-CrossTrak - c:\program files\H&M Riley Consulting AddRemove-FoxTab PDF Converter - c:\program files\FoxTabPDFConverter\\ftpdf_inst.exe AddRemove-Hard Disk Low Level Format Tool_is1 - c:\program files\HDDGURU LLF Tool\unins000.exe AddRemove-HP Solution Center & Imaging Support Tools - c:\program files\HP\Digital Imaging\eSupport\hpzscr01.exe AddRemove-SpyNoMore - c:\program files\SpyNoMore\uninst.exe AddRemove-Van Welden & Partners Profielstaal_is1 - c:\program files\Van Welden & Partners Profielstaal\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-08-30 07:58 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run Polar Sync = ?:\program files\polar\polar sync\????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,02,91,99,7c,1d,9c,47,8e,16,97,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,02,91,99,7c,1d,9c,47,8e,16,97,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(3936) c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui c:\program files\Labtec\Desktop\V5.1\MOUDL32A.DLL c:\windows\system32\webcheck.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\System32\SCardSvr.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\CTsvcCDA.exe c:\program files\Google\Update\1.3.21.65\GoogleCrashHandler.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\TEMP\conhost.exe c:\windows\system32\igfxsrvc.exe c:\program files\Labtec\Desktop\V5.1\MOUSE32A.EXE c:\windows\RTHDCPL.EXE c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe c:\program files\Common Files\Java\Java Update\jucheck.exe . ************************************************************************** . Voltooingstijd: 2011-08-30 08:07:31 - machine werd herstart ComboFix-quarantined-files.txt 2011-08-30 06:07 . Pre-Run: 42.814.668.800 bytes beschikbaar Post-Run: 44.321.755.136 bytes beschikbaar . - - End Of File - - 50C78F603FD3250B625866D7D5D62C0B
  7. Nog maar pas geregistreerd doch site stond al ongeveer een klein jaar bij m'n bladwijzers en bij een probleem kwam ik eens kijken. Zeer positief tot nu toe qua hulp en helpsnelheid (scrabble woordje )
  8. Hallo, Sry vr de late reactie doch werken.. Heb dus alles zoals gevraagd afgehandeld en moet heel stillll:adore:melden dat AVS ondertussen niks meer gemeld heeft over conhost.exe. Is het weg,ik weet het niet. Hieronder de logbestandjes van beide. Grtz & thx Malwarebytes' Anti-Malware 1.51.1.1800 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: 7606 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 29/08/2011 21:33:43 mbam-log-2011-08-29 (21-33-43).txt Scantype: Snelle scan Objecten gescand: 181350 Verstreken tijd: 9 minuut/minuten, 17 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:39:31, on 29/08/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\windows\system32\CTsvcCDA.exe C:\windows\system32\svchost.exe C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\windows\System32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\windows\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\Labtec\Desktop\V5.1\moffice.exe C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\windows\RTHDCPL.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\SpyNoMore\SNM.exe C:\windows\system32\ctfmon.exe C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Thunderbird 3 Beta 2\thunderbird.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\windows\TEMP\conhost.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://decopains.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra 'Tools' menuitem: &Instellingen voor Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\windows\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe -- End of file - 10776 bytes
  9. Alvast bedankt
  10. Heb ongeveer hetzelfde probleem denk ik. Bij AVS komt er elke keer een warning over conhost.exe in temp files,wanneer ik deze zoek vind ik deze niet teug. Heb voor de eerste maal hijack gedownload en hier eveneens bijgevoegd. Weet niet of ik het juist heb gedaan of er teveel heb opgezet.A lvast bedankt voor nuttige info.Mo est ik het posten op een andere topic laat het me eveneens weten. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:34:07, on 28/08/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\windows\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\system32\CTsvcCDA.exe C:\windows\system32\svchost.exe C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\windows\System32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Labtec\Desktop\V5.1\moffice.exe C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\windows\RTHDCPL.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\windows\system32\ctfmon.exe C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\windows\system32\taskmgr.exe C:\Program Files\SpyNoMore\SNM.exe C:\windows\explorer.exe C:\Program Files\Mozilla Thunderbird 3 Beta 2\thunderbird.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://decopains.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=iron&s={searchTerms}&f=4 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - *{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - (no file) R3 - URLSearchHook: Softonic Netherlands Toolbar - {65ca59ee-9920-4d7f-8c41-bfa12403261a} - C:\Program Files\Softonic_Netherlands\prxtbSoft.dll R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Softonic Netherlands - {65ca59ee-9920-4d7f-8c41-bfa12403261a} - C:\Program Files\Softonic_Netherlands\prxtbSoft.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing) O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Softonic Netherlands Toolbar - {65ca59ee-9920-4d7f-8c41-bfa12403261a} - C:\Program Files\Softonic_Netherlands\prxtbSoft.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [8DDYX0ZBPZ] C:\windows\TEMP\Lmx.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [89DGCM7LPJ] C:\windows\TEMP\Lmw.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra 'Tools' menuitem: &Instellingen voor Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe (file missing) O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\windows\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe -- End of file - 12997 bytes
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.