Archief - Laptop met rare kuren.

mtm · 24 mei 2012

Vandaag problemen gehad met het opstarten. Ik kreeg de laptop eerst zelfs helemaal niet opgestart, bleef hangen in het boot-scherm en gaf dan één of andere dwaze melding.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:45:14, on 24/05/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG

ystem.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dries\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 10070 bytes

Juisterr · 25 mei 2012

Dwaze (wat voor ?) melding ?

Download ComboFix van één van deze locaties:

Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

mtm · 26 mei 2012

Als ik die melding nu nog eens wist. :unsure:

Hij vroeg alleszins direct na de opstart iets van een disk. Ik heb even wat opgezocht en het leek op dit geloof ik: DISK BOOT FAILURE, INSERT SYSTEM DISK AND PRESS ENTER

ComboFix 12-05-25.03 - Dries 26/05/2012 0:27.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.4095.2619 [GMT 2:00]
Gestart vanuit: c:\users\Dries\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\lsprst7.dll
D:\install.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-04-25 to 2012-05-25 ))))))))))))))))))))))))))))))
.
.
2012-05-25 22:31 . 2012-05-25 22:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-24 20:35 . 2012-05-24 20:35 -------- d-----w- C:\$AVG
2012-05-13 01:02 . 2012-05-13 01:02 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-13 01:02 . 2012-05-13 01:02 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-12 12:41 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 12:41 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-12 12:40 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 12:40 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 12:40 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 12:40 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 12:38 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 12:37 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 12:37 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 12:37 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 12:37 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 12:37 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 12:37 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 21:49 . 2012-05-20 18:37 -------- d-----w- c:\users\Dries\AppData\Roaming\Skype
2012-05-10 21:49 . 2012-05-10 21:49 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-05-10 21:49 . 2012-05-10 21:49 -------- d-----r- c:\program files (x86)\Skype
2012-05-10 21:49 . 2012-05-10 21:49 -------- d-----w- c:\programdata\Skype
2012-05-09 09:10 . 2012-05-09 09:10 -------- d-----w- c:\users\Dries\AppData\Roaming\beid-cache
2012-04-30 13:24 . 2012-04-30 13:24 -------- d-----w- c:\program files\DIFX
2012-04-30 13:24 . 2012-04-30 13:24 -------- d-----w- c:\windows\SysWow64\siscardplugins
2012-04-30 13:24 . 2012-04-30 13:24 -------- d-----w- c:\windows\SysWow64\beidpp
2012-04-30 13:24 . 2012-04-30 13:24 -------- d-----w- c:\program files\log
2012-04-30 13:24 . 2012-04-30 13:24 -------- d-----w- c:\program files (x86)\Belgium Identity Card
2012-04-30 13:24 . 2012-04-30 13:24 -------- d-----w- C:\drivers
2012-04-30 13:19 . 2012-04-30 13:19 -------- d-----w- c:\users\Dries\AppData\Roaming\OpenTrust
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-11 18:26 . 2012-04-11 08:26 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-11 18:26 . 2012-02-07 00:29 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-28 09:10 . 2012-03-28 09:10 113664 ----a-w- c:\windows\system32\beidpkcs11.dll
2012-03-28 09:10 . 2012-03-28 09:10 268288 ----a-w- c:\windows\system32\beid35cardlayer.dll
2012-03-28 09:10 . 2012-03-28 09:10 273408 ----a-w- c:\windows\system32\beid35DlgsWin32.dll
2012-03-28 09:09 . 2012-03-28 09:09 147456 ----a-w- c:\windows\system32\beid35common.dll
2012-03-28 09:05 . 2012-03-28 09:05 360448 ----a-w- c:\windows\SysWow64\beid35applayer.dll
2012-03-28 09:05 . 2012-03-28 09:05 98304 ----a-w- c:\windows\SysWow64\Belgium Identity Card PKCS11.dll
2012-03-28 09:05 . 2012-03-28 09:05 98304 ----a-w- c:\windows\SysWow64\beidpkcs11.dll
2012-03-28 09:05 . 2012-03-28 09:05 200704 ----a-w- c:\windows\SysWow64\beid35cardlayer.dll
2012-03-28 09:04 . 2012-03-28 09:04 266240 ----a-w- c:\windows\SysWow64\beid35DlgsWin32.dll
2012-03-28 09:04 . 2012-03-28 09:04 200704 ----a-w- c:\windows\SysWow64\eidlib.dll
2012-03-28 09:04 . 2012-03-28 09:04 200704 ----a-w- c:\windows\SysWow64\beidlib.dll
2012-03-28 09:04 . 2012-03-28 09:04 126976 ----a-w- c:\windows\SysWow64\beid35common.dll
2012-03-05 19:44 . 2012-02-07 12:13 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-01 09:53 . 2012-03-01 09:53 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-01 06:46 . 2012-04-13 09:11 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-13 09:11 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-13 09:11 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-13 09:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-13 09:11 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-13 09:11 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-13 09:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-13 09:14 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-13 09:14 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-13 09:14 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-13 09:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-13 09:14 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-13 09:14 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-13 09:14 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-13 09:14 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-15 98304]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\rismcx64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2986426266-951974222-827041030-1001Core.job
- c:\users\Dries\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:16]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2986426266-951974222-827041030-1001UA.job
- c:\users\Dries\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-(standaard) - (no file)
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-05-26 00:33:53
ComboFix-quarantined-files.txt 2012-05-25 22:33
.
Pre-Run: 24.820.695.040 bytes beschikbaar
Post-Run: 24.681.345.024 bytes beschikbaar
.
- - End Of File - - BF4ADC03076B177A94E744B6B0E54BF3

Juisterr · 26 mei 2012

Al beter ?

mtm · 26 mei 2012

Hupla, zonet weer in panne gevallen. Dit keer zo slim geweest om wat foto's te nemen van de meldingen die ik krijg.

Initieel blijft hij ongeveer 10 seconden hangen in dit scherm (komt er altijd bij de opstart, dus niets speciaals, maar normaal blijft hij hier maar 2 seconden in hangen).

Daarna komt dit scherm erop:

Een paar keer opnieuw proberen opstarten maar steeds hetzelfde probleem. Daarna heb ik alles wat in USB-poorten instak uitgetrokken (muis en externe HD). Daarna kreeg ik een andere foutmelding (geen idee of het net toeval is, of dat die externe HD daar iets mee te maken heeft). In volgende volgorde de berichten op mijn scherm:

Wat ik als laatste nog wil opmerken: ook gemerkt dat mijn laptop af en toe een paar seconden blijft hangen. Ik merk dat meestal omdat mijn muziek opstaat en die ineens blijft hangen en ik enkel ttttttttttttttt hoor

.

Hopelijk weet jij hier wat meer over. Ik vrees al dat iets van mijn hardware stuk is.

Juisterr · 28 mei 2012

Dat verwacht ik ook, wil je dat hier vragen aub en verwijs naar dit topic.

mtm · 8 jun 2012

Deze problemen zijn opgelost.

Maar nu met het installeren van MacDrive te snel geweest, waardoor ik weer een hele hoop smodder mee geïnstalleerd heb (toolbar en andere nest).

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:26:55, on 8/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 9685 bytes

Juisterr · 12 jun 2012

Toolbars zijn :puke:

Download OTL naar je Bureaublad

Dubbelklik op OTL.com om het programma te openen. Zorg ervoor dat all andere vensters gesloten zijn, en laat het programma ongestoord zijn werk doen.
Zet een vinkje bij Scan All Users.
Klik op de knop Quick Scan. Verander de instellingen van OTL niet, tenzij ik je hiervoor specifiek instructies geef. De scan zal niet heel erg lang duren.
- Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is. OTL.Txt en Extras.Txt. Deze bestanden zijn opgeslagen in dezelfde locatie als OTL.
- Kopieer (Bewerken->Alles selecteren, Bewerken->Kopiëren) en plak (Bewerken->Alles selecteren, Bewerken->Plakken) de inhoud van deze twee bestanden één voor één in je volgende bericht.

mtm · 13 jun 2012

Ja, kent ge het... Rap iets willen installeren, in die install op next klikken en niet de tijd pakken om te lezen wat er staat... Altijd als ik chrome open, opent die ook ineens een tabblad met 'Babylon Search'. Idem bij IE. Dus ik wil niet weten wat voor rommel er allemaal op mijn laptop is blijven hangen. Als ik mijn laptop opstart krijg ik ook een foutmelding van BCHelper.exe. Dat komt waarschijnlijk omdat ik hier en daar wat verwijderd heb van die rommel, maar belange niet alles.

mtm · 13 jun 2012

OTL logfile created on: 13/06/2012 12:05:46 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Dries\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

4,00 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 71,88% Memory free
8,00 Gb Paging File | 6,56 Gb Available in Paging File | 82,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,59 Gb Total Space | 20,33 Gb Free Space | 34,69% Space Free | Partition Type: NTFS
Drive D: | 90,45 Gb Total Space | 4,65 Gb Free Space | 5,14% Space Free | Partition Type: NTFS

Computer Name: DRIES-PC | User Name: Dries | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/13 12:01:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Dries\Downloads\OTL.com
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/01 18:47:26 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/04/05 10:41:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2010/04/05 10:40:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/13 19:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/09/15 22:17:40 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/02/06 12:45:30 | 000,080,384 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV:64bit: - [2006/11/28 17:45:16 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.exe -- (XAudioService)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/04/05 10:40:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/08 12:51:24 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/25 18:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 15:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/05/13 19:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 19:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/04 03:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/05 10:31:54 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/25 01:02:38 | 000,019,000 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CPQBTTN.sys -- (HBtnKey)
DRV:64bit: - [2009/12/03 17:48:32 | 000,716,872 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009/09/16 00:34:00 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/23 10:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/20 15:05:50 | 000,059,008 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64)
DRV:64bit: - [2009/07/20 15:05:50 | 000,059,008 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (RICOH SmartCard Reader)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 20:12:30 | 000,286,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6232e.sys -- (e1express) Intel(R)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/24 18:25:48 | 000,402,432 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2006/12/22 13:33:28 | 001,511,936 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2006/12/22 13:30:50 | 000,300,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2006/12/22 13:29:48 | 000,731,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/11/28 17:45:06 | 000,009,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2006/06/19 15:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2986426266-951974222-827041030-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKU\S-1-5-21-2986426266-951974222-827041030-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
IE - HKU\S-1-5-21-2986426266-951974222-827041030-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-BE
IE - HKU\S-1-5-21-2986426266-951974222-827041030-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 FB F9 86 0E 41 CD 01 [binary data]
IE - HKU\S-1-5-21-2986426266-951974222-827041030-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2986426266-951974222-827041030-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2986426266-951974222-827041030-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112060&tt=060612_6_&babsrc=SP_ss&mntrId=8edeb5ac00000000000000218662d4b2
IE - HKU\S-1-5-21-2986426266-951974222-827041030-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2986426266-951974222-827041030-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dries\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dries\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/12 08:54:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Mozilla Firefox\extensions\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/06 18:13:47 | 000,000,000 | ---D | M]

[2012/04/30 15:24:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/30 15:24:21 | 000,000,000 | ---D | M] (eID BelgiÃ«) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google

earchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google

earchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dries\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dries\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dries\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Dries\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Dries\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dries\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Angry Birds = C:\Users\Dries\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Silver Bird = C:\Users\Dries\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic\1.9.8.8_0\
CHR - Extension: Mail Checker Plus for Google Mail\u2122 = C:\Users\Dries\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffjhibehnempbkeheiccaincokdjbfe\1.2.3.7_0\
CHR - Extension: AdBlock = C:\Users\Dries\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.35_0\
CHR - Extension: TweetDeck = C:\Users\Dries\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\1.4_0\
CHR - Extension: AVG Safe Search = C:\Users\Dries\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: TweetDeck Launcher = C:\Users\Dries\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmjdnkpkpnjblbgbnkeedepgnomafojk\1.0_0\
CHR - Extension: AVG Do Not Track = C:\Users\Dries\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

O1 HOSTS File: ([2012/05/26 00:31:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2986426266-951974222-827041030-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2986426266-951974222-827041030-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01FFE60E-AAE7-46E1-928E-6BF8455BB6F1}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

mtm · 13 jun 2012

========== Files/Folders - Created Within 30 Days ==========

[2012/06/12 08:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/08 23:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/06/08 23:26:05 | 000,000,000 | ---D | C] -- C:\Users\Dries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/06/08 23:04:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/06/08 23:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowserCompanion
[2012/06/08 23:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/05/30 23:05:25 | 000,000,000 | R--D | C] -- C:\Users\Dries\Dropbox
[2012/05/30 23:03:42 | 000,000,000 | ---D | C] -- C:\Users\Dries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/05/30 23:03:23 | 000,000,000 | ---D | C] -- C:\Users\Dries\AppData\Roaming\Dropbox
[2012/05/26 09:42:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/26 00:26:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/26 00:26:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/26 00:26:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/26 00:26:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/26 00:26:27 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/26 00:19:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/25 09:21:35 | 000,000,000 | ---D | C] -- C:\Users\Dries\Desktop\Emperical Assignment
[2012/05/24 22:35:13 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/05/23 20:53:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

========== Files - Modified Within 30 Days ==========

[2012/06/13 12:00:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/13 11:28:41 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2986426266-951974222-827041030-1001UA.job
[2012/06/13 09:36:19 | 100,275,833 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/13 09:18:23 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 09:18:23 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 09:10:45 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/12 18:23:04 | 000,388,741 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/06/12 15:27:00 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2986426266-951974222-827041030-1001Core.job
[2012/06/12 09:29:48 | 000,002,397 | ---- | M] () -- C:\Users\Dries\Desktop\Google Chrome.lnk
[2012/06/12 08:54:06 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/08 23:26:05 | 000,002,975 | ---- | M] () -- C:\Users\Dries\Desktop\HiJackThis.lnk
[2012/06/08 23:12:02 | 001,562,674 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/08 23:12:02 | 000,704,148 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012/06/08 23:12:02 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/08 23:12:02 | 000,135,630 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012/06/08 23:12:02 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/08 23:03:03 | 000,001,531 | ---- | M] () -- C:\user.js
[2012/05/30 23:05:25 | 000,001,039 | ---- | M] () -- C:\Users\Dries\Desktop\Dropbox.lnk
[2012/05/26 20:08:14 | 000,020,480 | ---- | M] () -- C:\Users\Dries\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/26 00:31:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

========== Files Created - No Company Name ==========

[2012/06/08 23:26:05 | 000,002,975 | ---- | C] () -- C:\Users\Dries\Desktop\HiJackThis.lnk
[2012/06/08 23:02:59 | 000,001,531 | ---- | C] () -- C:\user.js
[2012/05/30 23:05:25 | 000,001,039 | ---- | C] () -- C:\Users\Dries\Desktop\Dropbox.lnk
[2012/05/26 00:26:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/26 00:26:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/26 00:26:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/26 00:26:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/26 00:26:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/05 10:08:10 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012/02/13 00:20:59 | 000,020,480 | ---- | C] () -- C:\Users\Dries\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/12 23:19:00 | 000,225,281 | ---- | C] () -- C:\Windows\hpwins28.dat
[2012/02/12 23:19:00 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2012/02/03 21:18:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/28 11:18:42 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\belpicppgui.dll

========== LOP Check ==========

[2012/02/05 21:30:36 | 000,000,000 | ---D | M] -- C:\Users\Dries\AppData\Roaming\AVG2012
[2012/06/08 17:29:09 | 000,000,000 | ---D | M] -- C:\Users\Dries\AppData\Roaming\Azureus
[2012/05/09 11:10:31 | 000,000,000 | ---D | M] -- C:\Users\Dries\AppData\Roaming\beid-cache
[2012/02/13 00:28:56 | 000,000,000 | ---D | M] -- C:\Users\Dries\AppData\Roaming\Blackberry Desktop
[2012/06/11 18:34:11 | 000,000,000 | ---D | M] -- C:\Users\Dries\AppData\Roaming\Dropbox
[2012/04/30 15:19:25 | 000,000,000 | ---D | M] -- C:\Users\Dries\AppData\Roaming\OpenTrust
[2012/02/13 00:19:58 | 000,000,000 | ---D | M] -- C:\Users\Dries\AppData\Roaming\Research in Motion
[2012/03/31 12:32:15 | 000,000,000 | ---D | M] -- C:\Users\Dries\AppData\Roaming\Sports Interactive
[2012/02/06 15:01:39 | 000,000,000 | ---D | M] -- C:\Users\Dries\AppData\Roaming\WinBatch
[2012/05/08 08:55:22 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

mtm · 13 jun 2012

OTL Extras logfile created on: 13/06/2012 12:05:46 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Dries\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

4,00 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 71,88% Memory free
8,00 Gb Paging File | 6,56 Gb Available in Paging File | 82,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,59 Gb Total Space | 20,33 Gb Free Space | 34,69% Space Free | Partition Type: NTFS
Drive D: | 90,45 Gb Total Space | 4,65 Gb Free Space | 5,14% Space Free | Partition Type: NTFS

Computer Name: DRIES-PC | User Name: Dries | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001C9B2F-6E0B-429B-93A8-22C0DC6B4D88}" = rport=445 | protocol=6 | dir=out | app=system |
"{00489395-6554-4999-A9F4-94981746A459}" = rport=10243 | protocol=6 | dir=out | app=system |
"{01F5197A-43CB-49A6-B87B-D5A41914A611}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0EBDAB00-62AD-4A6F-83F3-AD05E4D243E0}" = lport=137 | protocol=17 | dir=in | app=system |
"{15B764B3-E2D3-42B9-A159-772043F446C4}" = rport=137 | protocol=17 | dir=out | app=system |
"{1F2977BD-563B-4463-A410-CBC0B9479B01}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2438773F-824E-4EB3-BBD5-BEC170C96DAB}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{49806A8E-DDC4-420C-8648-BD72195DD61D}" = lport=445 | protocol=6 | dir=in | app=system |
"{548E5FD3-83FE-4945-BF23-28511E19D736}" = lport=2869 | protocol=6 | dir=in | app=system |
"{67D6D12E-1F07-4066-BB4D-B79B6903D9A2}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{6E75DBDC-E818-4E54-8FF1-396CBBB78CE0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{72AE51E6-EB63-466C-938D-80615EF338C5}" = lport=139 | protocol=6 | dir=in | app=system |
"{783A9EC9-E124-4FBD-BA82-B27E1C5BFAB3}" = lport=138 | protocol=17 | dir=in | app=system |
"{8264BEE9-07F9-4A8E-BB8D-5860882296AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{877BF65B-2560-4A3B-8DFE-4173C27BD42D}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{8D21AA2B-F7D1-4B37-AC71-3CBC9E6F1948}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{93FFA07A-0693-4BB9-82B3-53EB3B4D89EA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A1C660C6-7BF9-46D0-9E84-BFC0444845B4}" = rport=138 | protocol=17 | dir=out | app=system |
"{C2DEEF4C-85D0-46C0-9D9C-5676DDB0AF5D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{D135881B-8085-4B8C-A2A8-5968B437869C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D97C2696-1B92-4691-BEA2-FCE76AC7D2BC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB8CCF49-C16A-44AF-95F0-25338142F04D}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{DE18021D-CD7C-4647-AE00-6374E88B1F65}" = rport=139 | protocol=6 | dir=out | app=system |
"{E043F76B-0A9B-4BBA-B2E0-85E7866316BB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E9E82B16-8A5E-4178-B27D-64B7F302D380}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{FB8FCDE0-97DD-416C-8069-062C42C55B65}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FB98EEB7-81DF-4A58-8CE7-CC4941732567}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034E448A-794B-48AD-AADC-B95F7C775DD3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{03C3F733-E8BD-47B6-9DEC-04F68B2EAA49}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{06968726-88F6-45FF-873E-5F2DBF7BE041}" = protocol=17 | dir=in | app=c:\users\dries\appdata\roaming\dropbox\bin\dropbox.exe |
"{07E58470-76CD-479D-A548-3C01FCF5BED2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1CD6DD3A-A772-40E8-910A-6D8BB86C5370}" = protocol=6 | dir=in | app=c:\users\dries\appdata\roaming\dropbox\bin\dropbox.exe |
"{21FD8FEE-F6B0-4420-BE68-ED0E036A4ACF}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{25A6A2E6-F2E3-41B4-855B-10495FE967BE}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{28B24392-87D3-4405-9944-00A28A424F4B}" = protocol=58 | dir=in | [email protected],-28545 |
"{2C8A22B6-CA45-442B-8D17-FF14BCCB1827}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{32C090BC-F569-4BDB-AED7-73045A781850}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{35C9FDC3-0835-4138-AADD-2F7682CF0E52}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{38C87AFD-8734-4B51-A105-A264C46E1277}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3CBEE7F9-F420-472D-9D28-898293C1D4AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40B461DF-A6E9-4D29-B768-EA26D41C0E93}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{41B99790-FD1F-4A77-A3A8-ABB8AA669F1F}" = protocol=1 | dir=out | [email protected],-28544 |
"{50FCC0DA-4898-422C-B67F-802EB2E50585}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5C8DD17E-EF83-4014-BF1B-0EDED7309AC4}" = protocol=58 | dir=out | [email protected],-28546 |
"{5D8E4D14-C7AD-4708-8689-CE30EAC23FDA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{670E60E4-07A9-4248-8058-E031C5A8C269}" = protocol=1 | dir=in | [email protected],-28543 |
"{6CFC34BC-90FF-4B31-A929-9D2E40C8D71F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{738FA01C-0885-4F96-80CA-91B0A1ECEE6D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7AF209E0-4AB1-4663-91CD-88ADD459BC6C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{8617DF2F-C8F8-4F4F-A1A9-5E26B5032DBE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A88CB2F-A878-4A90-85E3-A51B5269DDE9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{8A8B4FDB-53AE-40F0-8239-13E9B1D4C9A6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8CD1E81B-0EE3-405D-9D9A-0EDC930634D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9AEA3FFE-BE80-409D-BEB3-DE52308254C6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9D94083F-5C8C-4E8C-8D8C-F3A973FF19FF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A0F6061A-C8AE-4677-94D7-5E07667BA1B0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{A8962487-E6E9-4033-8A95-D8A549D44988}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{AA2A8A7B-12F2-4CC7-8081-DDC1E2DD6217}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{AB52A7EC-6104-4EEA-B454-EF8581BB5241}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{B48F1693-99EF-4C49-B3AC-076267616B4F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B8A98E62-1646-45B6-AA8F-AD93B9B1F687}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B8E2C17A-FF33-42A5-A9AA-ADD161373D04}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE9FE6E8-14ED-4A39-A21B-AA65A49841BD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{C0869367-5AD6-4CD7-B764-2152156AE52F}" = protocol=6 | dir=out | app=system |
"{C63382D5-9E69-4272-9D30-5244FFB34D04}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D25CDBC1-DA23-4DBF-A1F0-74F821461D7F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D6814572-AF0B-46F0-87B8-1C9902BF583B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DE922344-8B24-4920-89CC-FADD5747BB60}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{DF3532EA-5101-48A9-990C-0B47C8FF7539}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{DF9616FF-7613-4E56-834A-111B7C413649}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5ABE046-D2CF-4229-B24C-75B376D9654E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E807960C-0B0D-44B4-9830-C8BAB4CC49E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EB48C5CE-ECA7-4426-B732-2C8558465369}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FC071A0F-FC78-4BD7-B1D1-C497E0E91FBE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"TCP Query User{1ACCCA67-53C7-4F25-B087-DE9E14D3B3D6}D:\football manager 2012\fm.exe" = protocol=6 | dir=in | app=d:\football manager 2012\fm.exe |
"TCP Query User{1E06866C-2244-4A9B-BDC4-F5A0D6D0214F}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{688F1854-C3AE-4B7C-B4F0-8BDB30A17C0E}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{8F862D0B-15CE-43E0-9828-F8D38779524F}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{B65D4B68-BAFA-4261-A816-17F8C07008AE}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{1FC9F272-1C38-4AA2-8FFA-F90338D60FE5}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{27EB9CBA-2D34-413D-A7A5-232D4C8FF4CF}D:\football manager 2012\fm.exe" = protocol=17 | dir=in | app=d:\football manager 2012\fm.exe |
"UDP Query User{3B6653AF-F707-4EB2-AF50-7B767E552C31}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{7D4BF116-7349-4A18-8913-EEBC2A6099A2}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{8B636045-8293-4D68-9B61-32FFAC9922C5}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{824563DE-75AD-4166-9DC0-B6482F207196}" = Belgium e-ID middleware 4.0.3 (build 7196)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD68ABA-87EA-FE23-7634-C785548E86CE}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BFF4A9FB-75F3-4162-84CD-16CE48C19173}" = AVG 2012
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{F11053A9-C5E1-0218-918E-8B97A8DCF3EA}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3FE3642036A0F4AEC17772437CE14BB1E67006AA" = Windows Driver Package - Fedict SmartCard (10/04/2011 4.0.0.5)
"AVG" = AVG 2012
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpZ1379y" = Soft Data Fax Modem with SmartCP
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.10 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1AAB74C8-C3C0-6EA1-578A-D99FBCC92593}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2677DA18-FAA6-5276-8FA0-B8BE398527DE}" = CCC Help Spanish
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3C4A4067-740F-E540-6ABB-D292A243168F}" = CCC Help Czech
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{454C33DD-711E-84B3-562C-6639968AE59C}" = CCC Help Korean
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4649126F-45B6-47A2-B2A2-FB8FDB2FDE2E}" = Catalyst Control Center - Branding
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBE2C68-22D2-284E-542B-5EED25C5714E}" = Catalyst Control Center Graphics Full Existing
"{50E35D5A-7D82-0C87-CCEE-2B90283F2C12}" = CCC Help Hungarian
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{6176AA84-FC3C-58D2-F43C-49CF527A11BB}" = CCC Help Polish
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F1DBB43-9FF1-EAD8-7EDC-6B1983B13430}" = CCC Help Finnish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ADA2E10-A503-94D0-146F-B1BC3117291F}" = Catalyst Control Center Graphics Full New
"{88E1F7E7-53C8-9ED7-C19A-A90FF34DAD86}" = CCC Help Dutch
"{899CBECC-3E4A-0627-073E-4377EDD818C9}" = CCC Help English
"{8BB8F6E2-7E44-5BF0-5A41-6B19FBD6FB70}" = CCC Help Greek
"{8C466D66-4F20-53ED-943E-2D9FD8BC5BAE}" = CCC Help Italian
"{8FE38ED8-6EF4-C211-2B54-F7C76C664038}" = CCC Help Swedish
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISE_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0413-1000-0000000FF1CE}_ENTERPRISE_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_ENTERPRISE_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2007
"{90120000-00BA-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{928CFA15-E515-C46C-F5B3-A3BF5E816131}" = CCC Help Chinese Standard
"{98005379-0F12-AABF-E96B-BC5560F81CBD}" = Catalyst Control Center InstallProxy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FB6DFF3-2EBF-5C03-9AC0-7EA7FD55F3C9}" = CCC Help Danish
"{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Nederlands
"{AD5090BB-7A2E-50A2-527B-4C566E147E37}" = Catalyst Control Center Localization All
"{BA26527E-087D-6CF2-2309-588D6B2670DA}" = Catalyst Control Center Core Implementation
"{BF4F86BE-28C2-7BA3-62AC-ADC1BC58AB70}" = ccc-core-static
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{CE3E1547-3FB6-DA9E-3F78-961F1C05FF5A}" = CCC Help Portuguese
"{D40F8522-62A2-377B-537B-16D333136BDB}" = CCC Help Norwegian
"{DD2F4A5A-BC30-45BA-CDA7-425F296B8DC6}" = CCC Help Thai
"{DD6652DB-1A07-F949-D1BC-D0642E498457}" = CCC Help Japanese
"{DEAAD339-5F21-B487-2B36-0DC6385EEB8F}" = CCC Help Russian
"{E20523ED-866F-18BF-5E2C-F281DB5D7DA0}" = Catalyst Control Center Graphics Light
"{E87F08B2-996B-2973-8C10-7653440B4B3C}" = CCC Help French
"{E9C5FF7F-1F7D-C537-AFDD-74CFE15628D2}" = CCC Help Chinese Traditional
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE5637B6-B574-4F15-A32F-DC3D83345420}" = HP ESU for Microsoft Windows 7
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD6A8BA-B50C-4DE0-E732-6598BA5634C1}" = CCC Help Turkish
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"LastFM_is1" = Last.fm 2.1.18
"SopCast" = SopCast 3.4.8
"VLC media player" = VLC media player 1.1.11

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2986426266-951974222-827041030-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/06/2012 13:28:39 | Computer Name = Dries-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1747

Error - 12/06/2012 17:30:55 | Computer Name = Dries-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/06/2012 17:30:55 | Computer Name = Dries-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1887

Error - 12/06/2012 17:30:55 | Computer Name = Dries-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1887

Error - 12/06/2012 17:30:56 | Computer Name = Dries-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/06/2012 17:30:56 | Computer Name = Dries-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2886

Error - 12/06/2012 17:30:56 | Computer Name = Dries-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2886

Error - 12/06/2012 17:30:57 | Computer Name = Dries-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/06/2012 17:30:57 | Computer Name = Dries-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3884

Error - 12/06/2012 17:30:57 | Computer Name = Dries-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3884

[ OSession Events ]
Error - 26/05/2012 8:31:41 | Computer Name = Dries-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14673
seconds with 3960 seconds of active time. This session ended with a crash.

mtm · 13 jun 2012

Juisterr · 13 jun 2012

Start OTL

Plak het volgende onder Custom Scans/Fixes

:OTL
IE - HKU\S-1-5-21-2986426266-951974222-827041030-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2986426266-951974222-827041030-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112060&tt=060612_6_&babsrc= SP_ss&mntrId=8edeb5ac00000000000000218662d4b2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKU\S-1-5-21-2986426266-951974222-827041030-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112060&tt=060612_6_&babsrc= SP_ss&mntrId=8edeb5ac00000000000000218662d4b2
IE - HKU\S-1-5-21-2986426266-951974222-827041030-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search

[2012/06/08 23:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

ervices

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]

Klik om te vergroten...
Klik daarna bovenaan op de knop Run Fix
Laat het programma ongestoord zijn werk doen. De pc zal na afloop opnieuw opgestart worden.

mtm · 15 jun 2012

Ik krijg nog steeds deze foutmelding bij het opstarten en ook die Babylon Search blijft openen in een tabblad als ik chrome open.

Ik moet wel zeggen dat het laten lopen van die OTL niet echt gesmeerd liep. Eerst deed ie rustig zijn werk. Maar toen hij een restorepoint aan het maken was, leek het programma vast te hangen. Ik heb het ruim een halfuur laten lopen, maar er gebeurde niets en ook mijn computer gaf niet echt aan dat er activiteit was. Ik heb dan maar handmatig een restart gedaan.

Juisterr · 18 jun 2012

Download ComboFix van één van deze locaties:

Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

mtm · 22 jun 2012

ComboFix 12-06-21.03 - Dries 22/06/2012 16:57:15.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.4095.2855 [GMT 2:00]
Gestart vanuit: c:\users\Dries\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dries\AppData\Roaming\mIRC\logs\status.log
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-05-22 to 2012-06-22 ))))))))))))))))))))))))))))))
.
.
2012-06-22 15:02 . 2012-06-22 15:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-22 05:42 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 05:42 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 05:42 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 05:42 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 05:42 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 05:42 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 05:42 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 05:42 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 05:42 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-15 11:59 . 2012-06-15 11:59 -------- d-----w- C:\_OTL
2012-06-15 11:59 . 2012-06-15 11:58 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-15 11:58 . 2012-06-15 11:58 -------- d-----w- c:\program files (x86)\Java
2012-06-09 23:21 . 2012-05-14 23:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C02B8457-0A8E-473D-B40B-A3BFFC9D3A91}\mpengine.dll
2012-06-08 21:26 . 2012-06-08 21:26 388096 ----a-r- c:\users\Dries\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-08 21:26 . 2012-06-08 21:26 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-08 21:04 . 2012-06-08 21:04 -------- d-----w- c:\windows\system32\appmgmt
2012-06-08 21:02 . 2012-06-08 21:03 1531 ----a-w- C:\user.js
2012-06-08 21:02 . 2012-06-08 21:04 -------- d-----w- c:\program files (x86)\BrowserCompanion
2012-05-31 09:29 . 2012-05-31 09:29 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-30 21:05 . 2012-06-21 20:41 -------- d-----r- c:\users\Dries\Dropbox
2012-05-30 21:03 . 2012-06-11 16:34 -------- d-----w- c:\users\Dries\AppData\Roaming\Dropbox
2012-05-24 20:35 . 2012-06-06 16:13 -------- d-----w- C:\$AVG
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-15 11:58 . 2012-02-07 12:13 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-10 06:37 . 2012-04-11 08:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-10 06:37 . 2012-02-07 00:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 02:50 . 2012-04-19 02:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-03-31 06:05 . 2012-05-12 12:40 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-12 12:40 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-12 12:40 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-12 12:40 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-12 12:37 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-28 09:10 . 2012-03-28 09:10 113664 ----a-w- c:\windows\system32\beidpkcs11.dll
2012-03-28 09:10 . 2012-03-28 09:10 268288 ----a-w- c:\windows\system32\beid35cardlayer.dll
2012-03-28 09:10 . 2012-03-28 09:10 273408 ----a-w- c:\windows\system32\beid35DlgsWin32.dll
2012-03-28 09:09 . 2012-03-28 09:09 147456 ----a-w- c:\windows\system32\beid35common.dll
2012-03-28 09:05 . 2012-03-28 09:05 360448 ----a-w- c:\windows\SysWow64\beid35applayer.dll
2012-03-28 09:05 . 2012-03-28 09:05 98304 ----a-w- c:\windows\SysWow64\Belgium Identity Card PKCS11.dll
2012-03-28 09:05 . 2012-03-28 09:05 98304 ----a-w- c:\windows\SysWow64\beidpkcs11.dll
2012-03-28 09:05 . 2012-03-28 09:05 200704 ----a-w- c:\windows\SysWow64\beid35cardlayer.dll
2012-03-28 09:04 . 2012-03-28 09:04 266240 ----a-w- c:\windows\SysWow64\beid35DlgsWin32.dll
2012-03-28 09:04 . 2012-03-28 09:04 200704 ----a-w- c:\windows\SysWow64\eidlib.dll
2012-03-28 09:04 . 2012-03-28 09:04 200704 ----a-w- c:\windows\SysWow64\beidlib.dll
2012-03-28 09:04 . 2012-03-28 09:04 126976 ----a-w- c:\windows\SysWow64\beid35common.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-25_22.31.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-06-08 21:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-17 15:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-17 15:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-08 21:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-17 15:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-08 21:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-04 04:16 . 2012-06-22 09:45 31972 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-22 09:45 42028 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-31 02:46 . 2012-01-31 02:46 36944 c:\windows\system32\drivers\avgrkx64.sys
+ 2011-12-23 11:32 . 2011-12-23 11:32 47696 c:\windows\system32\drivers\avgmfx64.sys
+ 2011-12-23 11:32 . 2011-12-23 11:32 29776 c:\windows\system32\drivers\avgidsfiltera.sys
- 2012-02-03 19:21 . 2012-05-15 16:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-03 19:21 . 2012-06-17 07:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-06-17 07:27 . 2012-06-17 07:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-03 19:21 . 2012-05-15 16:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-17 07:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-15 16:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-02 13:19 . 2012-06-02 13:19 79232 c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
+ 2009-07-14 04:46 . 2012-06-22 09:46 87216 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-02-09 02:24 . 2012-06-11 21:32 9000 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-04-08 08:24 . 2012-06-11 15:53 1674 c:\windows\system32\wdi\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin
+ 2012-02-03 19:32 . 2012-06-22 09:45 9910 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2986426266-951974222-827041030-1001_UserData.bin
+ 2012-06-22 09:43 . 2012-06-22 09:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-25 06:06 . 2012-05-25 06:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-22 09:43 . 2012-06-22 09:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-25 06:06 . 2012-05-25 06:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-10 06:37 . 2012-06-10 06:37 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
+ 2012-06-10 06:37 . 2012-06-10 06:37 465096 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.dll
+ 2012-04-11 08:26 . 2012-06-10 06:37 257224 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-06-15 11:59 . 2012-06-15 11:58 157448 c:\windows\SysWOW64\javaws.exe
+ 2012-06-15 11:59 . 2012-06-15 11:58 149256 c:\windows\SysWOW64\javaw.exe
+ 2012-06-15 11:59 . 2012-06-15 11:58 149256 c:\windows\SysWOW64\java.exe
+ 2012-02-09 01:53 . 2012-06-11 15:53 252776 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2012-02-05 09:04 . 2012-06-21 14:43 265998 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2012-02-04 04:13 . 2012-05-25 09:29 704148 c:\windows\system32\perfh013.dat
+ 2012-02-04 04:13 . 2012-06-14 21:04 704148 c:\windows\system32\perfh013.dat
+ 2009-07-14 02:36 . 2012-06-14 21:04 620384 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-25 09:29 620384 c:\windows\system32\perfh009.dat
+ 2012-02-04 04:13 . 2012-06-14 21:04 135630 c:\windows\system32\perfc013.dat
- 2012-02-04 04:13 . 2012-05-25 09:29 135630 c:\windows\system32\perfc013.dat
+ 2009-07-14 02:36 . 2012-06-14 21:04 108566 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-25 09:29 108566 c:\windows\system32\perfc009.dat
- 2012-02-03 19:34 . 2012-01-26 23:52 279656 c:\windows\system32\MpSigStub.exe
+ 2012-02-03 19:34 . 2012-02-23 08:18 279656 c:\windows\system32\MpSigStub.exe
+ 2012-06-10 06:37 . 2012-06-10 06:37 417480 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.exe
+ 2012-06-10 06:37 . 2012-06-10 06:37 512200 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.dll
+ 2012-03-19 03:17 . 2012-03-19 03:17 383808 c:\windows\system32\drivers\avgtdia.sys
+ 2012-02-22 03:25 . 2012-02-22 03:25 289872 c:\windows\system32\drivers\avgldx64.sys
+ 2011-12-23 11:31 . 2011-12-23 11:31 124496 c:\windows\system32\drivers\avgidsdrivera.sys
- 2012-04-16 20:20 . 2012-04-16 20:20 229672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-04-16 20:20 . 2012-05-26 22:29 229672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-06-22 06:09 395156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-24 23:17 395156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:45 . 2012-06-22 09:46 6018455 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-05-14 12:49 6018455 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-02-04 17:42 . 2012-05-25 22:40 8593032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2986426266-951974222-827041030-1001-4096.dat
- 2012-02-04 17:42 . 2012-05-23 23:04 8593032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2986426266-951974222-827041030-1001-4096.dat
+ 2012-02-04 14:27 . 2012-06-06 22:26 1807596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2986426266-951974222-827041030-1001-12288.dat
+ 2012-06-12 06:52 . 2012-06-12 06:52 8449024 c:\windows\Installer\6e112.msi
+ 2012-06-08 21:25 . 2012-06-08 21:25 1402880 c:\windows\Installer\66f29.msi
+ 2012-06-19 15:27 . 2012-06-19 15:27 2871808 c:\windows\Installer\1fcfa57.msi
- 2009-07-14 02:34 . 2012-05-13 18:06 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-06-22 05:55 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-02-04 14:27 . 2012-06-21 22:35 12334898 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2986426266-951974222-827041030-1001-8192.dat
+ 2012-06-15 11:57 . 2012-06-15 11:57 12949504 c:\windows\Installer\a0464e.msi
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Dries\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Dries\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Dries\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-15 98304]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"Browser companion helper"="c:\program files (x86)\BrowserCompanion\BCHelper.exe" [2011-12-16 187696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\rismcx64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2986426266-951974222-827041030-1001Core.job
- c:\users\Dries\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:16]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2986426266-951974222-827041030-1001UA.job
- c:\users\Dries\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Dries\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Dries\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Dries\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Dries\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-06-22 17:05:03
ComboFix-quarantined-files.txt 2012-06-22 15:05
ComboFix2.txt 2012-05-25 22:33
.
Pre-Run: 20.376.776.704 bytes free
Post-Run: 20.490.108.928 bytes beschikbaar
.
- - End Of File - - 7279CAB3DCC5CD028FE1D7DB48CE219C

Jurgenv1 · 25 jun 2012

Ik neem even over voor Juisterr,

Kan je nog eens een nieuw hijackthis logje posten?

mtm · 27 jun 2012

Dag Jurgenv1, bedankt alvast!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:49:29, on 27/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\mIRC\mirc.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Last.fm\Last.fm.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dries\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 10049 bytes

Jurgenv1 · 28 jun 2012

Ik zie niet veel verkeerds, heb je nog steeds dezelfde problemen?

Archief - Laptop met rare kuren.

mtm

Legacy Member

Juisterr

Legacy Member

mtm

Legacy Member

Juisterr

Legacy Member

mtm

Legacy Member

Juisterr

Legacy Member

mtm

Legacy Member

Juisterr

Legacy Member

mtm

Legacy Member

mtm

Legacy Member

mtm

Legacy Member

mtm

Legacy Member

mtm

Legacy Member

Juisterr

Legacy Member

mtm

Legacy Member

Juisterr

Legacy Member

mtm

Legacy Member

Jurgenv1

Legacy Member

mtm

Legacy Member

Jurgenv1

Legacy Member