Jump to content

Win 7 services go 100 %


bartvdc

Recommended Posts

I'm having a laptop here that's going 100% for the first 30 till 45 minutes. It happens in all startup modes other than plain safe mode. It strikes when network services are available even in safe mode with network capabilities or a clean mode startup .

Installing service pack 1 fails, blocks each time on repairing a configuration fault.

Malware-bytes did not find anything nor does an avast scan.

Does anybody have an idea what could be wrong ?

Bart

dds output :

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Beheerder at 20:21:35 on 2012-12-14

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.3255.2229 [GMT 1:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.be/

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: NameServer = 195.130.131.2 195.130.130.130

TCP: Interfaces\{7996F94A-C7CB-4355-8D71-F41DA1F0445B} : DHCPNameServer = 195.130.131.2 195.130.130.130

TCP: Interfaces\{7996F94A-C7CB-4355-8D71-F41DA1F0445B}\75962756C6563737 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{7996F94A-C7CB-4355-8D71-F41DA1F0445B}\779666961383 : DHCPNameServer = 195.130.130.129 195.130.131.129

Filter: AutorunsDisabled - <Clsid value has no data>

Handler: AutorunsDisabled - <Clsid value has no data>

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 nvpciflt;nvpciflt;c:\windows\system32\drivers\nvpciflt.sys [2012-12-6 24936]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-8 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-12-8 361032]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-12-8 21256]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-12-8 58680]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-12-8 44808]

R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]

R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]

R3 fspad_wlh32;Finger-sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\drivers\fspad_wlh32.sys [2012-12-2 41984]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-1-13 209920]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2012-12-2 65576]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-1 1006624]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-12-2 193056]

S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-3 1343400]

S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]

S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-1-13 13336]

S4 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000]

S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824]

S4 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-1-13 2320920]

.

=============== File Associations ===============

.

FileExt: .reg: Applications\notepad.exe=c:\windows\system32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2012-12-13 12:11:52 -------- d-----w- C:\57c3bf679f81c8dde132e467f69ecd54

2012-12-11 21:32:22 -------- d-sh--w- C:\$RECYCLE.BIN

2012-12-11 21:32:21 -------- d-----w- c:\users\beheerder\appdata\local\temp

2012-12-11 21:20:49 98816 ----a-w- c:\windows\sed.exe

2012-12-11 21:20:49 256000 ----a-w- c:\windows\PEV.exe

2012-12-11 21:20:49 208896 ----a-w- c:\windows\MBR.exe

2012-12-08 14:49:56 -------- d-----w- C:\f62b874f182daa1a94eb8a304bd10c

2012-12-08 13:51:50 -------- d-----w- c:\users\beheerder\appdata\local\SlimWare Utilities Inc

2012-12-08 13:51:44 -------- d-----w- c:\program files\SlimCleaner

2012-12-08 12:24:51 -------- d-----w- c:\users\beheerder\appdata\local\WinZip

2012-12-08 09:30:01 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-12-08 09:30:00 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-12-08 09:29:57 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-12-08 09:29:37 41224 ----a-w- c:\windows\avastSS.scr

2012-12-08 09:29:21 -------- d-----w- c:\programdata\AVAST Software

2012-12-08 09:29:21 -------- d-----w- c:\program files\AVAST Software

2012-12-08 09:20:26 -------- d-----w- c:\users\beheerder\appdata\local\Apple

2012-12-07 17:21:31 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-06 19:55:15 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll

2012-12-06 19:55:15 7697768 ----a-w- c:\windows\system32\nvcuda.dll

2012-12-06 19:55:15 6127464 ----a-w- c:\windows\system32\nvopencl.dll

2012-12-06 19:55:15 2574696 ----a-w- c:\windows\system32\nvcuvid.dll

2012-12-06 19:55:15 24936 ----a-w- c:\windows\system32\drivers\nvpciflt.sys

2012-12-06 19:55:15 19906920 ----a-w- c:\windows\system32\nvoglv32.dll

2012-12-06 19:55:15 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-12-06 19:55:15 17559912 ----a-w- c:\windows\system32\nvcompiler.dll

2012-12-06 19:55:15 15309160 ----a-w- c:\windows\system32\nvd3dum.dll

2012-12-06 19:55:15 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll

2012-12-06 19:55:15 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-12-06 19:55:15 1009512 ----a-w- c:\windows\system32\nvdispco32.dll

2012-12-04 18:42:41 -------- d-----w- C:\dcf88091bc306eb4ad9bcb722c

2012-12-03 20:03:49 -------- d-----w- C:\1549e5cccf859577d218f9698d63

2012-12-02 20:30:34 -------- d-----w- c:\program files\FSP

2012-12-02 20:30:01 41984 ----a-w- c:\windows\system32\drivers\fspad_wlh32.sys

2012-12-02 20:29:59 57344 ----a-w- c:\windows\system32\fspadco.dll

2012-12-02 20:15:06 120104 ----a-w- c:\windows\system32\SynTPCo4.dll

2012-12-02 19:58:39 831488 ------r- c:\windows\RtlExUpd.dll

2012-12-02 19:58:35 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe

2012-12-02 18:16:47 65576 ----a-w- c:\windows\system32\drivers\L1C62x86.sys

2012-12-02 18:13:59 313888 ----a-w- c:\windows\system32\RtsUStor.dll

2012-12-02 18:13:57 193056 ----a-r- c:\windows\system32\drivers\RtsUStor.sys

2012-12-02 18:13:56 9112096 ----a-w- c:\windows\system32\RtsUStoricon.dll

2012-12-02 17:40:18 -------- d-----w- c:\users\beheerder\appdata\roaming\Intel Corporation

2012-12-02 17:28:13 435736 ----a-w- c:\windows\system32\drivers\iaStor.sys

2012-12-02 17:15:22 -------- d-----w- C:\MedionUpgrade

2012-12-01 08:52:52 -------- d-----w- C:\9f0675b061e8be6fc823a3769b021e04

2012-12-01 08:51:24 -------- d-----w- c:\users\beheerder\appdata\local\ElevatedDiagnostics

2012-12-01 08:32:36 -------- d-----w- c:\users\beheerder\appdata\local\Diagnostics

2012-11-30 18:21:57 -------- d-----w- c:\windows\system32\SPReview

2012-11-30 16:35:13 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-28 21:39:18 -------- d-----w- c:\users\beheerder\appdata\roaming\Malwarebytes

2012-11-28 21:39:09 -------- d-----w- c:\programdata\Malwarebytes

2012-11-28 21:39:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-27 21:54:43 -------- d-----w- C:\765df097dedfdd798d615313d7b2bd

2012-11-27 20:49:21 -------- d-----w- c:\users\beheerder\appdata\roaming\TuneUp Software

2012-11-27 20:04:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-11-27 20:04:35 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-11-27 18:35:15 -------- d-----w- c:\users\beheerder\appdata\local\Scansoft

2012-11-27 18:34:59 -------- d-----w- c:\users\beheerder\appdata\local\Apple Computer

2012-11-27 18:34:57 -------- d-----w- c:\users\beheerder\appdata\local\Power2Go

.

==================== Find3M ====================

.

2012-12-07 17:31:08 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-30 19:38:24 152064 ----a-w- c:\windows\system32\msclmd.dll

2012-10-02 22:20:00 831848 ----a-w- c:\windows\system32\nvumdshim.dll

2012-10-02 22:20:00 2428776 ----a-w- c:\windows\system32\nvapi.dll

2012-10-02 22:20:00 202600 ----a-w- c:\windows\system32\nvinit.dll

2012-10-02 19:29:42 645992 ----a-w- c:\windows\system32\nvvsvc.exe

2012-10-02 19:29:41 726376 ----a-w- c:\windows\system32\nv3dappshext.dll

2012-10-02 19:29:41 62312 ----a-w- c:\windows\system32\nvshext.dll

2012-10-02 19:29:41 54632 ----a-w- c:\windows\system32\nv3dappshextr.dll

2012-10-02 19:29:41 2557288 ----a-w- c:\windows\system32\nvsvcr.dll

2012-10-02 19:29:41 108392 ----a-w- c:\windows\system32\nvmctray.dll

2012-10-02 19:29:23 3536817 ----a-w- c:\windows\system32\nvcoproc.bin

2012-10-02 19:29:22 2853224 ----a-w- c:\windows\system32\nvsvc.dll

2012-10-02 19:28:53 3965288 ----a-w- c:\windows\system32\nvcpl.dll

2012-10-02 12:15:52 430952 ----a-w- c:\windows\system32\nvStreaming.exe

2011-01-20 07:44:36 2997760 ----a-w- c:\program files\openofficeorg33.msi

.

============= FINISH: 20:22:24,15 ===============

attach.txt

Link to post
Share on other sites

:welcome: I am the TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

=====

Also, please download Malwarebytes Anti-Rootkit here.

  • Unzip the contents to a folder on the Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Please post the two logs produced.

Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.

=====

In your reply please post the contents of the following logs:

  • ComboFix.txt.
  • Both MBAR logs.

How is the computer running?

Link to post
Share on other sites

OK, here they are :

ComboFix 12-12-14.01 - Beheerder 15/12/2012 11:23:16.2.4 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.3255.2213 [GMT 1:00]

Gestart vanuit: c:\users\Beheerder\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-11-15 to 2012-12-15 ))))))))))))))))))))))))))))))

.

.

2012-12-15 10:32 . 2012-12-15 10:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-12-15 10:32 . 2012-12-15 10:32 -------- d-----w- c:\users\Karin\AppData\Local\temp

2012-12-15 10:32 . 2012-12-15 10:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-13 12:11 . 2012-12-13 14:37 -------- d-----w- C:\57c3bf679f81c8dde132e467f69ecd54

2012-12-10 20:29 . 2012-12-13 14:37 -------- d-----w- c:\users\Gebruiker

2012-12-08 14:49 . 2012-12-08 17:14 -------- d-----w- C:\f62b874f182daa1a94eb8a304bd10c

2012-12-08 13:51 . 2012-12-08 13:52 -------- d-----w- c:\program files\SlimCleaner

2012-12-08 09:30 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-12-08 09:30 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-12-08 09:30 . 2012-10-15 16:59 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-12-08 09:30 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-12-08 09:30 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-12-08 09:29 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-12-08 09:29 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr

2012-12-08 09:29 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-12-08 09:29 . 2012-12-08 09:29 -------- d-----w- c:\program files\AVAST Software

2012-12-07 17:21 . 2012-12-07 17:31 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-06 19:55 . 2012-10-02 22:20 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll

2012-12-06 19:55 . 2012-10-02 22:20 7697768 ----a-w- c:\windows\system32\nvcuda.dll

2012-12-06 19:55 . 2012-10-02 22:20 6127464 ----a-w- c:\windows\system32\nvopencl.dll

2012-12-06 19:55 . 2012-10-02 22:20 2574696 ----a-w- c:\windows\system32\nvcuvid.dll

2012-12-06 19:55 . 2012-10-02 22:20 24936 ----a-w- c:\windows\system32\drivers\nvpciflt.sys

2012-12-06 19:55 . 2012-10-02 22:20 19906920 ----a-w- c:\windows\system32\nvoglv32.dll

2012-12-06 19:55 . 2012-10-02 22:20 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-12-06 19:55 . 2012-10-02 22:20 17559912 ----a-w- c:\windows\system32\nvcompiler.dll

2012-12-06 19:55 . 2012-10-02 22:20 15309160 ----a-w- c:\windows\system32\nvd3dum.dll

2012-12-06 19:55 . 2012-10-02 22:20 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll

2012-12-06 19:55 . 2012-10-02 22:20 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-12-06 19:55 . 2012-10-02 22:20 1009512 ----a-w- c:\windows\system32\nvdispco32.dll

2012-12-04 18:42 . 2012-12-06 18:02 -------- d-----w- C:\dcf88091bc306eb4ad9bcb722c

2012-12-03 20:03 . 2012-12-03 21:57 -------- d-----w- C:\1549e5cccf859577d218f9698d63

2012-12-02 20:30 . 2012-12-02 20:30 -------- d-----w- c:\program files\FSP

2012-12-02 20:30 . 2009-06-17 16:17 41984 ----a-w- c:\windows\system32\drivers\fspad_wlh32.sys

2012-12-02 20:29 . 2009-06-08 14:30 57344 ----a-w- c:\windows\system32\fspadco.dll

2012-12-02 20:15 . 2010-01-19 14:50 120104 ----a-w- c:\windows\system32\SynTPCo4.dll

2012-12-02 19:58 . 2009-06-24 09:43 831488 ------r- c:\windows\RtlExUpd.dll

2012-12-02 19:58 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2012-12-02 18:16 . 2010-01-19 14:50 65576 ----a-w- c:\windows\system32\drivers\L1C62x86.sys

2012-12-02 18:13 . 2010-12-20 14:30 313888 ----a-w- c:\windows\system32\RtsUStor.dll

2012-12-02 18:13 . 2010-12-20 14:30 193056 ----a-r- c:\windows\system32\drivers\RtsUStor.sys

2012-12-02 18:13 . 2010-12-20 14:30 9112096 ----a-w- c:\windows\system32\RtsUStoricon.dll

2012-12-02 17:28 . 2010-03-03 18:33 435736 ----a-w- c:\windows\system32\drivers\iaStor.sys

2012-12-02 17:15 . 2012-12-04 18:40 -------- d-----w- C:\MedionUpgrade

2012-12-01 08:52 . 2012-12-02 14:54 -------- d-----w- C:\9f0675b061e8be6fc823a3769b021e04

2012-11-30 18:21 . 2012-12-13 14:37 -------- d-----w- c:\windows\system32\SPReview

2012-11-30 16:35 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-28 21:39 . 2012-11-30 16:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-27 21:54 . 2012-11-30 11:53 -------- d-----w- C:\765df097dedfdd798d615313d7b2bd

2012-11-27 20:04 . 2012-12-07 17:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-11-27 18:33 . 2012-12-13 14:43 -------- d-----w- c:\users\Beheerder

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-07 17:31 . 2011-09-20 11:38 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-30 19:38 . 2009-07-14 02:05 152064 ----a-w- c:\windows\system32\msclmd.dll

2012-10-02 22:20 . 2011-06-26 08:11 831848 ----a-w- c:\windows\system32\nvumdshim.dll

2012-10-02 22:20 . 2010-01-19 12:48 202600 ----a-w- c:\windows\system32\nvinit.dll

2012-10-02 22:20 . 2010-01-19 12:48 2428776 ----a-w- c:\windows\system32\nvapi.dll

2012-10-02 19:29 . 2010-01-14 23:18 645992 ----a-w- c:\windows\system32\nvvsvc.exe

2012-10-02 19:29 . 2010-01-14 23:18 726376 ----a-w- c:\windows\system32\nv3dappshext.dll

2012-10-02 19:29 . 2010-01-14 23:18 62312 ----a-w- c:\windows\system32\nvshext.dll

2012-10-02 19:29 . 2010-01-14 23:18 54632 ----a-w- c:\windows\system32\nv3dappshextr.dll

2012-10-02 19:29 . 2010-01-14 23:18 2557288 ----a-w- c:\windows\system32\nvsvcr.dll

2012-10-02 19:29 . 2010-01-14 23:18 108392 ----a-w- c:\windows\system32\nvmctray.dll

2012-10-02 19:29 . 2010-01-14 23:18 2853224 ----a-w- c:\windows\system32\nvsvc.dll

2012-10-02 19:28 . 2010-01-14 23:18 3965288 ----a-w- c:\windows\system32\nvcpl.dll

2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\system32\nvStreaming.exe

2011-01-20 07:44 . 2011-01-20 07:44 2997760 ----a-w- c:\program files\openofficeorg33.msi

2012-10-27 12:42 . 2011-05-02 11:32 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKLM\~\startupfolder\C:^Users^Karin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk]

path=c:\users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk

backup=c:\windows\pss\OneNote 2010 Schermopname en Snel starten.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2011-04-20 10:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]

2011-07-06 10:03 2068480 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]

2009-11-02 20:21 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fspuip]

2009-06-19 13:25 765952 ----a-w- c:\program files\FSP\FspUip.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2011-02-11 17:26 171032 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]

2010-03-03 19:16 284696 ----a-w- c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2011-02-11 17:26 137752 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-07-19 16:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]

2007-02-04 11:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]

2009-04-27 23:50 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2011-02-11 17:26 172568 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 15:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2009-07-20 18:21 7625248 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2009-12-10 18:22 1594664 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2009-05-20 04:16 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirror Tray icon]

2010-02-10 00:55 171104 ------w- c:\program files\CyberLink\YouCam\YouCamTray.exe

.

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 XDva399;XDva399;c:\windows\system32\XDva399.sys [x]

R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]

S3 fspad_wlh32;Finger-sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-07 17:31]

.

2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-12 12:59]

.

2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-12 12:59]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

IE: &Verzenden naar OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4

TCP: DhcpNameServer = 195.130.131.2 195.130.130.130

FF - ProfilePath -

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conhost.exe

.

**************************************************************************

.

Voltooingstijd: 2012-12-15 12:07:10 - machine werd herstart

ComboFix-quarantined-files.txt 2012-12-15 11:07

ComboFix2.txt 2012-12-11 21:32

.

Pre-Run: 388.857.667.584 bytes beschikbaar

Post-Run: 388.836.241.408 bytes beschikbaar

.

- - End Of File - - CBC1FEDE3AA2348760B38387DA256555

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_29

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.260000 GHz

Memory total: 3412627456, free: 2368651264

------------ Kernel report ------------

12/15/2012 13:46:50

------------ Loaded modules -----------

\SystemRoot\system32\ntkrnlpa.exe

\SystemRoot\system32\halmacpi.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\system32\DRIVERS\nvpciflt.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\System32\Drivers\aswSnx.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\Drivers\aswTdi.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\Drivers\aswrdr2.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\System32\Drivers\aswSP.SYS

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\Drivers\nvBridge.kmd

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\igdkmd32.sys

\SystemRoot\system32\DRIVERS\HECI.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\L1C62x86.sys

\SystemRoot\system32\DRIVERS\rtl8192se.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\drivers\kbdclass.sys

\SystemRoot\system32\DRIVERS\fspad_wlh32.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHDA.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\LVUSBSta.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\drivers\hidusb.sys

\SystemRoot\system32\drivers\HIDCLASS.SYS

\SystemRoot\system32\drivers\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\aswMonFlt.sys

\SystemRoot\System32\Drivers\aswFsBlk.SYS

\SystemRoot\system32\DRIVERS\Sftvollh.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\system32\DRIVERS\Sftfslh.sys

\SystemRoot\system32\DRIVERS\Sftplaylh.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\system32\DRIVERS\Sftredirlh.sys

\SystemRoot\System32\DRIVERS\srv.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\nsi.dll

\Windows\System32\Wldap32.dll

\Windows\System32\normaliz.dll

\Windows\System32\kernel32.dll

\Windows\System32\advapi32.dll

\Windows\System32\iertutil.dll

\Windows\System32\difxapi.dll

\Windows\System32\lpk.dll

\Windows\System32\ws2_32.dll

\Windows\System32\wininet.dll

\Windows\System32\comdlg32.dll

\Windows\System32\shell32.dll

\Windows\System32\imagehlp.dll

\Windows\System32\psapi.dll

\Windows\System32\usp10.dll

\Windows\System32\oleaut32.dll

\Windows\System32\urlmon.dll

\Windows\System32\ole32.dll

\Windows\System32\msctf.dll

\Windows\System32\shlwapi.dll

\Windows\System32\sechost.dll

\Windows\System32\setupapi.dll

\Windows\System32\msvcrt.dll

\Windows\System32\imm32.dll

\Windows\System32\user32.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\clbcatq.dll

\Windows\System32\gdi32.dll

\Windows\System32\devobj.dll

\Windows\System32\KernelBase.dll

\Windows\System32\wintrust.dll

\Windows\System32\comctl32.dll

\Windows\System32\crypt32.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\msasn1.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8a41d460

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xffffffff88877028

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

DriverEntry returned 0x0

Function returned 0x0

Downloaded database version: v2012.12.15.04

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8a41d460, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a41e020, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff8a41d460, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff88877028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Upper DeviceData: 0xffffffffd4ea74a8, 0xffffffff8a41d460, 0xffffffff8a42d848

Lower DeviceData: 0xffffffff9314af90, 0xffffffff88877028, 0xffffffff8b230210

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 3941EACB

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 206848 Numsec = 890576896

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 890783744 Numsec = 83886080

Partition 3 type is Other (0x12)

Partition is NOT ACTIVE.

Partition starts at LBA: 974669824 Numsec = 2101248

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_29

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.260000 GHz

Memory total: 3412627456, free: 2652561408

Malwarebytes Anti-Rootkit 1.01.0.1011

www.malwarebytes.org

Database version: v2012.12.15.04

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

Beheerder :: VDH-PC [administrator]

15/12/2012 14:02:02

mbar-log-2012-12-15 (14-02-02).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 30413

Time elapsed: 14 minute(s), 49 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Good morning bartvdc,

Your logs seem fine.

Please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

Indeed good morning and thanks for the help .

Here's the first one:

OTL logfile created on: 16/12/2012 7:34:33 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Beheerder\Desktop

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

3,18 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 71,12% Memory free

6,35 Gb Paging File | 5,25 Gb Available in Paging File | 82,59% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 424,66 Gb Total Space | 362,03 Gb Free Space | 85,25% Space Free | Partition Type: NTFS

Drive D: | 40,00 Gb Total Space | 29,18 Gb Free Space | 72,94% Space Free | Partition Type: NTFS

Computer Name: VDH-PC | User Name: Beheerder | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/16 07:32:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Beheerder\Desktop\OTL.exe

PRC - [2012/10/30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/07/14 02:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE

PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - [2012/12/07 18:31:09 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/10/02 23:20:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2010/06/03 18:25:07 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2009/12/10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2009/12/10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/06/05 20:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

SRV - [2007/04/13 07:49:00 | 000,101,528 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva399.sys -- (XDva399)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbccid.sys -- (USBCCID)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\BEHEER~1\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2012/10/30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/10/30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/10/30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/10/30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2012/10/30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/10/15 17:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)

DRV - [2012/10/02 23:20:00 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2012/10/02 23:20:00 | 000,024,936 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt)

DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)

DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)

DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)

DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/12/20 15:31:02 | 001,006,624 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)

DRV - [2010/12/20 15:30:54 | 000,193,056 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2010/01/19 15:50:48 | 000,065,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)

DRV - [2009/11/27 05:13:42 | 000,209,920 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)

DRV - [2009/09/18 04:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)

DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/06/17 17:17:28 | 000,041,984 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)

DRV - [2007/10/12 01:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2007/10/12 00:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

IE - HKCU\..\SearchScopes,DefaultScope = {1D0BB6A9-065E-4798-BDB5-E63F35BF3C74}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{1D0BB6A9-065E-4798-BDB5-E63F35BF3C74}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\belgiumeid@eid.belgium.be: C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2011/08/03 18:26:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/30 12:53:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/12/08 10:29:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 13:43:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/27 13:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/11/03 11:27:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/10/27 13:43:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2011/08/03 18:26:49 | 000,000,000 | ---D | M] (eID België) -- C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

[2011/09/07 15:14:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\plugins

[2012/10/27 13:42:55 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/10/27 13:42:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/10/27 13:42:48 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml

[2012/10/27 13:42:48 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml

[2012/10/27 13:42:48 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

O1 HOSTS File: ([2012/12/15 11:40:54 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Verzenden naar OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 File not found

O9 - Extra 'Tools' menuitem : eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 File not found

O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.131.2 195.130.130.130

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7996F94A-C7CB-4355-8D71-F41DA1F0445B}: DhcpNameServer = 195.130.131.2 195.130.130.130

O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found

O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.dvsd - pdvcodec.dll File not found

Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)

Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/12/16 07:32:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Beheerder\Desktop\OTL.exe

[2012/12/15 11:41:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/12/15 11:32:16 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/12/15 11:21:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/12/15 11:21:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/12/15 11:21:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/12/15 11:21:16 | 000,000,000 | ---D | C] -- C:\ComboFix

[2012/12/15 11:21:13 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/12/15 11:20:38 | 005,010,912 | R--- | C] (Swearware) -- C:\Users\Beheerder\Desktop\ComboFix.exe

[2012/12/15 11:03:18 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\AppData\Local\Adobe

[2012/12/13 13:11:52 | 000,000,000 | ---D | C] -- C:\57c3bf679f81c8dde132e467f69ecd54

[2012/12/11 22:32:21 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\AppData\Local\temp

[2012/12/11 22:19:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/12/08 15:49:56 | 000,000,000 | ---D | C] -- C:\f62b874f182daa1a94eb8a304bd10c

[2012/12/08 14:51:50 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\AppData\Local\SlimWare Utilities Inc

[2012/12/08 14:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner

[2012/12/08 14:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\SlimCleaner

[2012/12/08 14:51:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers

[2012/12/08 13:24:51 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\AppData\Local\WinZip

[2012/12/08 10:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2012/12/08 10:30:04 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2012/12/08 10:30:04 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2012/12/08 10:30:01 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys

[2012/12/08 10:30:00 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2012/12/08 10:30:00 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2012/12/08 10:29:57 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2012/12/08 10:29:37 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2012/12/08 10:29:37 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2012/12/08 10:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2012/12/08 10:29:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012/12/08 10:20:26 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\AppData\Local\Apple

[2012/12/07 18:21:31 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/12/07 18:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

[2012/12/06 20:55:15 | 019,906,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll

[2012/12/06 20:55:15 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll

[2012/12/06 20:55:15 | 015,309,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll

[2012/12/06 20:55:15 | 012,501,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll

[2012/12/06 20:55:15 | 010,837,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys

[2012/12/06 20:55:15 | 007,697,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll

[2012/12/06 20:55:15 | 006,127,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll

[2012/12/06 20:55:15 | 002,574,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll

[2012/12/06 20:55:15 | 001,867,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll

[2012/12/06 20:55:15 | 001,009,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll

[2012/12/06 20:55:15 | 000,888,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco32.dll

[2012/12/06 20:55:15 | 000,024,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvpciflt.sys

[2012/12/04 19:42:41 | 000,000,000 | ---D | C] -- C:\dcf88091bc306eb4ad9bcb722c

[2012/12/03 21:03:49 | 000,000,000 | ---D | C] -- C:\1549e5cccf859577d218f9698d63

[2012/12/02 21:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\FSP

[2012/12/02 21:30:01 | 000,041,984 | ---- | C] (Sentelic Corporation) -- C:\Windows\System32\drivers\fspad_wlh32.sys

[2012/12/02 21:29:59 | 000,057,344 | ---- | C] (Sentelic Corporation) -- C:\Windows\System32\fspadco.dll

[2012/12/02 20:59:35 | 001,784,352 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll

[2012/12/02 20:59:35 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll

[2012/12/02 20:59:34 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll

[2012/12/02 20:59:34 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll

[2012/12/02 20:59:34 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll

[2012/12/02 20:59:32 | 001,226,272 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll

[2012/12/02 20:59:32 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl

[2012/12/02 20:59:31 | 000,326,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll

[2012/12/02 20:59:31 | 000,052,256 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll

[2012/12/02 20:59:30 | 002,898,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll

[2012/12/02 20:59:28 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll

[2012/12/02 20:59:28 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll

[2012/12/02 20:59:28 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll

[2012/12/02 20:59:27 | 000,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll

[2012/12/02 20:59:27 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll

[2012/12/02 20:59:26 | 000,160,256 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll

[2012/12/02 20:59:25 | 000,142,848 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll

[2012/12/02 20:59:25 | 000,125,952 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll

[2012/12/02 20:58:39 | 000,831,488 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll

[2012/12/02 19:16:47 | 000,065,576 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\L1C62x86.sys

[2012/12/02 19:13:59 | 000,313,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtsUStor.dll

[2012/12/02 19:13:57 | 000,193,056 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RtsUStor.sys

[2012/12/02 19:13:56 | 009,112,096 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtsUStoricon.dll

[2012/12/02 18:40:18 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\AppData\Roaming\Intel Corporation

[2012/12/02 18:28:11 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\AppData\Roaming\InstallShield

[2012/12/02 18:15:22 | 000,000,000 | ---D | C] -- C:\MedionUpgrade

[2012/12/01 09:52:52 | 000,000,000 | ---D | C] -- C:\9f0675b061e8be6fc823a3769b021e04

[2012/12/01 09:51:24 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\AppData\Local\ElevatedDiagnostics

[2012/12/01 09:51:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2012/12/01 09:32:36 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\AppData\Local\Diagnostics

[2012/11/30 19:21:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview

[2012/11/30 18:57:00 | 563,934,504 | ---- | C] (Microsoft Corporation) -- C:\Users\Beheerder\Desktop\windows6.1-KB976932-X86.exe

[2012/11/30 17:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/30 17:35:13 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/11/28 22:39:18 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\AppData\Roaming\Malwarebytes

[2012/11/28 22:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/11/28 22:39:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/11/27 22:54:43 | 000,000,000 | ---D | C] -- C:\765df097dedfdd798d615313d7b2bd

[2012/11/27 21:53:17 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2012/11/27 21:49:21 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\AppData\Roaming\TuneUp Software

[2012/11/27 21:38:41 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\AppData\Roaming\Adobe

[2012/11/27 21:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012/11/27 21:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/11/27 21:04:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2012/11/27 20:29:38 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\Desktop\Help

[2012/11/27 19:35:18 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\AppData\Roaming\Apple Computer

[2012/11/27 19:35:15 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\AppData\Local\Scansoft

[2012/11/27 19:35:01 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam

[2012/11/27 19:34:59 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\AppData\Local\Apple Computer

[2012/11/27 19:34:57 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\AppData\Local\Power2Go

[2012/11/27 19:34:19 | 000,000,000 | R--D | C] -- C:\Users\Beheerder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2012/11/27 19:34:19 | 000,000,000 | R--D | C] -- C:\Users\Beheerder\Searches

[2012/11/27 19:34:19 | 000,000,000 | R--D | C] -- C:\Users\Beheerder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2012/11/27 19:34:18 | 000,000,000 | -H-D | C] -- C:\Users\Beheerder\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2012/11/27 19:33:53 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\AppData\Roaming\Identities

[2012/11/27 19:33:38 | 000,000,000 | R--D | C] -- C:\Users\Beheerder\Contacts

[2012/11/27 19:33:25 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\AppData\Local\VirtualStore

[2012/11/27 19:33:20 | 000,000,000 | -HSD | C] -- C:\Users\Beheerder\AppData\Local\Temporary Internet Files

[2012/11/27 19:33:20 | 000,000,000 | -HSD | C] -- C:\Users\Beheerder\Sjablonen

[2012/11/27 19:33:20 | 000,000,000 | -HSD | C] -- C:\Users\Beheerder\Local Settings

[2012/11/27 19:33:20 | 000,000,000 | -HSD | C] -- C:\Users\Beheerder\AppData\Local\Geschiedenis

[2012/11/27 19:33:20 | 000,000,000 | -HSD | C] -- C:\Users\Beheerder\AppData\Local\Application Data

[2012/11/27 19:33:19 | 000,000,000 | -HSD | C] -- C:\Users\Beheerder\SendTo

[2012/11/27 19:33:19 | 000,000,000 | -HSD | C] -- C:\Users\Beheerder\Recent

[2012/11/27 19:33:19 | 000,000,000 | -HSD | C] -- C:\Users\Beheerder\Netwerkprinteromgeving

[2012/11/27 19:33:19 | 000,000,000 | -HSD | C] -- C:\Users\Beheerder\NetHood

[2012/11/27 19:33:19 | 000,000,000 | -HSD | C] -- C:\Users\Beheerder\Documents\Mijn video's

[2012/11/27 19:33:19 | 000,000,000 | -HSD | C] -- C:\Users\Beheerder\Documents\Mijn muziek

[2012/11/27 19:33:19 | 000,000,000 | -HSD | C] -- C:\Users\Beheerder\Mijn documenten

[2012/11/27 19:33:19 | 000,000,000 | -HSD | C] -- C:\Users\Beheerder\Documents\Mijn afbeeldingen

[2012/11/27 19:33:19 | 000,000,000 | -HSD | C] -- C:\Users\Beheerder\Menu Start

[2012/11/27 19:33:19 | 000,000,000 | -HSD | C] -- C:\Users\Beheerder\Cookies

[2012/11/27 19:33:19 | 000,000,000 | -HSD | C] -- C:\Users\Beheerder\Application Data

[2012/11/27 19:33:12 | 000,000,000 | --SD | C] -- C:\Users\Beheerder\AppData\Roaming\Microsoft

[2012/11/27 19:33:12 | 000,000,000 | R--D | C] -- C:\Users\Beheerder\Videos

[2012/11/27 19:33:12 | 000,000,000 | R--D | C] -- C:\Users\Beheerder\Saved Games

[2012/11/27 19:33:12 | 000,000,000 | R--D | C] -- C:\Users\Beheerder\Pictures

[2012/11/27 19:33:12 | 000,000,000 | R--D | C] -- C:\Users\Beheerder\Music

[2012/11/27 19:33:12 | 000,000,000 | R--D | C] -- C:\Users\Beheerder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2012/11/27 19:33:12 | 000,000,000 | R--D | C] -- C:\Users\Beheerder\Links

[2012/11/27 19:33:12 | 000,000,000 | R--D | C] -- C:\Users\Beheerder\Favorites

[2012/11/27 19:33:12 | 000,000,000 | R--D | C] -- C:\Users\Beheerder\Downloads

[2012/11/27 19:33:12 | 000,000,000 | R--D | C] -- C:\Users\Beheerder\Documents

[2012/11/27 19:33:12 | 000,000,000 | R--D | C] -- C:\Users\Beheerder\Desktop

[2012/11/27 19:33:12 | 000,000,000 | R--D | C] -- C:\Users\Beheerder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2012/11/27 19:33:12 | 000,000,000 | -H-D | C] -- C:\Users\Beheerder\AppData

[2012/11/27 19:33:12 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\AppData\Local\Microsoft Help

[2012/11/27 19:33:12 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\AppData\Local\Microsoft

[2012/11/27 19:33:12 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\AppData\Roaming\Media Center Programs

[2012/11/27 19:33:12 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\AppData\Roaming\Macromedia

[2012/11/27 19:33:12 | 000,000,000 | ---D | C] -- C:\Users\Beheerder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HomeCinema

========== Files - Modified Within 30 Days ==========

[2012/12/16 07:33:54 | 000,702,008 | ---- | M] () -- C:\Windows\System32\perfh013.dat

[2012/12/16 07:33:54 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/12/16 07:33:54 | 000,133,750 | ---- | M] () -- C:\Windows\System32\perfc013.dat

[2012/12/16 07:33:54 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/12/16 07:32:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Beheerder\Desktop\OTL.exe

[2012/12/16 07:31:05 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/12/16 07:26:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/12/15 15:04:02 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/12/15 15:04:02 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/12/15 14:48:26 | 2559,467,520 | -HS- | M] () -- C:\hiberfil.sys

[2012/12/15 11:40:54 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/12/15 11:20:40 | 005,010,912 | R--- | M] (Swearware) -- C:\Users\Beheerder\Desktop\ComboFix.exe

[2012/12/13 09:39:33 | 000,007,598 | ---- | M] () -- C:\Users\Beheerder\AppData\Local\Resmon.ResmonCfg

[2012/12/09 16:42:01 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat

[2012/12/08 14:51:45 | 000,002,455 | ---- | M] () -- C:\Users\Public\Desktop\SlimCleaner.lnk

[2012/12/08 10:30:05 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012/12/08 10:29:57 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2012/12/07 18:31:08 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/12/07 18:31:08 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/12/06 20:25:04 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/12/06 20:05:40 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/12/01 09:35:08 | 000,001,411 | ---- | M] () -- C:\Users\Beheerder\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/12/01 05:37:02 | 000,463,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/11/30 20:38:24 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll

[2012/11/30 18:03:13 | 563,934,504 | ---- | M] (Microsoft Corporation) -- C:\Users\Beheerder\Desktop\windows6.1-KB976932-X86.exe

[2012/11/27 22:31:46 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Works.lnk

[2012/11/27 21:04:40 | 000,001,244 | ---- | M] () -- C:\Users\Beheerder\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012/11/27 19:35:09 | 000,001,291 | ---- | M] () -- C:\Users\Beheerder\Desktop\CyberLink YouCam.lnk

========== Files Created - No Company Name ==========

[2012/12/15 11:21:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/12/15 11:21:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/12/15 11:21:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/12/15 11:21:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/12/15 11:21:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/12/09 16:42:01 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat

[2012/12/08 14:51:45 | 000,002,455 | ---- | C] () -- C:\Users\Public\Desktop\SlimCleaner.lnk

[2012/12/08 10:30:05 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012/12/07 18:21:32 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/12/01 09:35:08 | 000,001,411 | ---- | C] () -- C:\Users\Beheerder\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/11/27 21:04:40 | 000,001,244 | ---- | C] () -- C:\Users\Beheerder\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012/11/27 20:05:21 | 000,007,598 | ---- | C] () -- C:\Users\Beheerder\AppData\Local\Resmon.ResmonCfg

[2012/11/27 19:35:09 | 000,001,291 | ---- | C] () -- C:\Users\Beheerder\Desktop\CyberLink YouCam.lnk

[2012/11/27 19:34:23 | 000,001,417 | ---- | C] () -- C:\Users\Beheerder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2012/11/27 19:33:14 | 000,000,290 | ---- | C] () -- C:\Users\Beheerder\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2012/11/27 19:33:14 | 000,000,272 | ---- | C] () -- C:\Users\Beheerder\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2011/12/05 06:46:33 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys

[2011/12/05 06:46:33 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\87D26E6513.sys

[2011/12/03 15:10:18 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI

[2011/02/11 18:10:50 | 000,874,048 | ---- | C] () -- C:\Windows\System32\igkrng575.bin

[2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

[2011/01/20 08:44:36 | 002,997,760 | ---- | C] () -- C:\Program Files\openofficeorg33.msi

[2011/01/20 08:40:46 | 129,452,089 | ---- | C] () -- C:\Program Files\openofficeorg1.cab

[2011/01/20 07:57:30 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini

[2010/09/19 11:38:32 | 000,005,056 | ---- | C] () -- C:\ProgramData\drctchbl.xvi

[2010/09/19 11:38:31 | 000,004,110 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 10:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2012/12/09 16:42:01 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat

[2012/12/15 12:07:27 | 000,016,059 | ---- | M] () -- C:\ComboFix.txt

[2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

[2012/12/15 14:48:26 | 2559,467,520 | -HS- | M] () -- C:\hiberfil.sys

[2010/01/14 10:51:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/01/14 10:51:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2012/12/15 14:48:29 | 3412,627,456 | -HS- | M] () -- C:\pagefile.sys

[2012/12/11 21:15:02 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.34.0_11.12.2012_21.14.56_log.txt

[2012/12/11 21:16:53 | 000,134,604 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_11.12.2012_21.16.03_log.txt

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

Link to post
Share on other sites

And here's the second:

OTL Extras logfile created on: 16/12/2012 7:34:33 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Beheerder\Desktop

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

3,18 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 71,12% Memory free

6,35 Gb Paging File | 5,25 Gb Available in Paging File | 82,59% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 424,66 Gb Total Space | 362,03 Gb Free Space | 85,25% Space Free | Partition Type: NTFS

Drive D: | 40,00 Gb Total Space | 29,18 Gb Free Space | 72,94% Space Free | Partition Type: NTFS

Computer Name: VDH-PC | User Name: Beheerder | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Fotoshow] -- "C:\Program Files\Fotoservice\Kruidvat fotoservice\Fotoshow.exe" -d "%1" ()

Directory [Kruidvat fotoservice] -- "C:\Program Files\Fotoservice\Kruidvat fotoservice\Kruidvat fotoservice.exe" "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{14351327-D1D6-4746-9403-A2A06BCCB1FD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{189D86C2-FCA0-4B87-99AE-5D774F50056D}" = rport=445 | protocol=6 | dir=out | app=system |

"{1FB347F8-138A-4C90-BD61-F823CFAEC91A}" = lport=445 | protocol=6 | dir=in | app=system |

"{27FD49B4-7EF1-4C2D-B7EF-25789DD9DCD5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{2B4A6023-F445-436D-8DD1-CF9EDA760F31}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{2C95B13D-6039-4BF8-8836-A2B94C02A6DC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{3279BBA5-CBF5-43EE-B7C1-10BD9674F1E2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{3FAF9E09-228F-45F6-A397-B90299344289}" = rport=139 | protocol=6 | dir=out | app=system |

"{43D7BFDC-E0B3-4451-81A8-069087DBA56A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{4456E31F-47B2-4A19-83AD-589D2DAD932C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{558DC1DD-F98E-465D-BCF7-2D7511483DD4}" = rport=138 | protocol=17 | dir=out | app=system |

"{58F5500F-B78C-4E21-9911-3F110ED08C11}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{59457808-FD84-4212-A984-BDE35C703390}" = lport=138 | protocol=17 | dir=in | app=system |

"{67A15881-A618-4619-B563-9928B6A8B2C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{69C84653-E071-4679-876A-D8326D5FF9AB}" = lport=137 | protocol=17 | dir=in | app=system |

"{7BE46052-06D1-4678-B8D3-068E06382DC9}" = rport=10243 | protocol=6 | dir=out | app=system |

"{854FC76A-2012-4B19-951B-C4B30918D095}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{876EC83F-B4DB-4832-A655-B6BB65B658D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{8BAD409F-0FE5-4CB6-9A11-DBE8BC02A320}" = rport=139 | protocol=6 | dir=out | app=system |

"{90C1ED73-3E36-4974-97CE-2B6650E8A935}" = rport=445 | protocol=6 | dir=out | app=system |

"{923970AF-3244-484D-8B55-DEBD8BE7AD7A}" = rport=137 | protocol=17 | dir=out | app=system |

"{93BB8C60-8D46-42FE-B05F-64F6349CD2BD}" = lport=445 | protocol=6 | dir=in | app=system |

"{9641749E-6693-444C-A348-A3E08D28CDC8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{98F472DC-DCB0-4B58-8D13-525CAF7B3D5E}" = lport=139 | protocol=6 | dir=in | app=system |

"{9B2B9C62-FEA3-4CA4-9A7B-4F7A5AB6D008}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{A46FE727-1AB7-4778-B114-DBEFDEC51238}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

"{BBE94D0E-8B19-443A-ACCA-770FDA44B42C}" = lport=10243 | protocol=6 | dir=in | app=system |

"{C8261866-37F2-4603-B4FF-BD591D1455E4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C95C5528-DCAC-47DC-93A0-495CF7E1150F}" = lport=139 | protocol=6 | dir=in | app=system |

"{DBB99041-336E-4344-9C69-6A474A498A7A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{DE2D52A0-A07D-49FB-88D2-D80CDD43B076}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F068B95A-97E0-4EDE-ACD3-2CDB2EFA4C61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03EF28E0-4547-4C73-B890-995BD7A5E453}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{08E6D7AA-24CA-4B7E-8C5A-EEFE1396B8D2}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{17321904-5582-456B-B5C2-60F3CE9473BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{178C03CA-0159-44E5-8F29-75FEEE38B249}" = protocol=6 | dir=out | app=system |

"{1D8F5EDC-92D6-4576-9923-6CC3050E7849}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{24A38BF9-F28C-4F61-86EF-EC9CD8B44DB3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{362A0544-6865-4793-A418-7943F9545F6A}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |

"{390A79A4-4C6E-466C-971C-DBAC97EED5BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{40D0A368-16C1-4227-BD3C-6890CD2802CE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{4E0EAC81-C386-4C23-BB75-43D951A2DEF0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{5477B386-74FE-437C-9F98-9D331DE78CDD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{55932AFB-94FA-47A9-BCE9-D2FD29132E38}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{618F5651-3969-4002-B39B-89712AD0EB51}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |

"{626F083E-0A89-4B06-8C8F-1AE90846F1AC}" = protocol=6 | dir=in | app=c:\users\karin\downloads\crossfire_downloader.exe |

"{666F9B3B-19F3-41DB-860B-D0D6D468EDA5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{6AF3BE98-158B-4432-B5E5-55021D057995}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{729BDA73-9989-41B9-8A52-DA20181BD1CF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{7D43E87D-9D9E-4A42-BF95-666CD27E8F70}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{93368F9E-0F77-43FB-B3F1-A7CFA98BBB62}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{95C09A88-D048-400B-8177-F17E83055D4A}" = protocol=17 | dir=in | app=c:\users\karin\downloads\crossfire_downloader.exe |

"{AD348BC4-B2DC-465C-9069-EF809EF1D02D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{B4ED2E08-1202-423A-80BC-75B2A7DF2BA8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{B8D8DDDA-4CDB-4AA3-8A1B-B2E3C25D43D2}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{C4E3B9C2-03E5-4718-AE40-FB0E87FC72CD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{C600D944-DBCF-4E8D-9292-70835A425FA5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{C89FF9C5-7C45-4303-9597-531A88F0F615}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{CC2F9AE9-3162-4228-8C5B-161B60233706}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{EC8C3AE1-56C7-457C-8B56-71E84D2AE4A8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{F45DC65C-CB1F-4B58-80B3-99D50C4CE32A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"TCP Query User{9D8EA024-A05F-4C7E-9499-B179374C75DE}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"TCP Query User{F4B67BCE-0BF2-43C7-8D82-E7C4D2D78BB4}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{3CBAB4EF-23A7-44C4-BCDE-DCA1E07510CB}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{A2ADB45B-5CCA-4BB3-9B97-A2250F550AF1}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series" = Canon MP520 series

"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 29

"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials

"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{32D1F359-0B91-4027-9CD0-7AFF8CBA469F}" = Arcades Réseau Interactif 2

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5158F1F5-FA1B-4D49-B546-55A5004B89BD}" = Microsoft Works

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit

"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer

"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"{824563DE-75AD-4166-9DC0-B6482F206968}" = Belgium e-ID middleware 3.5.6 (build 6968)

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2010

"{90140000-0015-0413-0000-0000000FF1CE}_Office14.SingleImage_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2010

"{90140000-0016-0413-0000-0000000FF1CE}_Office14.SingleImage_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2010

"{90140000-0018-0413-0000-0000000FF1CE}_Office14.SingleImage_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2010

"{90140000-0019-0413-0000-0000000FF1CE}_Office14.SingleImage_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2010

"{90140000-001A-0413-0000-0000000FF1CE}_Office14.SingleImage_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2010

"{90140000-001B-0413-0000-0000000FF1CE}_Office14.SingleImage_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010

"{90140000-001F-0413-0000-0000000FF1CE}_Office14.SingleImage_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010

"{90140000-002C-0413-0000-0000000FF1CE}_Office14.SingleImage_{D3B92058-CF96-445F-A297-F7ED19C4E841}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006D-0413-0000-0000000FF1CE}" = Microsoft Office Klik-en-Klaar 2010

"{90140000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010

"{90140000-006E-0413-0000-0000000FF1CE}_Office14.SingleImage_{260407D0-98A1-4D9A-A956-3D1DEDDDF3B9}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2010

"{90140000-00A1-0413-0000-0000000FF1CE}_Office14.SingleImage_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140011-0061-0413-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Nederlands

"{91EBCCB9-A539-4306-AC5A-F372E0D6092B}" = OpenOffice.org 3.3

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00AF-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Dutch)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne

"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema

"{AC76BA86-7AD7-1043-7B44-A94000000001}" = Adobe Reader 9.4.6 - Nederlands

"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision stuurprogramma 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA-configuratiescherm 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafisch stuurprogramma 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision controllerstuurprogramma 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX systeemsoftware 9.12.0604

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer

"{BF307EDA-A176-4D83-9775-D337810CF7A7}" = Cookienator

"{C21DB59E-3130-43E2-88C6-BE7451D44A52}" = SlimCleaner

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker

"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour

"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic

"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail

"{D6436C60-3C20-4C5E-9267-349B09ACED0D}" = NL

"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack

"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger-sensing Pad Driver

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"0E9F0DFCEB7739D0CA4C8BB64F515A3C48435170" = Stuurprogrammapakket voor Windows - Fedict SmartCard (06/30/2011 4.0.0.4)

"Activision_CSTUninstallKey" = Cruise Ship Tycoon

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"avast" = avast! Free Antivirus

"AVS Audio Converter_is1" = AVS Audio Converter 7

"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1

"AVS Update Manager_is1" = AVS Update Manager 1.0

"AVS Video Editor_is1" = AVS Video Editor 6

"AVS Video Recorder_is1" = AVS Video Recorder 2.4

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4

"CANONIJPLM100" = PIXMA Extended Survey Program

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"CCleaner" = CCleaner

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"Cross Fire_is1" = Cross Fire En

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"Gebruikersregistratie voor Canon MP520 series" = Gebruikersregistratie voor Canon MP520 series

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema

"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"Kruidvat fotoservice" = Kruidvat fotoservice

"Lexmark X74-X75" = Lexmark X74-X75

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.65.1.1000

"Markant2" = Markant2

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD

"Mozilla Firefox 5.0 (x86 nl)" = Mozilla Firefox 5.0 (x86 nl)

"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Office14.Click2Run" = Microsoft Office Klik-en-Klaar 2010

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"Picasa 3" = Picasa 3

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TVWiz" = Intel® TV Wizard

"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 13/12/2012 9:45:09 | Computer Name = VDH-PC | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 13/12/2012 9:45:15 | Computer Name = VDH-PC | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 13/12/2012 9:59:09 | Computer Name = VDH-PC | Source = .NET Runtime Optimization Service | ID = 1107

Description =

Error - 13/12/2012 9:59:09 | Computer Name = VDH-PC | Source = .NET Runtime Optimization Service | ID = 1107

Description =

Error - 13/12/2012 9:59:10 | Computer Name = VDH-PC | Source = .NET Runtime Optimization Service | ID = 1107

Description =

Error - 13/12/2012 9:59:10 | Computer Name = VDH-PC | Source = .NET Runtime Optimization Service | ID = 1107

Description =

Error - 13/12/2012 10:05:36 | Computer Name = VDH-PC | Source = CVHSVC | ID = 100

Description = Alleen informatie. (Patch task for {90140011-0061-0413-0000-0000000FF1CE}):

DownloadLatest Failed:

Error - 14/12/2012 14:56:10 | Computer Name = VDH-PC | Source = CVHSVC | ID = 100

Description = Alleen informatie. (Patch task for {90140011-0061-0413-0000-0000000FF1CE}):

DownloadLatest Failed:

Error - 15/12/2012 6:47:30 | Computer Name = VDH-PC | Source = CVHSVC | ID = 100

Description = Alleen informatie. (Patch task for {90140011-0061-0413-0000-0000000FF1CE}):

DownloadLatest Failed:

Error - 15/12/2012 7:27:32 | Computer Name = VDH-PC | Source = CVHSVC | ID = 100

Description = Alleen informatie. (Patch task for {90140011-0061-0413-0000-0000000FF1CE}):

DownloadLatest Failed:

[ Media Center Events ]

Error - 14/05/2010 11:50:56 | Computer Name = VDH-PC | Source = MCUpdate | ID = 0

Description = 17:50:56 - Fout bij verbinden met internet. 17:50:56 - Kan geen

contact maken met server..

Error - 14/05/2010 11:51:03 | Computer Name = VDH-PC | Source = MCUpdate | ID = 0

Description = 17:51:01 - Fout bij verbinden met internet. 17:51:01 - Kan geen

contact maken met server..

Error - 14/11/2010 6:23:05 | Computer Name = VDH-PC | Source = MCUpdate | ID = 0

Description = 11:23:05 - Fout bij verbinden met internet. 11:23:05 - Kan geen

contact maken met server..

Error - 14/11/2010 6:23:15 | Computer Name = VDH-PC | Source = MCUpdate | ID = 0

Description = 11:23:10 - Fout bij verbinden met internet. 11:23:10 - Kan geen

contact maken met server..

Error - 14/11/2010 7:26:20 | Computer Name = VDH-PC | Source = MCUpdate | ID = 0

Description = 12:26:20 - Fout bij verbinden met internet. 12:26:20 - Kan geen

contact maken met server..

Error - 14/11/2010 7:26:25 | Computer Name = VDH-PC | Source = MCUpdate | ID = 0

Description = 12:26:25 - Fout bij verbinden met internet. 12:26:25 - Kan geen

contact maken met server..

Error - 14/11/2010 8:26:31 | Computer Name = VDH-PC | Source = MCUpdate | ID = 0

Description = 13:26:31 - Fout bij verbinden met internet. 13:26:31 - Kan geen

contact maken met server..

Error - 14/11/2010 8:26:37 | Computer Name = VDH-PC | Source = MCUpdate | ID = 0

Description = 13:26:36 - Fout bij verbinden met internet. 13:26:36 - Kan geen

contact maken met server..

[ System Events ]

Error - 15/12/2012 9:50:56 | Computer Name = VDH-PC | Source = Service Control Manager | ID = 7001

Description = De Internet Connection Sharing (ICS)-service is afhankelijk van de

Remote Access Connection Manager-service, die vanwege de volgende fout niet kan

worden gestart: %%1058

Error - 15/12/2012 9:52:53 | Computer Name = VDH-PC | Source = Service Control Manager | ID = 7022

Description = De Network Location Awareness-service is bij het starten vastgelopen.

Error - 15/12/2012 9:53:07 | Computer Name = VDH-PC | Source = Service Control Manager | ID = 7001

Description = De Network List Service-service is afhankelijk van de Network Location

Awareness-service, die vanwege de volgende fout niet kan worden gestart: %%1070

Error - 15/12/2012 9:53:09 | Computer Name = VDH-PC | Source = DCOM | ID = 10005

Description =

Error - 15/12/2012 9:55:15 | Computer Name = VDH-PC | Source = Service Control Manager | ID = 7022

Description = De Network Location Awareness-service is bij het starten vastgelopen.

Error - 15/12/2012 9:55:15 | Computer Name = VDH-PC | Source = Service Control Manager | ID = 7001

Description = De Network List Service-service is afhankelijk van de Network Location

Awareness-service, die vanwege de volgende fout niet kan worden gestart: %%1070

Error - 15/12/2012 9:57:00 | Computer Name = VDH-PC | Source = Service Control Manager | ID = 7022

Description = De Network Location Awareness-service is bij het starten vastgelopen.

Error - 15/12/2012 9:57:00 | Computer Name = VDH-PC | Source = Service Control Manager | ID = 7001

Description = De Network List Service-service is afhankelijk van de Network Location

Awareness-service, die vanwege de volgende fout niet kan worden gestart: %%1070

Error - 15/12/2012 17:33:35 | Computer Name = VDH-PC | Source = Service Control Manager | ID = 7011

Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een

transactie van deze service: FDResPub.

Error - 15/12/2012 17:34:05 | Computer Name = VDH-PC | Source = Service Control Manager | ID = 7011

Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een

transactie van deze service: upnphost.

< End of report >

Link to post
Share on other sites

Good evening bartvdc. :)

Please go to http://www.virustotal.com, click on Choose File, and upload the following files for analysis: You will only be able to have one file scanned at a time.

C:\Windows\System32\87D26E6513.sys

C:\ProgramData\drctchbl.xvi

C:\ProgramData\xqkcebzs.dik

Then click Scan It!. Allow the file to be scanned, and then please copy/paste the results here for me to see.

Note: If a message appears saying the file has already been analysed, please resend the file.

=====

Then, please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :OTL
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    :Commands
    [EmptyTemp]
  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

=====

In your reply please provide:

  • Contents of the fix log from OTL.
  • Results from Virus Total for the three files.

Link to post
Share on other sites

I'm not sure what you mean by the result . I'l send a copy of the html result page , not the complete antivirus list but just the one with a result.

I'll send the otl log in another reply

SHA256: 9d7d948ef1329cc1db5fb77cbe9ed7bbf7d74cd8be1ad214689ebbe52a2267cb SHA1: 2fa91927668fb0b3a4da32722825e15080cb5c21 MD5: 0641a46f1e58529a42ead4573a3a0861 File size: 8 bytes ( 8 bytes ) File name: 87D26E6513.sys File type: unknown Detection ratio: 1 / 46 Analysis date: 2012-12-16 14:00:11 UTC ( 0 minuten ago

eSafe Win32.Trojan 20121212

SHA256: b365d7f9b0ae1a4417c06e34b8bd67bd8e759727e6284d99f4cf755c578df8f1 SHA1: b1ada714efe45c08d9d0a4ef3b137c9b52a29c59 MD5: bb60f4c8bf0dd9a4ff64bb8132b0e239 File size: 4.0 KB ( 4110 bytes ) File type: unknown Detection ratio: 0 / 43 Analysis date: 2010-10-19 11:11:18 UTC ( 2 jaren, 1 maand ago )

SHA256: 3521aef9bc79952937aa21515fb072da75fa222b69648d24f8ebd324bd3bbaa6 SHA1: 6e25e01e282d553e52560f908e01351caf9c7b77 MD5: e06408e1b233e3b904ce3e6a825fc30e File size: 4.9 KB ( 5056 bytes ) File name: drctchbl.xvi File type: unknown Detection ratio: 0 / 46 Analysis date:

2012-12-16 17:33:07 UTC ( 0 minuten ago )

Link to post
Share on other sites

It's evening here now.

The laptop's CPU is still running 100%

Here's the otl log :

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Beheerder

->Temp folder emptied: 98304 bytes

->Temporary Internet Files folder emptied: 24555304 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 57077 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56475 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Gebruiker

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56475 bytes

User: Karin

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 1350170 bytes

->Java cache emptied: 7313434 bytes

->FireFox cache emptied: 95583600 bytes

->Flash cache emptied: 75269 bytes

User: Public

->Temp folder emptied: 0 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 26611768 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 8362804 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 157,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12162012_185032

Files\Folders moved on Reboot...

C:\Users\Beheerder\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

File\Folder C:\Users\Beheerder\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0KBPHPX\fastbutton[1].htm not found!

C:\Users\Beheerder\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0KBPHPX\index[3].htm moved successfully.

C:\Users\Beheerder\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI0V02AT\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

C:\Users\Beheerder\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DANQT69W\index[2].htm moved successfully.

C:\Users\Beheerder\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8OB1NG3Y\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

The dds logs :

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Beheerder at 19:47:34 on 2012-12-17

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.3255.2265 [GMT 1:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.be/

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Verzenden naar OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: NameServer = 195.130.131.2 195.130.130.130

TCP: Interfaces\{7996F94A-C7CB-4355-8D71-F41DA1F0445B} : DHCPNameServer = 195.130.131.2 195.130.130.130

TCP: Interfaces\{7996F94A-C7CB-4355-8D71-F41DA1F0445B}\75962756C6563737 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{7996F94A-C7CB-4355-8D71-F41DA1F0445B}\779666961383 : DHCPNameServer = 195.130.130.129 195.130.131.129

Filter: AutorunsDisabled - <Clsid value has no data>

Handler: AutorunsDisabled - <Clsid value has no data>

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 nvpciflt;nvpciflt;c:\windows\system32\drivers\nvpciflt.sys [2012-12-6 24936]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-8 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-12-8 361032]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-12-8 21256]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-12-8 58680]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-12-8 44808]

R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]

R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]

R3 fspad_wlh32;Finger-sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\drivers\fspad_wlh32.sys [2012-12-2 41984]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-1-13 209920]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2012-12-2 65576]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-1 1006624]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-12-2 193056]

S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-3 1343400]

S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]

S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-1-13 13336]

S4 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000]

S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824]

S4 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-1-13 2320920]

.

=============== File Associations ===============

.

FileExt: .reg: Applications\notepad.exe=c:\windows\system32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2012-12-16 17:50:32 -------- d-----w- C:\_OTL

2012-12-15 10:41:05 -------- d-sh--w- C:\$RECYCLE.BIN

2012-12-15 10:21:19 98816 ----a-w- c:\windows\sed.exe

2012-12-15 10:21:19 256000 ----a-w- c:\windows\PEV.exe

2012-12-15 10:21:19 208896 ----a-w- c:\windows\MBR.exe

2012-12-15 10:21:16 -------- d-----w- C:\ComboFix

2012-12-15 10:03:18 -------- d-----w- c:\users\beheerder\appdata\local\Adobe

2012-12-13 12:11:52 -------- d-----w- C:\57c3bf679f81c8dde132e467f69ecd54

2012-12-11 21:32:21 -------- d-----w- c:\users\beheerder\appdata\local\temp

2012-12-08 14:49:56 -------- d-----w- C:\f62b874f182daa1a94eb8a304bd10c

2012-12-08 13:51:50 -------- d-----w- c:\users\beheerder\appdata\local\SlimWare Utilities Inc

2012-12-08 13:51:44 -------- d-----w- c:\program files\SlimCleaner

2012-12-08 12:24:51 -------- d-----w- c:\users\beheerder\appdata\local\WinZip

2012-12-08 09:30:01 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-12-08 09:30:00 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-12-08 09:29:57 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-12-08 09:29:37 41224 ----a-w- c:\windows\avastSS.scr

2012-12-08 09:29:21 -------- d-----w- c:\programdata\AVAST Software

2012-12-08 09:29:21 -------- d-----w- c:\program files\AVAST Software

2012-12-08 09:20:26 -------- d-----w- c:\users\beheerder\appdata\local\Apple

2012-12-07 17:21:31 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-06 19:55:15 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll

2012-12-06 19:55:15 7697768 ----a-w- c:\windows\system32\nvcuda.dll

2012-12-06 19:55:15 6127464 ----a-w- c:\windows\system32\nvopencl.dll

2012-12-06 19:55:15 2574696 ----a-w- c:\windows\system32\nvcuvid.dll

2012-12-06 19:55:15 24936 ----a-w- c:\windows\system32\drivers\nvpciflt.sys

2012-12-06 19:55:15 19906920 ----a-w- c:\windows\system32\nvoglv32.dll

2012-12-06 19:55:15 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-12-06 19:55:15 17559912 ----a-w- c:\windows\system32\nvcompiler.dll

2012-12-06 19:55:15 15309160 ----a-w- c:\windows\system32\nvd3dum.dll

2012-12-06 19:55:15 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll

2012-12-06 19:55:15 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-12-06 19:55:15 1009512 ----a-w- c:\windows\system32\nvdispco32.dll

2012-12-04 18:42:41 -------- d-----w- C:\dcf88091bc306eb4ad9bcb722c

2012-12-03 20:03:49 -------- d-----w- C:\1549e5cccf859577d218f9698d63

2012-12-02 20:30:34 -------- d-----w- c:\program files\FSP

2012-12-02 20:30:01 41984 ----a-w- c:\windows\system32\drivers\fspad_wlh32.sys

2012-12-02 20:29:59 57344 ----a-w- c:\windows\system32\fspadco.dll

2012-12-02 20:15:06 120104 ----a-w- c:\windows\system32\SynTPCo4.dll

2012-12-02 19:58:39 831488 ------r- c:\windows\RtlExUpd.dll

2012-12-02 19:58:35 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe

2012-12-02 18:16:47 65576 ----a-w- c:\windows\system32\drivers\L1C62x86.sys

2012-12-02 18:13:59 313888 ----a-w- c:\windows\system32\RtsUStor.dll

2012-12-02 18:13:57 193056 ----a-r- c:\windows\system32\drivers\RtsUStor.sys

2012-12-02 18:13:56 9112096 ----a-w- c:\windows\system32\RtsUStoricon.dll

2012-12-02 17:40:18 -------- d-----w- c:\users\beheerder\appdata\roaming\Intel Corporation

2012-12-02 17:28:13 435736 ----a-w- c:\windows\system32\drivers\iaStor.sys

2012-12-02 17:15:22 -------- d-----w- C:\MedionUpgrade

2012-12-01 08:52:52 -------- d-----w- C:\9f0675b061e8be6fc823a3769b021e04

2012-12-01 08:51:24 -------- d-----w- c:\users\beheerder\appdata\local\ElevatedDiagnostics

2012-12-01 08:32:36 -------- d-----w- c:\users\beheerder\appdata\local\Diagnostics

2012-11-30 18:21:57 -------- d-----w- c:\windows\system32\SPReview

2012-11-30 16:35:13 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-28 21:39:18 -------- d-----w- c:\users\beheerder\appdata\roaming\Malwarebytes

2012-11-28 21:39:09 -------- d-----w- c:\programdata\Malwarebytes

2012-11-28 21:39:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-27 21:54:43 -------- d-----w- C:\765df097dedfdd798d615313d7b2bd

2012-11-27 20:49:21 -------- d-----w- c:\users\beheerder\appdata\roaming\TuneUp Software

2012-11-27 20:04:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-11-27 20:04:35 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-11-27 18:35:15 -------- d-----w- c:\users\beheerder\appdata\local\Scansoft

2012-11-27 18:34:59 -------- d-----w- c:\users\beheerder\appdata\local\Apple Computer

2012-11-27 18:34:57 -------- d-----w- c:\users\beheerder\appdata\local\Power2Go

.

==================== Find3M ====================

.

2012-12-07 17:31:08 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-30 19:38:24 152064 ----a-w- c:\windows\system32\msclmd.dll

2012-10-02 22:20:00 831848 ----a-w- c:\windows\system32\nvumdshim.dll

2012-10-02 22:20:00 2428776 ----a-w- c:\windows\system32\nvapi.dll

2012-10-02 22:20:00 202600 ----a-w- c:\windows\system32\nvinit.dll

2012-10-02 19:29:42 645992 ----a-w- c:\windows\system32\nvvsvc.exe

2012-10-02 19:29:41 726376 ----a-w- c:\windows\system32\nv3dappshext.dll

2012-10-02 19:29:41 62312 ----a-w- c:\windows\system32\nvshext.dll

2012-10-02 19:29:41 54632 ----a-w- c:\windows\system32\nv3dappshextr.dll

2012-10-02 19:29:41 2557288 ----a-w- c:\windows\system32\nvsvcr.dll

2012-10-02 19:29:41 108392 ----a-w- c:\windows\system32\nvmctray.dll

2012-10-02 19:29:23 3536817 ----a-w- c:\windows\system32\nvcoproc.bin

2012-10-02 19:29:22 2853224 ----a-w- c:\windows\system32\nvsvc.dll

2012-10-02 19:28:53 3965288 ----a-w- c:\windows\system32\nvcpl.dll

2012-10-02 12:15:52 430952 ----a-w- c:\windows\system32\nvStreaming.exe

2011-01-20 07:44:36 2997760 ----a-w- c:\program files\openofficeorg33.msi

.

============= FINISH: 19:49:43,53 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 24/02/2010 20:09:06

System Uptime: 17/12/2012 18:59:20 (1 hours ago)

.

Motherboard: MEDION | | P6622

Processor: Intel® Core i3 CPU M 350 @ 2.27GHz | CPU 1 | 2261/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 425 GiB total, 361,338 GiB free.

D: is FIXED (NTFS) - 40 GiB total, 29,176 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Virtual WiFi Miniport-adapter

Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&11DA90CD&0&01

Manufacturer: Microsoft

Name: Microsoft Virtual WiFi Miniport-adapter

PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&11DA90CD&0&01

Service: vwifimp

.

==== System Restore Points ===================

.

RP286: 15/12/2012 11:18:23 - ComboFix created restore point

RP287: 16/12/2012 7:38:04 - OTL Restore Point - 16/12/2012 7:38:01

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.4.6 - Nederlands

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Arcades Réseau Interactif 2

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

avast! Free Antivirus

AVS Audio Converter 7

AVS Screen Capture version 2.0.1

AVS Update Manager 1.0

AVS Video Editor 6

AVS Video Recorder 2.4

AVS4YOU Software Navigator 1.4

Belgium e-ID middleware 3.5.6 (build 6968)

Bonjour

Canon MP Navigator EX 1.0

Canon MP520 series

Canon My Printer

Canon Utilities Easy-PhotoPrint EX

Canon Utilities Solution Menu

CCleaner

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Cookienator

Corel MediaOne

CorelDRAW Essential Edition 3

Cross Fire En

Cruise Ship Tycoon

CyberLink LabelPrint

CyberLink MediaShow

CyberLink PhotoNow

CyberLink Power2Go

CyberLink PowerDirector

CyberLink PowerDVD 9

CyberLink PowerDVD Copy

CyberLink PowerProducer

CyberLink YouCam

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Finger-sensing Pad Driver

Gebruikersregistratie voor Canon MP520 series

Google Earth

Google Update Helper

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Intel® TV Wizard

iTunes

Java Auto Updater

Java 6 Update 29

Junk Mail filter update

Kruidvat fotoservice

Lexmark X74-X75

Malwarebytes Anti-Malware versie 1.65.1.1000

Markant2

Medion Home Cinema

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile NLD Language Pack

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Dutch) 2010

Microsoft Office Excel MUI (Dutch) 2010

Microsoft Office Home and Student 2010

Microsoft Office Home and Student 2010 - Nederlands

Microsoft Office Klik-en-Klaar 2010

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (Dutch) 2010

Microsoft Office Outlook MUI (Dutch) 2010

Microsoft Office PowerPoint MUI (Dutch) 2010

Microsoft Office PowerPoint Viewer 2007 (Dutch)

Microsoft Office Proof (Dutch) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (German) 2010

Microsoft Office Proofing (Dutch) 2010

Microsoft Office Publisher MUI (Dutch) 2010

Microsoft Office Shared MUI (Dutch) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (Dutch) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

MobileMe Control Panel

Mozilla Firefox 5.0 (x86 nl)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NL

NVIDIA-configuratiescherm 306.97

NVIDIA 3D Vision Controller Driver

NVIDIA 3D Vision controllerstuurprogramma 306.97

NVIDIA 3D Vision stuurprogramma 306.97

NVIDIA Grafisch stuurprogramma 306.97

NVIDIA Install Application

NVIDIA Optimus 1.10.8

NVIDIA PhysX

NVIDIA PhysX systeemsoftware 9.12.0604

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.10.8

NVIDIA Update Components

OGA Notifier 2.0.0048.0

OpenOffice.org 3.3

Picasa 3

PIXMA Extended Survey Program

QuickTime

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

REALTEK Wireless LAN Driver

ScanSoft OmniPage SE 4

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)

Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)

Skype Click to Call

Skype™ 5.10

SlimCleaner

Spybot - Search & Destroy

Stuurprogrammapakket voor Windows - Fedict SmartCard (06/30/2011 4.0.0.4)

SUPERAntiSpyware

Synaptics Pointing Device Driver

System Requirements Lab for Intel

Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD

Ulead Photo Explorer 8.0 SE Basic

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update Manager

VoiceOver Kit

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinZip 15.5

.

==== End Of File ===========================

Link to post
Share on other sites

Hello bartvdc. :)

Please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Hey bartvdc. :)

As your logs appear clean I would like you to please post a topic in this forum:

http://forums.malwar...php?showforum=6

Please give a link to this topic so that the tech helper can see the work done so far.

Hopefully they help you solve the problem. :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.