trage laptop

eduard

27-04-2012 16:52

Mijn laptop is traag.
Ik heb de stappen doorlopen.
Mbam heeft na update niets gevonden.
Ccleaner en atf cleaner laten draaien en heeft niet geholpen.
Hijackthis logje gemaakt en combofix laten draaien.
Zie hier de logjes.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:44:33, on 27-4-2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\explorer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-ne.com/nl/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Sam\AppData\Roaming\Complitly\Complitly.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: NDSTray.exe
O4 - HKLM\..\Run: C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: “C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe” /start
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: “C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe” -automount
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User ‘Default user’)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: Accelerated graphics
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_Win32.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
–
End of file - 9701 bytes
ComboFix 12-04-27.01 - Sam 27-04-2012 16:19:07.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2939.1828
Gestart vanuit: c:\users\Sam\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Complitly
c:\program files\Complitly\chrome\ComplitlyChrome.crx
c:\program files\Complitly\FireFoxExtensionWithFF8Fix.exe
c:\program files\Complitly\FireFoxUninstaller.exe
c:\program files\Complitly\InstTracker.exe
c:\program files\Complitly\support@Complitly.com\chrome.manifest
c:\program files\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files\Complitly\support@Complitly.com\install.rdf
c:\program files\Complitly\System.Data.SQLite.dll
c:\program files\Complitly\unins000.dat
c:\program files\Complitly\unins000.exe
c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\sk7a1w3y.default\weave\toFetch
c:\users\Sam\infinst.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-03-27 to 2012-04-27 ))))))))))))))))))))))))))))))
.
.
2012-04-27 14:29 . 2012-04-27 14:30 ——– d—–w- c:\users\Sam\AppData\Local\temp
2012-04-27 14:29 . 2012-04-27 14:29 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-04-27 14:13 . 2012-04-27 14:13 ——– d—–w- c:\program files\Mozilla Maintenance Service
2012-04-27 14:13 . 2012-04-27 14:13 157352 —-a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-27 14:13 . 2012-04-27 14:13 129976 —-a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-27 14:01 . 2012-04-27 14:01 ——– d—–w- c:\program files\Common Files\Java
2012-04-27 14:00 . 2012-04-27 14:00 476960 —-a-w- c:\windows\system32\npdeployJava1.dll
2012-04-27 09:19 . 2012-04-13 07:36 6734704 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6896CF6C-BB78-4066-BDD3-AF9D445BF380}\mpengine.dll
2012-04-26 18:15 . 2012-04-26 18:15 ——– d—–w- c:\users\Sam\AppData\Roaming\PeerNetworking
2012-04-25 19:04 . 2012-04-25 19:04 ——– d—–w- c:\users\Sam\AppData\Local\Rockstar Games
2012-04-25 15:32 . 2012-04-25 15:32 ——– d—–w- c:\windows\system32\xlive
2012-04-25 15:32 . 2012-04-25 15:32 ——– d—–w- c:\program files\Microsoft Games for Windows - LIVE
2012-04-24 14:40 . 2012-04-24 14:40 ——– d—–w- c:\programdata\McAfee
2012-04-24 14:40 . 2012-04-24 15:18 418464 —-a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-18 14:06 . 2004-01-06 07:43 188416 —-a-w- c:\program files\eax.dll
2012-04-18 14:06 . 2012-04-18 14:06 ——– d—–w- c:\program files\text
2012-04-18 14:06 . 2012-04-18 14:06 ——– d—–w- c:\program files\ReadMe
2012-04-18 14:06 . 2012-04-18 14:06 ——– d—–w- c:\program files\movies
2012-04-18 14:06 . 2012-04-18 14:06 ——– d—–w- c:\program files\AutoRunSource
2012-04-18 14:06 . 2008-06-14 13:22 122368 —-a-w- c:\program files\cleo.asi
2012-04-18 14:05 . 2012-04-18 14:06 ——– d—–w- c:\program files\data
2012-04-18 14:05 . 2012-04-18 14:06 ——– d—–w- c:\program files\anim
2012-04-18 14:05 . 2012-04-18 14:06 ——– d—–w- c:\program files\CLEO
2012-04-18 14:03 . 2012-04-18 14:05 ——– d—–w- c:\program files\models
2012-04-18 14:01 . 2012-04-18 14:01 ——– d—–w- c:\program files\audio
2012-04-15 19:34 . 2012-04-15 19:34 ——– d—–w- c:\program files\Alcohol Soft
2012-04-15 19:30 . 2012-04-15 19:30 477240 —-a-w- c:\windows\system32\drivers\sptd.sys
2012-04-12 13:37 . 2012-02-28 01:58 141112 —-a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-12 13:37 . 2012-02-28 01:03 2382848 —-a-w- c:\windows\system32\mshtml.tlb
2012-04-12 11:40 . 2012-03-01 11:01 2409784 —-a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-09 19:49 . 2012-04-09 19:49 ——– d—–w- c:\programdata\Premium
2012-04-09 19:49 . 2012-04-09 19:50 ——– d—–w- c:\program files\Optimizer Pro
2012-04-09 19:49 . 2012-04-09 19:49 237 —-a-w- C:\user.js
2012-04-09 19:48 . 2012-04-09 19:48 ——– d—–w- c:\programdata\Babylon
2012-04-09 19:48 . 2012-04-09 19:49 ——– d—–w- c:\programdata\InstallMate
2012-04-09 17:18 . 1998-10-29 14:45 306688 —-a-w- c:\windows\IsUninst.exe
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-04-04 18:50 . 2012-04-04 18:50 ——– d—–w- c:\program files\QuickTime
2012-04-04 18:45 . 2012-04-04 18:45 ——– d—–w- c:\program files\Apple Software Update
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-27 14:00 . 2012-01-27 00:04 472864 —-a-w- c:\windows\system32\deployJava1.dll
2012-04-24 15:18 . 2012-01-02 12:30 70304 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2012-01-26 22:22 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 —-a-w- c:\windows\system32\GPhotos.scr
2012-03-19 16:12 . 2012-03-19 16:12 43520 —-a-w- c:\windows\system32\CmdLineExt03.dll
2012-02-23 08:18 . 2009-10-03 10:11 237072 ——w- c:\windows\system32\MpSigStub.exe
2012-02-14 15:45 . 2012-03-14 12:12 219648 —-a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 12:12 160768 —-a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 12:12 1172480 —-a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 12:12 683008 —-a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 12:12 1068544 —-a-w- c:\windows\system32\DWrite.dll
2012-02-02 15:16 . 2012-03-14 12:12 2044416 —-a-w- c:\windows\system32\win32k.sys
2012-04-27 14:13 . 2012-01-26 23:40 97208 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{472083B0-C522-11CF-8763-00608CC02F24}”
2011-11-28 18:01 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
“TOSCDSPD”=“c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe”
“AlcoholAutomount”=“c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe”
.
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“NDSTray.exe”=“NDSTray.exe”
“Toshiba TEMPO”=“c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe”
“topi”=“c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe”
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
“RtHDVCpl”=“RtHDVCpl.exe”
“TPwrMain”=“c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE”
“SmoothView”=“c:\program files\Toshiba\SmoothView\SmoothView.exe”
“00TCrdMain”=“c:\program files\TOSHIBA\FlashCards\TCrdMain.exe”
“Toshiba Registration”=“c:\program files\Toshiba\Registration\ToshibaRegistration.exe”
“Camera Assistant Software”=“c:\program files\Camera Assistant Software for Toshiba\traybar.exe”
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe”
“avast”=“c:\program files\AVAST Software\Avast\avastUI.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“APSDaemon”=“c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe
.
“EnableUIADesktopToggle”= 0 (0x0)
.
“aux”=wdmaud.drv
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
.
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.youtube.nl/
mStart Page = hxxp://www.shareware-ne.com/nl/index.php?rvs=hompag
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Read with DeskBot
TCP: DhcpNameServer = 62.179.104.196 213.46.228.196
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\sk7a1w3y.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - www.youtube.nl
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=111358&babsrc=KW_ss&mntrId=701527fb00000000000000225f47fbed&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111358
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 701527fb00000000000000225f47fbed
FF - user.js: extensions.BabylonToolbar_i.hardId - 701527fb00000000000000225f47fbed
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15439
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:48
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files\Complitly\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-27 16:30
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????6~^????P?V?x?V???V???V??
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
“datasecu”=hex:d2,59,b8,ae,28,36,d0,a5,22,40,7c,a1,55,a3,ea,3d,c1,3e,43,1a,08,
b7,a6,8d,56,62,ea,7b,33,02,71,c9,27,55,ec,c7,fc,9f,b7,77,4e,c1,e6,4a,09,c7,\
“rkeysecu”=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
“MSCurrentCountry”=dword:000000b5
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
Voltooingstijd: 2012-04-27 16:41:01
ComboFix-quarantined-files.txt 2012-04-27 14:40
.
Pre-Run: 102.843.162.624 bytes beschikbaar
Post-Run: 102.487.912.448 bytes beschikbaar
.
- - End Of File - - 4440D69788538E4E5B8AAB43E3332CA9
Hopelijk kunnen jullie hier iets uithalen.
Bedankt Eduard.
rudi

27-04-2012 17:50

Staat Combofix laten draaien in het stappenplan?
Jos H

27-04-2012 18:27

Hoi Eduard
Lees even goed:
Let op: Bij meerdere gebruikers op de pc plaats je per gebuiker een logbestand !!
Plak op dezelfde manier ook het logbestand van Mbam (stap 5) in het bericht.
Maar wacht op Ben of Fazantje voor de verdere stappen en onderneem verder NIETS zelf.
Ben

27-04-2012 19:42

Hallo eduard,
Wat waren de problemen?
Waarom heb je Comkbofix gebruikt zo kunnen we geen goede diagnose stellen? http://antivirus.startpagina.nl/prikbord/15114177/draai-combofix-nooit-op-eigen-initiatief!!#msg-15114177
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
File::
C:\user.js
Folder::
c:\programdata\Babylon
Firefox::
FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\sk7a1w3y.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL –
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111358
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 701527fb00000000000000225f47fbed
FF - user.js: extensions.BabylonToolbar_i.hardId - 701527fb00000000000000225f47fbed
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15439
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:48
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef – sst
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.
Download TDSSKStarter naar het bureaublad.
"TDSSKStarter.exe" gebruiken:
Sluit nu eerst alle nog openstaande programmavensters!
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met TDSSKStarter.exe
(hier of hier) kan je lezen hoe je dat doet.
Windows 2000 en Windows XP: start de tool middels dubbelklik op "TDSSKStarter.exe".
Windows Vista en Windows 7: start de tool middels rechtsklik op "TDSSKStarter.exe" en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten.
Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.
Plaats hierna de logjes van:
ComboFix
TDSSStarter
Een nieuw HijackThis
Gr.Ben
Antivirusprikbord
eduard

27-04-2012 20:01

Als je weet wat je doet Rudi dan is het toch goed.
Ik lees hier veel mee en ik heb wel in de gaten dat bij veel besmettingen comboflix na de stappen wordt aangeraden.
Jos en Ben bedankt voor jullie reacties.
logjes volgen nog.
Gr Ed.
eduard

27-04-2012 20:22

Hallo.
Er is maar 1 gebruiker op deze computer.
Dit is het combo log voor Ben.
ComboFix 12-04-27.01 - Sam 27-04-2012 20:04:41.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2939.1945
Gestart vanuit: c:\users\Sam\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Sam\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
“C:\user.js”
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Babylon
C:\user.js
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-03-27 to 2012-04-27 ))))))))))))))))))))))))))))))
.
.
2012-04-27 18:11 . 2012-04-27 18:11 ——– d—–w- c:\users\Sam\AppData\Local\temp
2012-04-27 18:11 . 2012-04-27 18:11 ——– d—–w- c:\users\Public\AppData\Local\temp
2012-04-27 18:11 . 2012-04-27 18:11 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-04-27 14:13 . 2012-04-27 14:13 ——– d—–w- c:\program files\Mozilla Maintenance Service
2012-04-27 14:13 . 2012-04-27 14:13 157352 —-a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-27 14:13 . 2012-04-27 14:13 129976 —-a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-27 14:01 . 2012-04-27 14:01 ——– d—–w- c:\program files\Common Files\Java
2012-04-27 14:00 . 2012-04-27 14:00 476960 —-a-w- c:\windows\system32\npdeployJava1.dll
2012-04-27 09:19 . 2012-04-13 07:36 6734704 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6896CF6C-BB78-4066-BDD3-AF9D445BF380}\mpengine.dll
2012-04-26 18:15 . 2012-04-26 18:15 ——– d—–w- c:\users\Sam\AppData\Roaming\PeerNetworking
2012-04-25 19:04 . 2012-04-25 19:04 ——– d—–w- c:\users\Sam\AppData\Local\Rockstar Games
2012-04-25 15:32 . 2012-04-25 15:32 ——– d—–w- c:\windows\system32\xlive
2012-04-25 15:32 . 2012-04-25 15:32 ——– d—–w- c:\program files\Microsoft Games for Windows - LIVE
2012-04-24 14:40 . 2012-04-24 14:40 ——– d—–w- c:\programdata\McAfee
2012-04-24 14:40 . 2012-04-24 15:18 418464 —-a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-18 14:06 . 2004-01-06 07:43 188416 —-a-w- c:\program files\eax.dll
2012-04-18 14:06 . 2012-04-18 14:06 ——– d—–w- c:\program files\text
2012-04-18 14:06 . 2012-04-18 14:06 ——– d—–w- c:\program files\ReadMe
2012-04-18 14:06 . 2012-04-18 14:06 ——– d—–w- c:\program files\movies
2012-04-18 14:06 . 2012-04-18 14:06 ——– d—–w- c:\program files\AutoRunSource
2012-04-18 14:06 . 2008-06-14 13:22 122368 —-a-w- c:\program files\cleo.asi
2012-04-18 14:05 . 2012-04-18 14:06 ——– d—–w- c:\program files\data
2012-04-18 14:05 . 2012-04-18 14:06 ——– d—–w- c:\program files\anim
2012-04-18 14:05 . 2012-04-18 14:06 ——– d—–w- c:\program files\CLEO
2012-04-18 14:03 . 2012-04-18 14:05 ——– d—–w- c:\program files\models
2012-04-18 14:01 . 2012-04-18 14:01 ——– d—–w- c:\program files\audio
2012-04-15 19:34 . 2012-04-15 19:34 ——– d—–w- c:\program files\Alcohol Soft
2012-04-15 19:30 . 2012-04-15 19:30 477240 —-a-w- c:\windows\system32\drivers\sptd.sys
2012-04-12 13:37 . 2012-02-28 01:58 141112 —-a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-12 13:37 . 2012-02-28 01:03 2382848 —-a-w- c:\windows\system32\mshtml.tlb
2012-04-12 11:40 . 2012-03-01 11:01 2409784 —-a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-09 19:49 . 2012-04-09 19:49 ——– d—–w- c:\programdata\Premium
2012-04-09 19:49 . 2012-04-09 19:50 ——– d—–w- c:\program files\Optimizer Pro
2012-04-09 19:48 . 2012-04-09 19:49 ——– d—–w- c:\programdata\InstallMate
2012-04-09 17:18 . 1998-10-29 14:45 306688 —-a-w- c:\windows\IsUninst.exe
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-04-04 18:50 . 2012-04-04 18:50 159744 —-a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-04-04 18:50 . 2012-04-04 18:50 ——– d—–w- c:\program files\QuickTime
2012-04-04 18:45 . 2012-04-04 18:45 ——– d—–w- c:\program files\Apple Software Update
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-27 14:00 . 2012-01-27 00:04 472864 —-a-w- c:\windows\system32\deployJava1.dll
2012-04-24 15:18 . 2012-01-02 12:30 70304 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2012-01-26 22:22 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 —-a-w- c:\windows\system32\GPhotos.scr
2012-03-19 16:12 . 2012-03-19 16:12 43520 —-a-w- c:\windows\system32\CmdLineExt03.dll
2012-02-23 08:18 . 2009-10-03 10:11 237072 ——w- c:\windows\system32\MpSigStub.exe
2012-02-14 15:45 . 2012-03-14 12:12 219648 —-a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 12:12 160768 —-a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 12:12 1172480 —-a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 12:12 683008 —-a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 12:12 1068544 —-a-w- c:\windows\system32\DWrite.dll
2012-02-02 15:16 . 2012-03-14 12:12 2044416 —-a-w- c:\windows\system32\win32k.sys
2012-04-27 14:13 . 2012-01-26 23:40 97208 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{472083B0-C522-11CF-8763-00608CC02F24}”
2011-11-28 18:01 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
“TOSCDSPD”=“c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe”
“AlcoholAutomount”=“c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe”
.
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“NDSTray.exe”=“NDSTray.exe”
“Toshiba TEMPO”=“c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe”
“topi”=“c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe”
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
“RtHDVCpl”=“RtHDVCpl.exe”
“TPwrMain”=“c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE”
“SmoothView”=“c:\program files\Toshiba\SmoothView\SmoothView.exe”
“00TCrdMain”=“c:\program files\TOSHIBA\FlashCards\TCrdMain.exe”
“Toshiba Registration”=“c:\program files\Toshiba\Registration\ToshibaRegistration.exe”
“Camera Assistant Software”=“c:\program files\Camera Assistant Software for Toshiba\traybar.exe”
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe”
“avast”=“c:\program files\AVAST Software\Avast\avastUI.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“APSDaemon”=“c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe
.
“EnableUIADesktopToggle”= 0 (0x0)
.
“aux”=wdmaud.drv
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
.
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.youtube.nl/
mStart Page = hxxp://www.shareware-ne.com/nl/index.php?rvs=hompag
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Read with DeskBot
TCP: DhcpNameServer = 62.179.104.196 213.46.228.196
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\sk7a1w3y.default\
FF - prefs.js: browser.startup.homepage - www.youtube.nl
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=111358&babsrc=KW_ss&mntrId=701527fb00000000000000225f47fbed&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111358
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 701527fb00000000000000225f47fbed
FF - user.js: extensions.BabylonToolbar_i.hardId - 701527fb00000000000000225f47fbed
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15439
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:48
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-27 20:11
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????6~^????P?V?x?V???V???V??
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
“datasecu”=hex:d2,59,b8,ae,28,36,d0,a5,22,40,7c,a1,55,a3,ea,3d,c1,3e,43,1a,08,
b7,a6,8d,56,62,ea,7b,33,02,71,c9,27,55,ec,c7,fc,9f,b7,77,4e,c1,e6,4a,09,c7,\
“rkeysecu”=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
“MSCurrentCountry”=dword:000000b5
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
Voltooingstijd: 2012-04-27 20:15:35
ComboFix-quarantined-files.txt 2012-04-27 18:15
ComboFix2.txt 2012-04-27 14:41
.
Pre-Run: 97.704.865.792 bytes beschikbaar
Post-Run: 97.671.155.712 bytes beschikbaar
.
- - End Of File - - 3D9F10747E01E47E1DD28ADDECD25CEC
Gr Ed.
fazantje

27-04-2012 20:34

Hoi Rudi,
Even voor de duidelijkheid,
Eduard is de vriend van mijn dochter en wil het zelf oplossen, met een klein beetje hulp van mij.
Dus ik heb voorgesteld om alles via het AV te doen en ook maar direct combo aangeraden;)
Hij zit 2 meter achter mij en druk met de scans
Dit is zo de beste leerweg;)
Groetjes Huib;)
eduard

27-04-2012 20:57

Hier het logje van TDSS en een nieuw hijackthis logje.
20:51:51.0673 5652 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
20:51:51.0674 5652 ============================================================
20:51:51.0674 5652 Current date / time: 2012/04/27 20:51:51.0674
20:51:51.0674 5652 SystemInfo:
20:51:51.0674 5652
20:51:51.0674 5652 OS Version: 6.0.6002 ServicePack: 2.0
20:51:51.0674 5652 Product type: Workstation
20:51:51.0675 5652 ComputerName: PC_VAN_SAM
20:51:51.0675 5652 UserName: Sam
20:51:51.0675 5652 Windows directory: C:\Windows
20:51:51.0675 5652 System windows directory: C:\Windows
20:51:51.0675 5652 Processor architecture: Intel x86
20:51:51.0675 5652 Number of processors: 2
20:51:51.0675 5652 Page size: 0x1000
20:51:51.0675 5652 Boot type: Normal boot
20:51:51.0675 5652 ============================================================
20:51:53.0008 5652 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000050
20:51:53.0011 5652 ============================================================
20:51:53.0011 5652 \Device\Harddisk0\DR0:
20:51:53.0011 5652 MBR partitions:
20:51:53.0011 5652 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x129C7800
20:51:53.0011 5652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12CB6000, BlocksNum 0x127782B0
20:51:53.0011 5652 ============================================================
20:51:53.0051 5652 C: <-> \Device\Harddisk0\DR0\Partition0
20:51:53.0089 5652 E: <-> \Device\Harddisk0\DR0\Partition1
20:51:53.0089 5652 ============================================================
20:51:53.0089 5652 Initialize success
20:51:53.0089 5652 ============================================================
20:51:53.0146 4368 ============================================================
20:51:53.0146 4368 Scan started
20:51:53.0146 4368 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
20:51:53.0146 4368 ============================================================
20:51:55.0973 4368 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:51:56.0353 4368 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:51:56.0565 4368 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:51:56.0867 4368 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:51:56.0903 4368 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:51:56.0963 4368 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:51:57.0173 4368 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:51:57.0319 4368 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:51:57.0512 4368 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
20:51:57.0701 4368 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
20:51:57.0996 4368 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:51:58.0082 4368 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:51:58.0185 4368 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:51:58.0445 4368 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:51:58.0556 4368 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:51:58.0699 4368 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:51:58.0910 4368 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:51:59.0144 4368 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:51:59.0308 4368 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:51:59.0940 4368 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:52:00.0044 4368 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:52:00.0096 4368 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:52:00.0211 4368 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
20:52:00.0413 4368 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
20:52:00.0515 4368 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
20:52:00.0615 4368 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
20:52:00.0851 4368 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
20:52:00.0964 4368 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
20:52:01.0052 4368 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:52:01.0149 4368 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:52:01.0253 4368 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:52:01.0282 4368 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:52:01.0561 4368 avast\Program Files\AVAST Software\Avast\AvastSvc.exe
20:52:01.0891 4368 AxAutoMntSrv (7692f4b242e45870873caf4cb85cf769) C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
20:52:02.0053 4368 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:52:02.0205 4368 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
20:52:02.0545 4368 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
20:52:02.0682 4368 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:52:02.0878 4368 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:52:03.0340 4368 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:52:03.0427 4368 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:52:03.0581 4368 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:52:03.0683 4368 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:52:03.0805 4368 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:52:03.0890 4368 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:52:04.0026 4368 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:52:04.0142 4368 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:52:04.0580 4368 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:52:05.0162 4368 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:52:05.0235 4368 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:52:05.0319 4368 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:52:05.0430 4368 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:52:05.0568 4368 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:52:05.0708 4368 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:52:05.0807 4368 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:52:05.0914 4368 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:52:05.0974 4368 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:52:06.0112 4368 ConfigFree Service (d10d01b2dfcd8d2f32a32ed29e8da1c2) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
20:52:06.0119 4368 ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
20:52:06.0119 4368 ConfigFree Service - detected UnsignedFile.Multi.Generic (1)
20:52:06.0146 4368 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:52:06.0190 4368 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:52:06.0271 4368 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
20:52:06.0364 4368 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:52:06.0440 4368 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:52:06.0652 4368 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:52:07.0149 4368 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:52:07.0283 4368 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:52:07.0340 4368 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
20:52:07.0424 4368 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:52:07.0543 4368 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:52:07.0636 4368 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:52:07.0743 4368 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:52:07.0838 4368 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:52:07.0928 4368 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:52:08.0037 4368 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:52:08.0135 4368 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
20:52:08.0216 4368 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
20:52:08.0277 4368 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
20:52:08.0406 4368 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:52:08.0507 4368 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:52:08.0623 4368 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:52:08.0731 4368 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:52:08.0852 4368 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:52:09.0017 4368 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:52:09.0131 4368 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:52:09.0266 4368 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:52:09.0348 4368 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:52:09.0614 4368 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:52:09.0758 4368 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:52:09.0829 4368 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:52:09.0957 4368 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:52:10.0086 4368 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
20:52:10.0400 4368 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:52:10.0517 4368 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
20:52:10.0541 4368 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
20:52:10.0542 4368 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
20:52:10.0587 4368 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
20:52:10.0702 4368 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
20:52:10.0867 4368 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:52:10.0952 4368 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:52:11.0091 4368 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:52:11.0415 4368 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:52:11.0645 4368 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:52:11.0851 4368 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:52:11.0987 4368 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:52:12.0099 4368 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:52:12.0228 4368 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
20:52:12.0334 4368 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:52:12.0466 4368 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:52:12.0569 4368 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:52:12.0637 4368 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:52:12.0757 4368 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:52:12.0847 4368 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:52:12.0941 4368 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
20:52:13.0045 4368 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:52:13.0280 4368 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:52:13.0290 4368 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:52:13.0290 4368 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:52:13.0582 4368 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:52:13.0937 4368 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:52:14.0485 4368 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:52:14.0640 4368 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:52:14.0887 4368 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
20:52:15.0357 4368 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:52:15.0408 4368 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:52:15.0535 4368 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:52:15.0686 4368 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:52:15.0868 4368 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
20:52:16.0003 4368 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:52:16.0212 4368 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:52:16.0305 4368 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:52:16.0408 4368 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:52:16.0498 4368 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:52:16.0570 4368 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:52:16.0619 4368 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:52:16.0733 4368 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:52:16.0802 4368 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:52:16.0912 4368 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:52:17.0005 4368 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
20:52:17.0144 4368 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:52:17.0320 4368 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
20:52:17.0450 4368 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:52:17.0645 4368 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:52:17.0756 4368 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:52:17.0886 4368 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:52:18.0243 4368 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:52:18.0291 4368 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:52:18.0353 4368 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:52:18.0419 4368 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:52:18.0561 4368 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
20:52:18.0655 4368 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:52:18.0712 4368 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:52:19.0104 4368 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:52:19.0203 4368 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:52:19.0403 4368 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:52:19.0530 4368 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:52:19.0624 4368 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:52:19.0695 4368 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:52:19.0816 4368 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:52:20.0033 4368 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:52:20.0122 4368 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:52:20.0169 4368 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:52:20.0302 4368 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
20:52:20.0436 4368 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:52:20.0529 4368 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:52:20.0636 4368 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:52:20.0741 4368 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:52:20.0841 4368 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:52:20.0925 4368 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
20:52:20.0971 4368 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:52:21.0069 4368 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:52:21.0209 4368 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:52:21.0392 4368 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:52:21.0481 4368 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:52:21.0603 4368 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:52:21.0674 4368 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:52:21.0749 4368 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:52:21.0878 4368 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:52:21.0958 4368 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:52:22.0069 4368 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:52:22.0160 4368 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:52:22.0298 4368 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:52:22.0428 4368 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:52:22.0561 4368 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:52:22.0650 4368 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:52:22.0736 4368 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:52:22.0826 4368 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:52:22.0905 4368 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:52:23.0013 4368 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll
20:52:23.0049 4368 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:52:23.0049 4368 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:52:23.0080 4368 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:52:23.0187 4368 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:52:23.0278 4368 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:52:23.0381 4368 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:52:23.0501 4368 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:52:23.0813 4368 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:52:23.0894 4368 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:52:24.0048 4368 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:52:24.0220 4368 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:52:24.0372 4368 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:52:24.0492 4368 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:52:24.0689 4368 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:52:24.0899 4368 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:52:25.0041 4368 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:52:25.0152 4368 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:52:25.0221 4368 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:52:25.0263 4368 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:52:25.0424 4368 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:52:25.0477 4368 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
20:52:25.0600 4368 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:52:25.0669 4368 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:52:25.0762 4368 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:52:25.0923 4368 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:52:26.0013 4368 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:52:26.0079 4368 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:52:26.0185 4368 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:52:26.0275 4368 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:52:26.0354 4368 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
20:52:26.0406 4368 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:52:26.0496 4368 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:52:26.0668 4368 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:52:26.0888 4368 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:52:26.0974 4368 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll
20:52:26.0981 4368 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:52:26.0981 4368 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:52:27.0059 4368 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:52:27.0125 4368 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:52:27.0247 4368 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:52:27.0427 4368 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:52:27.0511 4368 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:52:27.0601 4368 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:52:27.0679 4368 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:52:27.0737 4368 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:52:27.0834 4368 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
20:52:27.0955 4368 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:52:28.0048 4368 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:52:28.0120 4368 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:52:28.0207 4368 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:52:28.0278 4368 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:52:28.0348 4368 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:52:28.0454 4368 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:52:28.0555 4368 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:52:28.0639 4368 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:52:28.0709 4368 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:52:28.0785 4368 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:52:28.0876 4368 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:52:28.0981 4368 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:52:29.0029 4368 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:52:29.0119 4368 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
20:52:29.0226 4368 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:52:29.0311 4368 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:52:29.0429 4368 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:52:29.0535 4368 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:52:29.0699 4368 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:52:29.0808 4368 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
20:52:29.0935 4368 RTL8187B (b71d269b9ab5417963e986126c12b9fc) C:\Windows\system32\DRIVERS\RTL8187B.sys
20:52:30.0047 4368 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
20:52:30.0114 4368 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
20:52:30.0212 4368 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:52:30.0312 4368 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:52:30.0403 4368 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:52:30.0557 4368 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:52:30.0670 4368 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:52:30.0765 4368 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:52:30.0953 4368 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:52:31.0129 4368 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:52:31.0191 4368 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
20:52:31.0272 4368 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:52:31.0462 4368 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:52:31.0548 4368 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:52:31.0855 4368 ServiceLayer (9d38320bb32230349379df5ddbbf7fce) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
20:52:31.0933 4368 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
20:52:31.0933 4368 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
20:52:32.0016 4368 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:52:32.0143 4368 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:52:32.0204 4368 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:52:32.0322 4368 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:52:32.0466 4368 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:52:32.0658 4368 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:52:32.0760 4368 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:52:32.0827 4368 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:52:32.0892 4368 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:52:32.0994 4368 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:52:33.0485 4368 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:52:33.0873 4368 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:52:34.0108 4368 SmartFaceVWatchSrv (3566310df25ea5c3b2e9f50f5b50eac1) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
20:52:34.0162 4368 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - warning
20:52:34.0162 4368 SmartFaceVWatchSrv - detected UnsignedFile.Multi.Generic (1)
20:52:34.0233 4368 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:52:34.0354 4368 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:52:34.0433 4368 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:52:34.0508 4368 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:52:34.0649 4368 sptd (0022cfff1a41e5ce3a764050a7ddf22a) C:\Windows\System32\Drivers\sptd.sys
20:52:34.0726 4368 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:52:34.0835 4368 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:52:34.0918 4368 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:52:34.0988 4368 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:52:35.0089 4368 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:52:35.0410 4368 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
20:52:35.0484 4368 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
20:52:35.0484 4368 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
20:52:35.0519 4368 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
20:52:35.0778 4368 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:52:35.0860 4368 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:52:35.0921 4368 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:52:36.0012 4368 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:52:36.0071 4368 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:52:36.0137 4368 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:52:36.0215 4368 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
20:52:36.0342 4368 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:52:36.0475 4368 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:52:36.0610 4368 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:52:36.0677 4368 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:52:36.0832 4368 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
20:52:36.0914 4368 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
20:52:37.0100 4368 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:52:37.0224 4368 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
20:52:37.0301 4368 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:52:37.0333 4368 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:52:37.0396 4368 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:52:37.0572 4368 TempoMonitoringService (ce0b5d587839614a16480d7b8395ffe9) C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
20:52:37.0619 4368 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:52:37.0703 4368 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:52:37.0825 4368 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:52:37.0904 4368 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:52:38.0059 4368 TNaviSrv (89f74c86523f5e334628dbce66e6d165) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
20:52:38.0138 4368 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
20:52:38.0250 4368 TosCoSrv (da6903958cbdc091ffcbbca70ccff34c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
20:52:38.0357 4368 TOSHIBA SMART Log Service (dca621ce31ca604c762001883e385df8) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
20:52:38.0368 4368 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - warning
20:52:38.0368 4368 TOSHIBA SMART Log Service - detected UnsignedFile.Multi.Generic (1)
20:52:38.0440 4368 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
20:52:38.0529 4368 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:52:38.0693 4368 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:52:38.0774 4368 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:52:38.0864 4368 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:52:38.0970 4368 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:52:39.0057 4368 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
20:52:39.0099 4368 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:52:39.0192 4368 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:52:39.0323 4368 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:52:39.0444 4368 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
20:52:39.0454 4368 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
20:52:39.0454 4368 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
20:52:39.0500 4368 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:52:39.0562 4368 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:52:39.0589 4368 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:52:39.0626 4368 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:52:39.0664 4368 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:52:39.0798 4368 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:52:39.0890 4368 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
20:52:39.0986 4368 usbbus (8ef48ff1c23b1ce6f96d09a45959eb20) C:\Windows\system32\DRIVERS\lgusbbus.sys
20:52:40.0060 4368 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:52:40.0120 4368 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:52:40.0231 4368 UsbDiag (a0e24c5c2d0cff04bbd3753a72fae80b) C:\Windows\system32\DRIVERS\lgusbdiag.sys
20:52:40.0313 4368 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:52:40.0382 4368 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:52:40.0520 4368 USBModem (cc09a1132b1f6a8362107cc134e90d0b) C:\Windows\system32\DRIVERS\lgusbmodem.sys
20:52:40.0571 4368 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:52:40.0680 4368 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
20:52:40.0831 4368 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:52:40.0915 4368 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:52:41.0026 4368 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:52:41.0140 4368 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
20:52:41.0236 4368 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:52:41.0326 4368 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
20:52:41.0447 4368 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:52:41.0582 4368 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:52:41.0691 4368 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:52:41.0763 4368 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:52:41.0899 4368 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:52:41.0984 4368 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:52:42.0051 4368 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:52:42.0123 4368 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:52:42.0258 4368 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:52:42.0330 4368 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:52:42.0459 4368 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:52:42.0607 4368 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:52:42.0766 4368 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:52:42.0873 4368 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:52:42.0921 4368 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:52:43.0071 4368 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:52:43.0181 4368 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:52:43.0250 4368 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:52:43.0409 4368 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:52:43.0592 4368 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:52:43.0665 4368 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:52:43.0759 4368 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:52:43.0889 4368 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:52:44.0060 4368 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:52:44.0189 4368 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:52:44.0411 4368 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:52:44.0534 4368 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:52:44.0772 4368 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:52:45.0064 4368 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:52:45.0492 4368 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:52:45.0837 4368 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
20:52:45.0926 4368 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:52:46.0107 4368 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:52:46.0273 4368 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:52:46.0400 4368 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
20:52:46.0502 4368 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:52:46.0824 4368 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:52:46.0917 4368 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:52:47.0016 4368 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
20:52:47.0118 4368 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
20:52:47.0316 4368 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
20:52:47.0647 4368 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:52:47.0757 4368 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:52:47.0878 4368 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:52:48.0674 4368 Boot (0x1200) (3148f90429ed34b31e16f308bc82afb1) \Device\Harddisk0\DR0\Partition0
20:52:48.0713 4368 Boot (0x1200) (52314ab06e5eb48382d53c4816641d08) \Device\Harddisk0\DR0\Partition1
20:52:48.0716 4368 ============================================================
20:52:48.0716 4368 Scan finished
20:52:48.0716 4368 ============================================================
20:52:49.0312 6108 Deinitialize success
.
==============================================
System Restore Point Check:
.
TDSSKiller Starter Restore Point Created Succesfully
==============================================
Registry Export
.
==============================================
EOF
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:56:39, on 27-4-2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-ne.com/nl/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Sam\AppData\Roaming\Complitly\Complitly.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: NDSTray.exe
O4 - HKLM\..\Run: C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: “C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe” /start
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: “C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe” -automount
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User ‘Default user’)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: Accelerated graphics
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_Win32.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
–
End of file - 9761 bytes
Alvast bedankt.
Ed
Ben

27-04-2012 22:20

Hallo eduard,
Open een kladblok bestand. (Start>Alle programma’s>Bureau-accessoires>Kladblok),
kopieer en plak het volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenster:
Folder::
C:\Users\Sam\AppData\Roaming\Complitly
Firefox::
FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\sk7a1w3y.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL -
FF - prefs.js: browser.search.selectedEngine –
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111358
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 701527fb00000000000000225f47fbed
FF - user.js: extensions.BabylonToolbar_i.hardId - 701527fb00000000000000225f47fbed
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15439
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:48
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
DDS::
mStart Page = hxxp://www.shareware-ne.com/nl/index.php?rvs=hompag
Sla dit op op je Bureaublad als CFScript.txt.
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord samen met een nieuw HijackThis logje en vertel hoe het gaat.
Gr.Ben
Antivirusprikbord
rudi

27-04-2012 22:33

Okay…sorry…maar ik vond het nogal verrassend en was bang dat anderen het voorbeeld gingen volgen ( ondanks de waarschuwing daartegen in het sticky)

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

trage laptop

eduard

rudi

Jos H

Ben

eduard

eduard

fazantje

eduard

Ben

rudi