Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

HiJackThis log t.b.v Trojan.Agent/Gen

None
15 antwoorden
  • Goedemiddag

    Graag even deze log nazien van deze Trojan.Agent/Gen

    Deze trojan afgelopen maandag verwijderd via SuperAntiSpyware,
    maar is nu weer gevonden door S.A.Spyware in weer verwijderd.
    In deze progamma geeft het aan dat het om Babylon Toolbar gaat.
    Die heb ik verwijderd, maar wou toch eventjes de Hijackthis na laten kijken + de Mbam file.
    Daar scan ik elke zondag mee (tis een gekochte versie).

    Hierbij het Hijackthis logje

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 14:45:45, on 17-4-2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
    C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
    C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Corel\Standby\Standby.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weerdirect.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=840c1946000000000000002618ba36e7&tlver=1.4.19.19&ss=1&affID=17980
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O4 - HKLM\..\Run: [Standby] "c:\Program Files\Common Files\Corel\Standby\Standby.exe" -START
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
    O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
    O4 - HKCU\..\Run: [EPSON SX125 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE /FU "C:\Windows\TEMP\E_SB183.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Toevoegen aan Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
    O9 - Extra button: &Virtueel Toetsenbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
    O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
    O9 - Extra button: C&ontrole van URL's - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files
    vidia corporation
    etworkaccessmanager\bin32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files
    vidia corporation
    etworkaccessmanager\bin32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files
    vidia corporation
    etworkaccessmanager\bin32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files
    vidia corporation
    etworkaccessmanager\bin32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files
    vidia corporation
    etworkaccessmanager\bin32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files
    vidia corporation
    etworkaccessmanager\bin32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files
    vidia corporation
    etworkaccessmanager\bin32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files
    vidia corporation
    etworkaccessmanager\bin32
    vlsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    O23 - Service: Kaspersky Anti-Virus-service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32
    SvcAppFlt.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32
    SvcIp.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
    vvsvc.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32
    vSCPAPISvr.exe


    End of file - 8880 bytes


    En hierbij nog een Mbam log


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Databaseversie: 6383

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    17-4-2011 14:51:59
    mbam-log-2011-04-17 (14-51-59).txt

    Scantype: Snelle scan
    Objecten gescand: 153329
    Verstreken tijd: 4 minuut/minuten, 21 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)


    Alvast bedankt voor u tijd die u er in steekt.



























  • Hallo ks, sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:1bae7cef37]Fix checked[/b:1bae7cef37] klikt!


    Start nu HijackThis middels rechtsklik met Administratorrechten en klik op de knop [b:1bae7cef37]Do a Scan only,

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=840c1946000000000 000002618ba36e7&tlver=1.4.19.19&ss=1&affID=17980
    O10 - Unknown file in Winsock LSP: c:\program files
    vidia corporation
    etworkaccessmanager\bin32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files
    vidia corporation
    etworkaccessmanager\bin32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files
    vidia corporation
    etworkaccessmanager\bin32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files
    vidia corporation
    etworkaccessmanager\bin32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files
    vidia corporation
    etworkaccessmanager\bin32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files
    vidia corporation
    etworkaccessmanager\bin32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files
    vidia corporation
    etworkaccessmanager\bin32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files
    vidia corporation
    etworkaccessmanager\bin32
    vlsp.dll
    O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32
    SvcIp.exe[/b:1bae7cef37]

    [list:1bae7cef37][*:1bae7cef37] zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen
    [*:1bae7cef37] Sluit nu de webbrowser en vervolgens klik je daarna op de knop [b:1bae7cef37]Fix checked[/b:1bae7cef37]
    [*:1bae7cef37] Klik hierna HijackThis op uit.[/list:u:1bae7cef37]
    [b:1bae7cef37] Start de computer na de fix opnieuw op[/b:1bae7cef37]

    Na nieuw opgestart te zijn ga je naar [b:1bae7cef37]Configuratiescherm\Programma's en onderdelen[/b:1bae7cef37] en daar verwijder je dan

    [b:1bae7cef37]NVIDIA Corporation\NetworkAccessManager[/b:1bae7cef37]

    Dit is gewoon een buggy firewall die niets inWindows heeft te zoeken!


    Doe daarna het volgende:

    [b:1bae7cef37]Welk programma[/b:1bae7cef37]: ComboFix
    [b:1bae7cef37]Waarvoor/waarom[/b:1bae7cef37]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:1bae7cef37]Moeilijkheidsgraad[/b:1bae7cef37]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:1bae7cef37]Downloadlokatie[/b:1bae7cef37]: Dit programma absoluut naar het bureaublad downloaden!
    [b:1bae7cef37]Download ComboFix via één van deze locaties[/b:1bae7cef37]:
    [list:1bae7cef37][*:1bae7cef37][b:1bae7cef37]Bleepingcomputer[/b:1bae7cef37]
    [*:1bae7cef37][b:1bae7cef37]ForoSpyware[/b:1bae7cef37]
    [*:1bae7cef37][b:1bae7cef37]Geekstogo[/b:1bae7cef37][/list:u:1bae7cef37]
    [b:1bae7cef37]Hier[/b:1bae7cef37] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:1bae7cef37]Hier[/b:1bae7cef37] en [b:1bae7cef37]hier[/b:1bae7cef37] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:1bae7cef37]Voor alle duidelijkheid nogmaals[/b:1bae7cef37]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:1bae7cef37]Opmerkingen[/b:1bae7cef37]:
    [list:1bae7cef37][*:1bae7cef37] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:1bae7cef37]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:1bae7cef37]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:1bae7cef37]
    [b:1bae7cef37]ComboFix is opgestart[/b:1bae7cef37]:
    [list:1bae7cef37][*:1bae7cef37]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:1bae7cef37]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:1bae7cef37]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:1bae7cef37]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:1bae7cef37]Post de inhoud van dit logbestand in je volgende bericht.
    [*:1bae7cef37]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:1bae7cef37]
    [b:1bae7cef37]Belangrijke opmerking[/b:1bae7cef37]:
    [list:1bae7cef37][*:1bae7cef37][b:1bae7cef37]
























  • Hoi

    Bedankt voor de snelle reactie.

    Hier komt de ComboFix log

    ComboFix 11-04-16.03 - Gebruiker 17-04-2011 20:20:00.1.4 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.1872 [GMT 2:00]
    Gestart vanuit: c:\users\Gebruiker\Downloads\ComboFix.exe
    AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system\oeminfo.ini
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-03-17 to 2011-04-17 ))))))))))))))))))))))))))))))
    .
    .
    2011-04-17 13:21 . 2011-04-17 13:21 ——– d—–w- c:\users\Gebruiker\AppData\Local\{83EF7036-8DDA-4A6C-AF57-450838D92576}
    2011-04-17 13:06 . 2011-04-17 13:06 ——– d—–w- c:\users\Gebruiker\AppData\Local\{5F08C7F3-8B10-41E6-9294-8C147FAD7405}
    2011-04-17 11:59 . 2011-04-17 11:59 ——– d—–w- c:\users\Gebruiker\AppData\Local\{F46F04C4-C476-419E-A7AC-7D635007DFD5}
    2011-04-16 20:01 . 2011-04-16 20:02 ——– d—–w- c:\users\Gebruiker\AppData\Local\{41C09CFC-815F-46F0-8751-8C8A845A128B}
    2011-04-16 19:53 . 2011-02-23 04:48 311808 —-a-w- c:\windows\system32\drivers\srv.sys
    2011-04-16 19:53 . 2011-02-23 04:48 310272 —-a-w- c:\windows\system32\drivers\srv2.sys
    2011-04-16 19:53 . 2011-02-23 04:47 114176 —-a-w- c:\windows\system32\drivers\srvnet.sys
    2011-04-16 19:53 . 2011-03-03 05:38 132608 —-a-w- c:\windows\system32\dnsrslvr.dll
    2011-04-16 19:53 . 2011-03-03 05:36 28672 —-a-w- c:\windows\system32\dnscacheugc.exe
    2011-04-16 19:53 . 2011-02-19 06:30 34304 —-a-w- c:\windows\system32\atmlib.dll
    2011-04-16 19:53 . 2011-02-19 04:34 294912 —-a-w- c:\windows\system32\atmfd.dll
    2011-04-16 19:53 . 2011-03-03 03:42 2333184 —-a-w- c:\windows\system32\win32k.sys
    2011-04-16 19:52 . 2011-02-12 05:35 191488 —-a-w- c:\windows\system32\FXSCOVER.exe
    2011-04-16 19:52 . 2011-02-24 05:38 288256 —-a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-04-16 19:52 . 2011-03-08 05:28 741376 —-a-w- c:\windows\system32\inetcomm.dll
    2011-04-16 19:52 . 2011-03-11 05:33 1164288 —-a-w- c:\windows\system32\mfc42u.dll
    2011-04-16 19:52 . 2011-03-11 05:33 1137664 —-a-w- c:\windows\system32\mfc42.dll
    2011-04-16 19:52 . 2011-02-23 04:47 223232 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-04-16 19:52 . 2011-02-23 04:47 96768 —-a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-04-16 19:52 . 2011-02-23 04:47 123904 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-16 19:52 . 2011-02-23 04:47 69632 —-a-w- c:\windows\system32\drivers\bowser.sys
    2011-04-16 17:27 . 2011-04-16 17:27 ——– d—–w- c:\users\Gebruiker\AppData\Local\{D01728E6-04A9-41D3-803A-FA2DBB6A622C}
    2011-04-14 17:57 . 2011-04-14 17:58 ——– d—–w- c:\users\Gebruiker\AppData\Local\{4ADB3040-C001-4C77-8A67-7F62E0EBE418}
    2011-04-13 18:12 . 2011-04-13 18:12 ——– d—–w- c:\users\Gebruiker\AppData\Local\{4E54D955-CEC3-4ADE-B701-FB8B73BD5038}
    2011-04-12 17:50 . 2011-04-12 17:50 ——– d—–w- c:\users\Gebruiker\AppData\Local\{479DFDFD-7008-4EE5-B076-C2B0B3EA2C27}
    2011-04-11 17:08 . 2011-04-11 17:08 ——– d—–w- c:\users\Gebruiker\AppData\Local\{4E39F4F3-C7DF-45A5-B43C-FFC65ABF4E0D}
    2011-04-10 10:18 . 2011-04-10 10:18 ——– d—–w- c:\users\Gebruiker\AppData\Local\{6B689239-FD46-42F8-9C71-BF7DE92E5A40}
    2011-04-09 22:17 . 2011-04-09 22:18 ——– d—–w- c:\users\Gebruiker\AppData\Local\{7D61CFCF-6F9E-4D83-BBC9-F96A649CFC5A}
    2011-04-08 18:38 . 2011-04-08 18:38 ——– d—–w- c:\users\Gebruiker\AppData\Local\{A99956D1-4E14-4C0B-B72B-7175ECE17980}
    2011-04-07 18:28 . 2011-04-07 18:28 ——– d—–w- c:\users\Gebruiker\AppData\Local\{7D3EB8F3-1267-4B0B-B7AF-8E6BAE4684BE}
    2011-04-06 18:59 . 2011-04-06 18:59 ——– d—–w- c:\users\Gebruiker\AppData\Local\{CA00604A-A638-4027-8CB4-6ED2A5F914C5}
    2011-04-05 18:31 . 2011-04-05 18:31 ——– d—–w- c:\users\Gebruiker\AppData\Local\{E5FF304E-38D2-46B6-B74D-575A8C9C8EAF}
    2011-04-04 18:17 . 2011-04-04 18:17 ——– d—–w- c:\users\Gebruiker\AppData\Local\{8F8CC046-243E-4B7E-B83C-0782E0DDDADC}
    2011-04-03 14:24 . 2011-04-03 14:24 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\SUPERAntiSpyware.com
    2011-04-03 14:23 . 2011-04-03 14:24 ——– d—–w- c:\program files\SUPERAntiSpyware
    2011-04-03 09:44 . 2011-04-03 09:45 ——– d—–w- c:\users\Gebruiker\AppData\Local\{9B350036-E91C-4E0E-A05B-1BAC3044FC99}
    2011-04-01 11:59 . 2011-04-01 12:00 ——– d—–w- c:\users\Gebruiker\AppData\Local\{3739FA63-ADE8-409A-BEAB-C64B9CB0A358}
    2011-03-31 17:25 . 2011-03-31 17:25 ——– d—–w- c:\users\Gebruiker\AppData\Local\{0CFCCD7E-BF25-471E-9CB8-894E273D5154}
    2011-03-30 17:34 . 2011-03-30 17:35 ——– d—–w- c:\users\Gebruiker\AppData\Local\{8B1E98EA-BF48-4CD9-B12B-36DC045088F4}
    2011-03-24 20:44 . 2011-03-24 20:44 ——– d—–w- c:\program files\Common Files\Adobe
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-11 18:33 . 2010-02-09 15:14 5852 –sha-w- c:\programdata\KGyGaAvL.sys
    2011-03-09 19:35 . 2010-06-24 09:33 18328 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-02-26 10:07 . 2009-07-14 02:05 152576 —-a-w- c:\windows\system32\msclmd.dll
    2011-02-20 15:48 . 2011-02-20 15:48 1784832 —-a-w- c:\windows\system32\iertutil.dll_old0
    2011-02-20 15:48 . 2011-02-20 15:48 1125376 —-a-w- c:\windows\system32\wininet.dll_old0
    2011-02-20 15:48 . 2011-02-20 15:48 1098240 —-a-w- c:\windows\system32\urlmon.dll_old0
    2011-02-19 06:30 . 2011-03-09 19:39 805376 —-a-w- c:\windows\system32\FntCache.dll
    2011-02-19 06:30 . 2011-03-09 19:39 1076736 —-a-w- c:\windows\system32\DWrite.dll
    2011-02-19 06:30 . 2011-03-09 19:39 739840 —-a-w- c:\windows\system32\d2d1.dll
    2011-02-03 05:54 . 2011-02-10 19:28 219008 —-a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-02-02 20:40 . 2010-05-08 23:30 472808 —-a-w- c:\windows\system32\deployJava1.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2010-06-27 526992]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-01-07 105632]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 1486848]
    "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\LBTWlgn]
    2009-07-20 11:28 72208 —-a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2011-03-16 22:24 2423752 —-a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 136176]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-29 1343400]
    S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
    S1 qtsmon;qtsmon;c:\windows\system32\drivers\qtsmon.sys [2010-12-05 72488]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
    S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32
    vSCPAPISvr.exe [2009-07-08 239648]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers
    vhda32v.sys [2010-12-21 123496]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-08-17 1077760]
    .
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-04-17 c:\windows\Tasks\DriverScanner.job
    - c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-04-09 11:30]
    .
    2011-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 18:20]
    .
    2011-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 18:20]
    .
    2011-04-17 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
    .
    2011-01-23 c:\windows\Tasks\ParetoLogic Update Version3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
    .
    2011-01-23 c:\windows\Tasks\PC Health Advisor Defrag.job
    - c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
    .
    2011-01-23 c:\windows\Tasks\PC Health Advisor.job
    - c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
    .
    2011-04-17 c:\windows\Tasks\SpeedUpMyPC.job
    - c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-01-16 13:54]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.weerdirect.nl/
    IE: Toevoegen aan Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
    FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\4dtnux64.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.weerdirect.nl/
    FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
    FF - prefs.js: network.proxy.type - 1
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Toolbar-Locked - (no file)
    WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
    ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)
    MSConfigStartUp-HyvesDesktop - c:\progra~1\HYVESD~1\bin\HYVESD~1.EXE
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20182402-24ED-DBEE-0C047CC941A92C12}\{18337038-91FA-1511-718667CAE01F35A0}\{7E9CBDE1-C583-B4C7-27A5326796C918BF}*]
    "UVGVJYB6UQSPF6JR6UE1ONOSMA1"=hex:01,00,01,00,00,00,00,00,3c,a7,2e,28,c9,e8,26,
    60,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E20DD46F-0CC4-5960-1B1F69E13D145F9C}\{B130274E-D0E8-282B-E7F07B1EE1210709}\{71D795F0-66AF-00D6-EF71DCAC5CDD95C3}*]
    "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,ba,93,b4,
    48,97,f2,a9,9c,75,bc,f0,93,ac,98,e4,60,71,28,20,2a,8e,f3,66,89,de,ef,5f,0f,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDCF6AC6-CDE0-1F6D-043771A983FAB740}\{0B884C8F-0AAB-F925-A63B97C7F3A43931}\{965D33BD-6599-2D1D-7E8A152D666CAEE5}*]
    "UVGVJYB6UQSPF6JR6UE1ONOSMA1"=hex:01,00,01,00,00,00,00,00,3c,a7,2e,28,c9,e8,26,
    60,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F64D8EBD-3DAE-BD3C-0991ACE292CAB5ED}\{17BB8CA8-D706-1AC7-CFA17C6657F849D4}\{8429EDDF-869B-0FCF-6695830B33322B0A}*]
    "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,ba,93,b4,
    48,97,f2,a9,9c,75,bc,f0,93,ac,98,e4,60,71,28,20,2a,8e,f3,66,89,de,ef,5f,0f,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2011-04-17 20:26:04
    ComboFix-quarantined-files.txt 2011-04-17 18:26
    .
    Pre-Run: 116.258.746.368 bytes beschikbaar
    Post-Run: 115.722.686.464 bytes beschikbaar
    .
    - - End Of File - - A01820F56E9482A609E9ACD81C69072D


    Ook nog ff een Hijackthis log


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:32:21, on 17-4-2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
    C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
    C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    C:\Windows\explorer.exe
    C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe
    C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Common Files\Corel\Standby\Standby.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weerdirect.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O4 - HKLM\..\Run: [Standby] "c:\Program Files\Common Files\Corel\Standby\Standby.exe" -START
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
    O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    O8 - Extra context menu item: Toevoegen aan Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
    O9 - Extra button: &Virtueel Toetsenbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
    O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
    O9 - Extra button: C&ontrole van URL's - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    O23 - Service: Kaspersky Anti-Virus-service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
    vvsvc.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32
    vSCPAPISvr.exe


    End of file - 6633 bytes




  • Hoi Klaas, vindt SAS nog steeds die trojan?
  • Hoi Abraham

    Nadat ik die babylon toolbar heb verwijderd, ook in mijn register.
    Heb ik vanavond 1 keer gescand met SAS.En alleen maar 1 cokies gevonden.

    Maar ik zal hem nu nog eens scannen met SAS.

    Dan hoor je het straks nog wel eventjes.
  • Hoi

    Heb net gescand met SAS , alleen 1 tracking cokie gevonden.

    Geen trojan meer gevonden.

    Dus ik ga er van uit nu dat het goed is, en hartelijk bedankt voor het verwijderen van het andere rommel.

    Maar nu heb ik nog ff een vraag over die Trojan.Agent/Gen.

    Hoe komt het eigelijk dat Mbam hem niet vond, want die draait constant mee
    als de computer aanstaat.
    En SAS moet ik dan activeren, en dat doe ik meestal zondags een scan mee.
    Want die draait niet constant mee.
  • Dat is een goede vraag, waar ik geen antwoord op heb!
    Zie ook: http://www.superantispyware.com/malwarefiles/MBAM.EXE.html

    En doe voor de zekerheid nog volgende:

    [b:4dd2e59632]Welk programma[/b:4dd2e59632]: Kaspersky [b:4dd2e59632]TDSSKiller[/b:4dd2e59632]
    [b:4dd2e59632]Waarvoor/waarom[/b:4dd2e59632]: Rootkitscanner
    [b:4dd2e59632]Moeilijkheidsgraad[/b:4dd2e59632]: geen
    [b:4dd2e59632]Downloadlokatie[/b:4dd2e59632]: Dit programma absoluut naar het bureaublad downloaden!
    [b:4dd2e59632]Download[/b:4dd2e59632] [b:4dd2e59632]TDSSKiller[/b:4dd2e59632] [b:4dd2e59632]hier[/b:4dd2e59632].

    [b:4dd2e59632]Installatie[/b:4dd2e59632]:
    [list:4dd2e59632][*:4dd2e59632] pak het bestand uit op je bureaublad.[/list:u:4dd2e59632]

    [b:4dd2e59632]TDSSKiller gebruiken[/b:4dd2e59632]:
    [list:4dd2e59632][*:4dd2e59632]Windows 2000 en Windows XP: start TDSSKiller middels dubbelklik op TDSSKiller.exe.
    [*:4dd2e59632]Windows Vista en Windows 7: start TDSSKiller middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:4dd2e59632]Als Administrator uitvoeren[/b:4dd2e59632].
    [*:4dd2e59632] Nadat de scan klaar is, vindt je het log in de C:\ partitie
    [*:4dd2e59632] Post de inhoud van dat log[/list:u:4dd2e59632]
  • Hoi

    Hierbij de TSSKiller Log

    2011/04/17 22:53:04.0727 5108 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/04/17 22:53:05.0101 5108 ================================================================================
    2011/04/17 22:53:05.0101 5108 SystemInfo:
    2011/04/17 22:53:05.0101 5108
    2011/04/17 22:53:05.0101 5108 OS Version: 6.1.7601 ServicePack: 1.0
    2011/04/17 22:53:05.0101 5108 Product type: Workstation
    2011/04/17 22:53:05.0101 5108 ComputerName: XIIT-X
    2011/04/17 22:53:05.0101 5108 UserName: Gebruiker
    2011/04/17 22:53:05.0101 5108 Windows directory: C:\Windows
    2011/04/17 22:53:05.0101 5108 System windows directory: C:\Windows
    2011/04/17 22:53:05.0101 5108 Processor architecture: Intel x86
    2011/04/17 22:53:05.0101 5108 Number of processors: 4
    2011/04/17 22:53:05.0101 5108 Page size: 0x1000
    2011/04/17 22:53:05.0101 5108 Boot type: Normal boot
    2011/04/17 22:53:05.0101 5108 ================================================================================
    2011/04/17 22:53:05.0710 5108 Initialize success
    2011/04/17 22:53:15.0460 5448 ================================================================================
    2011/04/17 22:53:15.0460 5448 Scan started
    2011/04/17 22:53:15.0460 5448 Mode: Manual;
    2011/04/17 22:53:15.0460 5448 ================================================================================
    2011/04/17 22:53:17.0722 5448 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    2011/04/17 22:53:17.0862 5448 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    2011/04/17 22:53:17.0940 5448 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    2011/04/17 22:53:18.0081 5448 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/04/17 22:53:18.0127 5448 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/04/17 22:53:18.0159 5448 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/04/17 22:53:18.0237 5448 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
    2011/04/17 22:53:18.0315 5448 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    2011/04/17 22:53:18.0393 5448 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/04/17 22:53:18.0471 5448 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    2011/04/17 22:53:18.0502 5448 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    2011/04/17 22:53:18.0533 5448 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    2011/04/17 22:53:18.0595 5448 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/04/17 22:53:18.0642 5448 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/04/17 22:53:18.0689 5448 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
    2011/04/17 22:53:18.0751 5448 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/04/17 22:53:18.0783 5448 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
    2011/04/17 22:53:18.0845 5448 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    2011/04/17 22:53:18.0939 5448 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/04/17 22:53:18.0970 5448 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/04/17 22:53:19.0001 5448 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/04/17 22:53:19.0048 5448 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    2011/04/17 22:53:19.0141 5448 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/04/17 22:53:19.0235 5448 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/04/17 22:53:19.0297 5448 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/04/17 22:53:19.0344 5448 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/04/17 22:53:19.0485 5448 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    2011/04/17 22:53:19.0531 5448 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/04/17 22:53:19.0578 5448 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/04/17 22:53:19.0609 5448 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/04/17 22:53:19.0641 5448 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/04/17 22:53:19.0672 5448 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/04/17 22:53:19.0703 5448 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/04/17 22:53:19.0734 5448 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/04/17 22:53:19.0953 5448 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/04/17 22:53:20.0046 5448 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
    2011/04/17 22:53:20.0109 5448 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/04/17 22:53:20.0155 5448 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/04/17 22:53:20.0218 5448 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/04/17 22:53:20.0265 5448 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    2011/04/17 22:53:20.0296 5448 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/04/17 22:53:20.0327 5448 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/04/17 22:53:20.0405 5448 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    2011/04/17 22:53:20.0436 5448 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/04/17 22:53:20.0514 5448 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    2011/04/17 22:53:20.0561 5448 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/04/17 22:53:20.0608 5448 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/04/17 22:53:20.0670 5448 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/04/17 22:53:20.0733 5448 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/04/17 22:53:20.0889 5448 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/04/17 22:53:20.0998 5448 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/04/17 22:53:21.0045 5448 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    2011/04/17 22:53:21.0091 5448 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/04/17 22:53:21.0169 5448 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/04/17 22:53:21.0216 5448 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/04/17 22:53:21.0263 5448 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/04/17 22:53:21.0294 5448 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/04/17 22:53:21.0372 5448 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/04/17 22:53:21.0403 5448 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/04/17 22:53:21.0435 5448 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/04/17 22:53:21.0466 5448 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/04/17 22:53:21.0513 5448 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/04/17 22:53:21.0575 5448 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/04/17 22:53:21.0653 5448 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/04/17 22:53:21.0715 5448 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    2011/04/17 22:53:21.0793 5448 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    2011/04/17 22:53:21.0856 5448 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/04/17 22:53:21.0887 5448 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/04/17 22:53:21.0918 5448 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/04/17 22:53:21.0996 5448 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
    2011/04/17 22:53:22.0090 5448 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    2011/04/17 22:53:22.0199 5448 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    2011/04/17 22:53:22.0261 5448 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    2011/04/17 22:53:22.0293 5448 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
    2011/04/17 22:53:22.0371 5448 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
    2011/04/17 22:53:22.0402 5448 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/04/17 22:53:22.0464 5448 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    2011/04/17 22:53:22.0511 5448 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/04/17 22:53:22.0542 5448 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/04/17 22:53:22.0589 5448 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    2011/04/17 22:53:22.0651 5448 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/04/17 22:53:22.0714 5448 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/04/17 22:53:22.0761 5448 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    2011/04/17 22:53:22.0823 5448 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    2011/04/17 22:53:22.0901 5448 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
    2011/04/17 22:53:22.0917 5448 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
    2011/04/17 22:53:22.0995 5448 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\Windows\system32\DRIVERS\kl1.sys
    2011/04/17 22:53:23.0073 5448 kl2 (713576569667ac9e0f8556076004a96b) C:\Windows\system32\DRIVERS\kl2.sys
    2011/04/17 22:53:23.0151 5448 KLIF (39920d69eaedb51757527aa54fe25216) C:\Windows\system32\DRIVERS\klif.sys
    2011/04/17 22:53:23.0213 5448 KLIM6 (cf88b4985d957eee45c9939092e87c92) C:\Windows\system32\DRIVERS\klim6.sys
    2011/04/17 22:53:23.0291 5448 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
    2011/04/17 22:53:23.0369 5448 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
    2011/04/17 22:53:23.0431 5448 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/04/17 22:53:23.0509 5448 L8042Kbd (d88846f9f4f27ae9be584a6e5b6b8753) C:\Windows\system32\DRIVERS\L8042Kbd.sys
    2011/04/17 22:53:23.0603 5448 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    2011/04/17 22:53:23.0665 5448 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/04/17 22:53:23.0712 5448 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    2011/04/17 22:53:23.0743 5448 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/04/17 22:53:23.0775 5448 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/04/17 22:53:23.0790 5448 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/04/17 22:53:23.0821 5448 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/04/17 22:53:23.0853 5448 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/04/17 22:53:23.0884 5448 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\Windows\system32\Drivers\LUsbFilt.Sys
    2011/04/17 22:53:23.0962 5448 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\Windows\system32\drivers\mbam.sys
    2011/04/17 22:53:24.0055 5448 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/04/17 22:53:24.0102 5448 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/04/17 22:53:24.0133 5448 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/04/17 22:53:24.0165 5448 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/04/17 22:53:24.0227 5448 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
    2011/04/17 22:53:24.0289 5448 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/04/17 22:53:24.0383 5448 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    2011/04/17 22:53:24.0445 5448 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    2011/04/17 22:53:24.0523 5448 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/04/17 22:53:24.0586 5448 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    2011/04/17 22:53:24.0664 5448 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/04/17 22:53:24.0726 5448 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/04/17 22:53:24.0804 5448 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/04/17 22:53:24.0867 5448 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    2011/04/17 22:53:24.0913 5448 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    2011/04/17 22:53:24.0991 5448 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/04/17 22:53:25.0038 5448 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/04/17 22:53:25.0069 5448 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    2011/04/17 22:53:25.0116 5448 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/04/17 22:53:25.0132 5448 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/04/17 22:53:25.0163 5448 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/04/17 22:53:25.0194 5448 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/04/17 22:53:25.0257 5448 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    2011/04/17 22:53:25.0288 5448 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/04/17 22:53:25.0319 5448 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/04/17 22:53:25.0366 5448 MTsensor (0f24624106d8042e7f27882d9d6ff5c0) C:\Windows\system32\DRIVERS\ASACPI.sys
    2011/04/17 22:53:25.0413 5448 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/04/17 22:53:25.0475 5448 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS
    wifi.sys
    2011/04/17 22:53:25.0537 5448 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers
    dis.sys
    2011/04/17 22:53:25.0584 5448 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS
    discap.sys
    2011/04/17 22:53:25.0615 5448 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS
    distapi.sys
    2011/04/17 22:53:25.0678 5448 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS
    disuio.sys
    2011/04/17 22:53:25.0756 5448 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS
    diswan.sys
    2011/04/17 22:53:25.0818 5448 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    2011/04/17 22:53:25.0849 5448 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS
    etbios.sys
    2011/04/17 22:53:25.0927 5448 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS
    etbt.sys
    2011/04/17 22:53:25.0990 5448 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS
    frd960.sys
    2011/04/17 22:53:26.0052 5448 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/04/17 22:53:26.0083 5448 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers
    siproxy.sys
    2011/04/17 22:53:26.0161 5448 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
    2011/04/17 22:53:26.0239 5448 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/04/17 22:53:26.0286 5448 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS
    vm62x32.sys
    2011/04/17 22:53:26.0364 5448 NVHDA (0e40ef12bc029ff8b13043f157452c47) C:\Windows\system32\drivers
    vhda32v.sys
    2011/04/17 22:53:26.0614 5448 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS
    vlddmkm.sys
    2011/04/17 22:53:26.0817 5448 NVNET (1de923088878b495cd4219e47ba34eb8) C:\Windows\system32\DRIVERS
    vmf6232.sys
    2011/04/17 22:53:26.0879 5448 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers
    vraid.sys
    2011/04/17 22:53:26.0973 5448 nvsmu (f13618f0cb1e95232f4c2401592a59e9) C:\Windows\system32\DRIVERS
    vsmu.sys
    2011/04/17 22:53:27.0019 5448 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers
    vstor.sys
    2011/04/17 22:53:27.0051 5448 nvstor32 (032ef66dd96692ad3a9d36160f467f67) C:\Windows\system32\DRIVERS
    vstor32.sys
    2011/04/17 22:53:27.0113 5448 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers
    v_agp.sys
    2011/04/17 22:53:27.0175 5448 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    2011/04/17 22:53:27.0253 5448 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/04/17 22:53:27.0347 5448 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
    2011/04/17 22:53:27.0378 5448 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/04/17 22:53:27.0456 5448 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    2011/04/17 22:53:27.0519 5448 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    2011/04/17 22:53:27.0550 5448 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/04/17 22:53:27.0581 5448 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/04/17 22:53:27.0612 5448 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/04/17 22:53:27.0690 5448 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/04/17 22:53:27.0737 5448 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/04/17 22:53:27.0784 5448 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/04/17 22:53:27.0846 5448 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/04/17 22:53:27.0909 5448 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/04/17 22:53:27.0987 5448 qtsmon (c9e96ed9df5b260806f6ec041662bf0f) C:\Windows\system32\drivers\qtsmon.sys
    2011/04/17 22:53:28.0049 5448 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/04/17 22:53:28.0080 5448 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/04/17 22:53:28.0143 5448 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/04/17 22:53:28.0174 5448 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/04/17 22:53:28.0221 5448 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/04/17 22:53:28.0267 5448 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/04/17 22:53:28.0345 5448 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/04/17 22:53:28.0377 5448 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/04/17 22:53:28.0423 5448 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/04/17 22:53:28.0470 5448 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/04/17 22:53:28.0501 5448 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/04/17 22:53:28.0564 5448 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
    2011/04/17 22:53:28.0642 5448 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    2011/04/17 22:53:28.0751 5448 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/04/17 22:53:28.0891 5448 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    2011/04/17 22:53:28.0954 5448 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    2011/04/17 22:53:29.0047 5448 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    2011/04/17 22:53:29.0125 5448 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/04/17 22:53:29.0188 5448 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/04/17 22:53:29.0235 5448 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/04/17 22:53:29.0266 5448 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/04/17 22:53:29.0313 5448 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/04/17 22:53:29.0391 5448 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    2011/04/17 22:53:29.0422 5448 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/04/17 22:53:29.0453 5448 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    2011/04/17 22:53:29.0484 5448 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/04/17 22:53:29.0562 5448 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    2011/04/17 22:53:29.0609 5448 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/04/17 22:53:29.0671 5448 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/04/17 22:53:29.0703 5448 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/04/17 22:53:29.0781 5448 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/04/17 22:53:29.0843 5448 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys
    2011/04/17 22:53:29.0905 5448 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys
    2011/04/17 22:53:29.0968 5448 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/04/17 22:53:30.0061 5448 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/04/17 22:53:30.0124 5448 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    2011/04/17 22:53:30.0249 5448 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
    2011/04/17 22:53:30.0514 5448 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/04/17 22:53:30.0592 5448 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    2011/04/17 22:53:30.0654 5448 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    2011/04/17 22:53:30.0685 5448 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
    2011/04/17 22:53:30.0732 5448 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    2011/04/17 22:53:30.0795 5448 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    2011/04/17 22:53:30.0888 5448 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/04/17 22:53:30.0982 5448 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    2011/04/17 22:53:31.0075 5448 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/04/17 22:53:31.0122 5448 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/04/17 22:53:31.0169 5448 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    2011/04/17 22:53:31.0278 5448 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    2011/04/17 22:53:31.0356 5448 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
    2011/04/17 22:53:31.0419 5448 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/04/17 22:53:31.0497 5448 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
    2011/04/17 22:53:31.0512 5448 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    2011/04/17 22:53:31.0543 5448 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/04/17 22:53:31.0575 5448 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
    2011/04/17 22:53:31.0606 5448 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/04/17 22:53:31.0653 5448 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/04/17 22:53:31.0715 5448 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/04/17 22:53:31.0777 5448 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\drivers\USBSTOR.SYS
    2011/04/17 22:53:31.0840 5448 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/04/17 22:53:31.0887 5448 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    2011/04/17 22:53:31.0933 5448 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/04/17 22:53:31.0965 5448 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/04/17 22:53:32.0027 5448 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    2011/04/17 22:53:32.0105 5448 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    2011/04/17 22:53:32.0136 5448 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/04/17 22:53:32.0214 5448 VIAHdAudAddService (4906e025dd6b322c4bbd6b9e35c9993a) C:\Windows\system32\drivers\viahduaa.sys
    2011/04/17 22:53:32.0292 5448 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    2011/04/17 22:53:32.0323 5448 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    2011/04/17 22:53:32.0386 5448 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/04/17 22:53:32.0448 5448 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    2011/04/17 22:53:32.0479 5448 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/04/17 22:53:32.0526 5448 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    2011/04/17 22:53:32.0557 5448 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/04/17 22:53:32.0620 5448 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/17 22:53:32.0651 5448 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/17 22:53:32.0729 5448 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/04/17 22:53:32.0760 5448 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/04/17 22:53:32.0807 5448 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/04/17 22:53:32.0838 5448 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/04/17 22:53:32.0963 5448 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/04/17 22:53:33.0072 5448 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    2011/04/17 22:53:33.0166 5448 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/04/17 22:53:33.0322 5448 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    2011/04/17 22:53:33.0447 5448 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/04/17 22:53:33.0525 5448 ================================================================================
    2011/04/17 22:53:33.0525 5448 Scan finished
    2011/04/17 22:53:33.0525 5448 ================================================================================


















  • Mooi.

    Die TDDsKiller mag je handmatig verwijderen.

    ComboFix verwijder je als volgt:

    ComboFix mag nu verwijderd worden:
    [list:4904a16101][*:4904a16101] ga daarvoor naar Start - Uitvoeren
    [*:4904a16101] kopieer en plak hierin het volgende: [b:4904a16101]Combofix /Uninstall[/b:4904a16101]
    [*:4904a16101] klik daarna op [b:4904a16101]OK[/b:4904a16101].
    [*:4904a16101] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:4904a16101]

    Voorbeeld:

    [img:4904a16101]http://home.kpn.nl/stefsmeenk/CFUninstall.PNG[/img:4904a16101]

    Uitvoeren kan ook gestart worden door de toetsencombinatie [img:4904a16101]http://home.kpn.nl/stefsmeenk/W+R.jpg[/img:4904a16101]


    Of ComboFix handmatig verwijderen:

    [b:4904a16101]Verwijder dan:[/b:4904a16101]
    [list:4904a16101][*:4904a16101] ComboFix.exe
    [*:4904a16101] C:\combofix.txt
    [*:4904a16101] C:\ComboFix-quarantined-files.txt
    [*:4904a16101] C:\ComboFix2.txt
    [*:4904a16101] C:\ComboFix3.txt
    [*:4904a16101] etc.etc.
    [*:4904a16101] de map c:\Qoobox (mits aanwezig)[/list:u:4904a16101]


    een test, om te kijken hoe goed de huidige veiligheidssituatie in Windows is.

    Download naar je bureaublad [b:4904a16101].
    [list:4904a16101][*:4904a16101] Klik/dubbelklik op [b:4904a16101]SecurityCheck.exe[/b:4904a16101] en let op de instrukties in het zwarte vesnter.
    [*:4904a16101] Een Kladblok document genaamd [b:4904a16101]checkup.txt[/b:4904a16101] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
    [*:4904a16101] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:4904a16101]
    Post de inhoud van [b:4904a16101]checkup.txt [/b:4904a16101]in je volgende post.En dan nog dit:
  • Oke, hier is de log.

    Results of screen317's Security Check version 0.99.10
    Windows 7 Service Pack 1
  • Hoi Klaas, je hebt het prima voor elkaar, mijn complimenten.

    Enkel, waarom heb je de UserAccountControl uitgeschakeld?

    En verder kan je Windows nog veiliger maken door DEP voor alles in te schakelen!

    Heb je dat gedaan, kijk dan ook hier: http://support.microsoft.com/kb/2458544
  • Goedeavond Abraham

    Hier ben ik dan weer, na een dagje werken.

    Je wordt hartelijk bedankt voor het complimentje.
    En u ook voor u inzet.

    Vraagje hier over.
    Enkel, waarom heb je de UserAccountControl uitgeschakeld?

    ? dat weet ik niet, maar hoe zet je die weer aan.

    En dan deze nog
    En verder kan je Windows nog veiliger maken door DEP voor alles in te schakelen. ? waar vind ik dat.

    Dan die link, moet ik Emet ook downloaden.
  • Hoi Klaas, je mag gwoon jijen tegen me.

    UAC aanzetten: Configuratiescherm\Gebruikersaccounts

    DEP: computer met rechts aanklikken en Eigenschappen aanklikken.

    In het venster Systeem klik je links op [b:9b7d7b96c5]Geavanceerde systeeminstellingen[/b:9b7d7b96c5].

    Dat venster opent automatisch op de juiste pagina.
    Klik in het kader Visuele instellingen op de knop "Instellingen" en vervolgens in het nieuwe venster op de bovenste tab "Preventie van gegevensuitvoering DEP"

    De rest wijst zich vanzelf.
  • Oke Abraham

    Heb wat je hier boven schreef allemaal uitgevoerd.
    dus het zit nu wel helemaal goed.

    Had vanavond nog eens gescand met SAS, maar alleen 1 Tracking cokie gevonden meer niet.

    Nogmaals bedankt voor je inzet.

    En nog een fijne avond.
  • Dank je en jij veel plezier weer met je PC.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.