Vraag & Antwoord

Beveiliging & privacy

HiJackThis log t.b.v Trojan.Agent/Gen

15 antwoorden
  • Goedemiddag Graag even deze log nazien van deze Trojan.Agent/Gen Deze trojan afgelopen maandag verwijderd via SuperAntiSpyware, maar is nu weer gevonden door S.A.Spyware in weer verwijderd. In deze progamma geeft het aan dat het om Babylon Toolbar gaat. Die heb ik verwijderd, maar wou toch eventjes de Hijackthis na laten kijken + de Mbam file. Daar scan ik elke zondag mee (tis een gekochte versie). Hierbij het Hijackthis logje Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:45:45, on 17-4-2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Corel\Standby\Standby.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weerdirect.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=840c1946000000000000002618ba36e7&tlver=1.4.19.19&ss=1&affID=17980 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [Standby] "c:\Program Files\Common Files\Corel\Standby\Standby.exe" -START O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" O4 - HKCU\..\Run: [EPSON SX125 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE /FU "C:\Windows\TEMP\E_SB183.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: Toevoegen aan Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm O9 - Extra button: &Virtueel Toetsenbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL O9 - Extra button: C&ontrole van URL's - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe O23 - Service: Kaspersky Anti-Virus-service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32\nvSCPAPISvr.exe -- End of file - 8880 bytes En hierbij nog een Mbam log Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversie: 6383 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 17-4-2011 14:51:59 mbam-log-2011-04-17 (14-51-59).txt Scantype: Snelle scan Objecten gescand: 153329 Verstreken tijd: 4 minuut/minuten, 21 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Alvast bedankt voor u tijd die u er in steekt.
  • Hallo ks, sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:1bae7cef37]Fix checked[/b:1bae7cef37] klikt! Start nu HijackThis middels rechtsklik met Administratorrechten en klik op de knop [b:1bae7cef37]Do a Scan only, R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=840c1946000000000 000002618ba36e7&tlver=1.4.19.19&ss=1&affID=17980 O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[/b:1bae7cef37] [list:1bae7cef37][*:1bae7cef37] zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen [*:1bae7cef37] Sluit nu de webbrowser en vervolgens klik je daarna op de knop [b:1bae7cef37]Fix checked[/b:1bae7cef37] [*:1bae7cef37] Klik hierna HijackThis op uit.[/list:u:1bae7cef37] [b:1bae7cef37] Start de computer na de fix opnieuw op[/b:1bae7cef37] Na nieuw opgestart te zijn ga je naar [b:1bae7cef37]Configuratiescherm\Programma's en onderdelen[/b:1bae7cef37] en daar verwijder je dan [b:1bae7cef37]NVIDIA Corporation\NetworkAccessManager[/b:1bae7cef37] Dit is gewoon een buggy firewall die niets inWindows heeft te zoeken! Doe daarna het volgende: [b:1bae7cef37]Welk programma[/b:1bae7cef37]: ComboFix [b:1bae7cef37]Waarvoor/waarom[/b:1bae7cef37]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:1bae7cef37]Moeilijkheidsgraad[/b:1bae7cef37]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:1bae7cef37]Downloadlokatie[/b:1bae7cef37]: Dit programma absoluut naar het bureaublad downloaden! [b:1bae7cef37]Download ComboFix via één van deze locaties[/b:1bae7cef37]: [list:1bae7cef37][*:1bae7cef37][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:1bae7cef37]Bleepingcomputer[/b:1bae7cef37][/url] [*:1bae7cef37][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:1bae7cef37]ForoSpyware[/b:1bae7cef37][/url] [*:1bae7cef37][url=http://subs.geekstogo.com/ComboFix.exe][b:1bae7cef37]Geekstogo[/b:1bae7cef37][/url][/list:u:1bae7cef37] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:1bae7cef37]Hier[/b:1bae7cef37][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:1bae7cef37]Hier[/b:1bae7cef37][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:1bae7cef37]hier[/b:1bae7cef37][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:1bae7cef37]Voor alle duidelijkheid nogmaals[/b:1bae7cef37]: ComboFix dient vanaf het bureaublad gestart te worden. [b:1bae7cef37]Opmerkingen[/b:1bae7cef37]: [list:1bae7cef37][*:1bae7cef37] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:1bae7cef37]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:1bae7cef37]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:1bae7cef37] [b:1bae7cef37]ComboFix is opgestart[/b:1bae7cef37]: [list:1bae7cef37][*:1bae7cef37]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:1bae7cef37]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:1bae7cef37]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:1bae7cef37]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:1bae7cef37]Post de inhoud van dit logbestand in je volgende bericht. [*:1bae7cef37]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:1bae7cef37] [b:1bae7cef37]Belangrijke opmerking[/b:1bae7cef37]: [list:1bae7cef37][*:1bae7cef37][b:1bae7cef37][color=Red:1bae7cef37]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:1bae7cef37][/b:1bae7cef37] [*:1bae7cef37][b:1bae7cef37][color=blue:1bae7cef37]Illegal operation attempted on a registery key that has been marked for deletion.[/color:1bae7cef37][/b:1bae7cef37] [*:1bae7cef37][b:1bae7cef37][color=Red:1bae7cef37]Start dan de computer opnieuw op.[/color:1bae7cef37][/b:1bae7cef37][/list:u:1bae7cef37]
  • Hoi Bedankt voor de snelle reactie. Hier komt de ComboFix log ComboFix 11-04-16.03 - Gebruiker 17-04-2011 20:20:00.1.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.1872 [GMT 2:00] Gestart vanuit: c:\users\Gebruiker\Downloads\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06} FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D} SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system\oeminfo.ini . . (((((((((((((((((((( Bestanden Gemaakt van 2011-03-17 to 2011-04-17 )))))))))))))))))))))))))))))) . . 2011-04-17 13:21 . 2011-04-17 13:21 -------- d-----w- c:\users\Gebruiker\AppData\Local\{83EF7036-8DDA-4A6C-AF57-450838D92576} 2011-04-17 13:06 . 2011-04-17 13:06 -------- d-----w- c:\users\Gebruiker\AppData\Local\{5F08C7F3-8B10-41E6-9294-8C147FAD7405} 2011-04-17 11:59 . 2011-04-17 11:59 -------- d-----w- c:\users\Gebruiker\AppData\Local\{F46F04C4-C476-419E-A7AC-7D635007DFD5} 2011-04-16 20:01 . 2011-04-16 20:02 -------- d-----w- c:\users\Gebruiker\AppData\Local\{41C09CFC-815F-46F0-8751-8C8A845A128B} 2011-04-16 19:53 . 2011-02-23 04:48 311808 ----a-w- c:\windows\system32\drivers\srv.sys 2011-04-16 19:53 . 2011-02-23 04:48 310272 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-04-16 19:53 . 2011-02-23 04:47 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-04-16 19:53 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll 2011-04-16 19:53 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe 2011-04-16 19:53 . 2011-02-19 06:30 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-04-16 19:53 . 2011-02-19 04:34 294912 ----a-w- c:\windows\system32\atmfd.dll 2011-04-16 19:53 . 2011-03-03 03:42 2333184 ----a-w- c:\windows\system32\win32k.sys 2011-04-16 19:52 . 2011-02-12 05:35 191488 ----a-w- c:\windows\system32\FXSCOVER.exe 2011-04-16 19:52 . 2011-02-24 05:38 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-04-16 19:52 . 2011-03-08 05:28 741376 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-16 19:52 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll 2011-04-16 19:52 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll 2011-04-16 19:52 . 2011-02-23 04:47 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-04-16 19:52 . 2011-02-23 04:47 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-04-16 19:52 . 2011-02-23 04:47 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-16 19:52 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys 2011-04-16 17:27 . 2011-04-16 17:27 -------- d-----w- c:\users\Gebruiker\AppData\Local\{D01728E6-04A9-41D3-803A-FA2DBB6A622C} 2011-04-14 17:57 . 2011-04-14 17:58 -------- d-----w- c:\users\Gebruiker\AppData\Local\{4ADB3040-C001-4C77-8A67-7F62E0EBE418} 2011-04-13 18:12 . 2011-04-13 18:12 -------- d-----w- c:\users\Gebruiker\AppData\Local\{4E54D955-CEC3-4ADE-B701-FB8B73BD5038} 2011-04-12 17:50 . 2011-04-12 17:50 -------- d-----w- c:\users\Gebruiker\AppData\Local\{479DFDFD-7008-4EE5-B076-C2B0B3EA2C27} 2011-04-11 17:08 . 2011-04-11 17:08 -------- d-----w- c:\users\Gebruiker\AppData\Local\{4E39F4F3-C7DF-45A5-B43C-FFC65ABF4E0D} 2011-04-10 10:18 . 2011-04-10 10:18 -------- d-----w- c:\users\Gebruiker\AppData\Local\{6B689239-FD46-42F8-9C71-BF7DE92E5A40} 2011-04-09 22:17 . 2011-04-09 22:18 -------- d-----w- c:\users\Gebruiker\AppData\Local\{7D61CFCF-6F9E-4D83-BBC9-F96A649CFC5A} 2011-04-08 18:38 . 2011-04-08 18:38 -------- d-----w- c:\users\Gebruiker\AppData\Local\{A99956D1-4E14-4C0B-B72B-7175ECE17980} 2011-04-07 18:28 . 2011-04-07 18:28 -------- d-----w- c:\users\Gebruiker\AppData\Local\{7D3EB8F3-1267-4B0B-B7AF-8E6BAE4684BE} 2011-04-06 18:59 . 2011-04-06 18:59 -------- d-----w- c:\users\Gebruiker\AppData\Local\{CA00604A-A638-4027-8CB4-6ED2A5F914C5} 2011-04-05 18:31 . 2011-04-05 18:31 -------- d-----w- c:\users\Gebruiker\AppData\Local\{E5FF304E-38D2-46B6-B74D-575A8C9C8EAF} 2011-04-04 18:17 . 2011-04-04 18:17 -------- d-----w- c:\users\Gebruiker\AppData\Local\{8F8CC046-243E-4B7E-B83C-0782E0DDDADC} 2011-04-03 14:24 . 2011-04-03 14:24 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\SUPERAntiSpyware.com 2011-04-03 14:23 . 2011-04-03 14:24 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-04-03 09:44 . 2011-04-03 09:45 -------- d-----w- c:\users\Gebruiker\AppData\Local\{9B350036-E91C-4E0E-A05B-1BAC3044FC99} 2011-04-01 11:59 . 2011-04-01 12:00 -------- d-----w- c:\users\Gebruiker\AppData\Local\{3739FA63-ADE8-409A-BEAB-C64B9CB0A358} 2011-03-31 17:25 . 2011-03-31 17:25 -------- d-----w- c:\users\Gebruiker\AppData\Local\{0CFCCD7E-BF25-471E-9CB8-894E273D5154} 2011-03-30 17:34 . 2011-03-30 17:35 -------- d-----w- c:\users\Gebruiker\AppData\Local\{8B1E98EA-BF48-4CD9-B12B-36DC045088F4} 2011-03-24 20:44 . 2011-03-24 20:44 -------- d-----w- c:\program files\Common Files\Adobe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-11 18:33 . 2010-02-09 15:14 5852 --sha-w- c:\programdata\KGyGaAvL.sys 2011-03-09 19:35 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-02-26 10:07 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-02-20 15:48 . 2011-02-20 15:48 1784832 ----a-w- c:\windows\system32\iertutil.dll_old0 2011-02-20 15:48 . 2011-02-20 15:48 1125376 ----a-w- c:\windows\system32\wininet.dll_old0 2011-02-20 15:48 . 2011-02-20 15:48 1098240 ----a-w- c:\windows\system32\urlmon.dll_old0 2011-02-19 06:30 . 2011-03-09 19:39 805376 ----a-w- c:\windows\system32\FntCache.dll 2011-02-19 06:30 . 2011-03-09 19:39 1076736 ----a-w- c:\windows\system32\DWrite.dll 2011-02-19 06:30 . 2011-03-09 19:39 739840 ----a-w- c:\windows\system32\d2d1.dll 2011-02-03 05:54 . 2011-02-10 19:28 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2011-02-02 20:40 . 2010-05-08 23:30 472808 ----a-w- c:\windows\system32\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2010-06-27 526992] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-01-07 105632] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 1486848] "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2011-03-16 22:24 2423752 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 136176] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-29 1343400] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104] S1 qtsmon;qtsmon;c:\windows\system32\drivers\qtsmon.sys [2010-12-05 72488] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [2009-07-08 239648] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-12-21 123496] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-08-17 1077760] . . Inhoud van de 'Gedeelde Taken' map . 2011-04-17 c:\windows\Tasks\DriverScanner.job - c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-04-09 11:30] . 2011-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 18:20] . 2011-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 18:20] . 2011-04-17 c:\windows\Tasks\ParetoLogic Registration3.job - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01] . 2011-01-23 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01] . 2011-01-23 c:\windows\Tasks\PC Health Advisor Defrag.job - c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40] . 2011-01-23 c:\windows\Tasks\PC Health Advisor.job - c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40] . 2011-04-17 c:\windows\Tasks\SpeedUpMyPC.job - c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-01-16 13:54] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.weerdirect.nl/ IE: Toevoegen aan Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\4dtnux64.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.weerdirect.nl/ FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= FF - prefs.js: network.proxy.type - 1 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file) MSConfigStartUp-HyvesDesktop - c:\progra~1\HYVESD~1\bin\HYVESD~1.EXE . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20182402-24ED-DBEE-0C047CC941A92C12}\{18337038-91FA-1511-718667CAE01F35A0}\{7E9CBDE1-C583-B4C7-27A5326796C918BF}*] "UVGVJYB6UQSPF6JR6UE1ONOSMA1"=hex:01,00,01,00,00,00,00,00,3c,a7,2e,28,c9,e8,26, 60,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E20DD46F-0CC4-5960-1B1F69E13D145F9C}\{B130274E-D0E8-282B-E7F07B1EE1210709}\{71D795F0-66AF-00D6-EF71DCAC5CDD95C3}*] "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,ba,93,b4, 48,97,f2,a9,9c,75,bc,f0,93,ac,98,e4,60,71,28,20,2a,8e,f3,66,89,de,ef,5f,0f,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDCF6AC6-CDE0-1F6D-043771A983FAB740}\{0B884C8F-0AAB-F925-A63B97C7F3A43931}\{965D33BD-6599-2D1D-7E8A152D666CAEE5}*] "UVGVJYB6UQSPF6JR6UE1ONOSMA1"=hex:01,00,01,00,00,00,00,00,3c,a7,2e,28,c9,e8,26, 60,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F64D8EBD-3DAE-BD3C-0991ACE292CAB5ED}\{17BB8CA8-D706-1AC7-CFA17C6657F849D4}\{8429EDDF-869B-0FCF-6695830B33322B0A}*] "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,ba,93,b4, 48,97,f2,a9,9c,75,bc,f0,93,ac,98,e4,60,71,28,20,2a,8e,f3,66,89,de,ef,5f,0f,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2011-04-17 20:26:04 ComboFix-quarantined-files.txt 2011-04-17 18:26 . Pre-Run: 116.258.746.368 bytes beschikbaar Post-Run: 115.722.686.464 bytes beschikbaar . - - End Of File - - A01820F56E9482A609E9ACD81C69072D Ook nog ff een Hijackthis log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:32:21, on 17-4-2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Windows\explorer.exe C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugin-container.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Common Files\Corel\Standby\Standby.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weerdirect.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [Standby] "c:\Program Files\Common Files\Corel\Standby\Standby.exe" -START O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup O8 - Extra context menu item: Toevoegen aan Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm O9 - Extra button: &Virtueel Toetsenbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL O9 - Extra button: C&ontrole van URL's - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe O23 - Service: Kaspersky Anti-Virus-service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32\nvSCPAPISvr.exe -- End of file - 6633 bytes
  • Hoi Klaas, vindt SAS nog steeds die trojan?
  • Hoi Abraham Nadat ik die babylon toolbar heb verwijderd, ook in mijn register. Heb ik vanavond 1 keer gescand met SAS.En alleen maar 1 cokies gevonden. Maar ik zal hem nu nog eens scannen met SAS. Dan hoor je het straks nog wel eventjes.
  • Hoi Heb net gescand met SAS , alleen 1 tracking cokie gevonden. Geen trojan meer gevonden. Dus ik ga er van uit nu dat het goed is, en hartelijk bedankt voor het verwijderen van het andere rommel. Maar nu heb ik nog ff een vraag over die Trojan.Agent/Gen. Hoe komt het eigelijk dat Mbam hem niet vond, want die draait constant mee als de computer aanstaat. En SAS moet ik dan activeren, en dat doe ik meestal zondags een scan mee. Want die draait niet constant mee.
  • Dat is een goede vraag, waar ik geen antwoord op heb! Zie ook: http://www.superantispyware.com/malwarefiles/MBAM.EXE.html En doe voor de zekerheid nog volgende: [b:4dd2e59632]Welk programma[/b:4dd2e59632]: Kaspersky [b:4dd2e59632]TDSSKiller[/b:4dd2e59632] [b:4dd2e59632]Waarvoor/waarom[/b:4dd2e59632]: Rootkitscanner [b:4dd2e59632]Moeilijkheidsgraad[/b:4dd2e59632]: geen [b:4dd2e59632]Downloadlokatie[/b:4dd2e59632]: Dit programma absoluut naar het bureaublad downloaden! [b:4dd2e59632]Download[/b:4dd2e59632] [b:4dd2e59632]TDSSKiller[/b:4dd2e59632] [url=http://support.kaspersky.com/downloads/utils/tdsskiller.zip][b:4dd2e59632]hier[/b:4dd2e59632][/url]. [b:4dd2e59632]Installatie[/b:4dd2e59632]: [list:4dd2e59632][*:4dd2e59632] pak het bestand uit op je bureaublad.[/list:u:4dd2e59632] [b:4dd2e59632]TDSSKiller gebruiken[/b:4dd2e59632]: [list:4dd2e59632][*:4dd2e59632]Windows 2000 en Windows XP: start TDSSKiller middels dubbelklik op TDSSKiller.exe. [*:4dd2e59632]Windows Vista en Windows 7: start TDSSKiller middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:4dd2e59632]Als Administrator uitvoeren[/b:4dd2e59632]. [*:4dd2e59632] Nadat de scan klaar is, vindt je het log in de C:\ partitie [*:4dd2e59632] Post de inhoud van dat log[/list:u:4dd2e59632]
  • Hoi Hierbij de TSSKiller Log 2011/04/17 22:53:04.0727 5108 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/17 22:53:05.0101 5108 ================================================================================ 2011/04/17 22:53:05.0101 5108 SystemInfo: 2011/04/17 22:53:05.0101 5108 2011/04/17 22:53:05.0101 5108 OS Version: 6.1.7601 ServicePack: 1.0 2011/04/17 22:53:05.0101 5108 Product type: Workstation 2011/04/17 22:53:05.0101 5108 ComputerName: XIIT-X 2011/04/17 22:53:05.0101 5108 UserName: Gebruiker 2011/04/17 22:53:05.0101 5108 Windows directory: C:\Windows 2011/04/17 22:53:05.0101 5108 System windows directory: C:\Windows 2011/04/17 22:53:05.0101 5108 Processor architecture: Intel x86 2011/04/17 22:53:05.0101 5108 Number of processors: 4 2011/04/17 22:53:05.0101 5108 Page size: 0x1000 2011/04/17 22:53:05.0101 5108 Boot type: Normal boot 2011/04/17 22:53:05.0101 5108 ================================================================================ 2011/04/17 22:53:05.0710 5108 Initialize success 2011/04/17 22:53:15.0460 5448 ================================================================================ 2011/04/17 22:53:15.0460 5448 Scan started 2011/04/17 22:53:15.0460 5448 Mode: Manual; 2011/04/17 22:53:15.0460 5448 ================================================================================ 2011/04/17 22:53:17.0722 5448 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 2011/04/17 22:53:17.0862 5448 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 2011/04/17 22:53:17.0940 5448 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 2011/04/17 22:53:18.0081 5448 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/04/17 22:53:18.0127 5448 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/04/17 22:53:18.0159 5448 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/04/17 22:53:18.0237 5448 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys 2011/04/17 22:53:18.0315 5448 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 2011/04/17 22:53:18.0393 5448 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/04/17 22:53:18.0471 5448 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 2011/04/17 22:53:18.0502 5448 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 2011/04/17 22:53:18.0533 5448 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 2011/04/17 22:53:18.0595 5448 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/04/17 22:53:18.0642 5448 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/04/17 22:53:18.0689 5448 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys 2011/04/17 22:53:18.0751 5448 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/04/17 22:53:18.0783 5448 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys 2011/04/17 22:53:18.0845 5448 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 2011/04/17 22:53:18.0939 5448 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/04/17 22:53:18.0970 5448 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/04/17 22:53:19.0001 5448 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/17 22:53:19.0048 5448 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 2011/04/17 22:53:19.0141 5448 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/04/17 22:53:19.0235 5448 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/04/17 22:53:19.0297 5448 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/04/17 22:53:19.0344 5448 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/04/17 22:53:19.0485 5448 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/17 22:53:19.0531 5448 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/04/17 22:53:19.0578 5448 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/04/17 22:53:19.0609 5448 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/04/17 22:53:19.0641 5448 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/04/17 22:53:19.0672 5448 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/04/17 22:53:19.0703 5448 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/04/17 22:53:19.0734 5448 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/04/17 22:53:19.0953 5448 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/17 22:53:20.0046 5448 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys 2011/04/17 22:53:20.0109 5448 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/04/17 22:53:20.0155 5448 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/04/17 22:53:20.0218 5448 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/04/17 22:53:20.0265 5448 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 2011/04/17 22:53:20.0296 5448 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/04/17 22:53:20.0327 5448 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/04/17 22:53:20.0405 5448 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 2011/04/17 22:53:20.0436 5448 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/04/17 22:53:20.0514 5448 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 2011/04/17 22:53:20.0561 5448 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/04/17 22:53:20.0608 5448 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/04/17 22:53:20.0670 5448 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/04/17 22:53:20.0733 5448 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/17 22:53:20.0889 5448 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/04/17 22:53:20.0998 5448 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/04/17 22:53:21.0045 5448 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 2011/04/17 22:53:21.0091 5448 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/04/17 22:53:21.0169 5448 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/04/17 22:53:21.0216 5448 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/04/17 22:53:21.0263 5448 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/04/17 22:53:21.0294 5448 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/04/17 22:53:21.0372 5448 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/04/17 22:53:21.0403 5448 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/04/17 22:53:21.0435 5448 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/04/17 22:53:21.0466 5448 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/17 22:53:21.0513 5448 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 2011/04/17 22:53:21.0575 5448 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/04/17 22:53:21.0653 5448 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/04/17 22:53:21.0715 5448 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 2011/04/17 22:53:21.0793 5448 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 2011/04/17 22:53:21.0856 5448 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/04/17 22:53:21.0887 5448 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/04/17 22:53:21.0918 5448 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/04/17 22:53:21.0996 5448 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys 2011/04/17 22:53:22.0090 5448 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 2011/04/17 22:53:22.0199 5448 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 2011/04/17 22:53:22.0261 5448 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 2011/04/17 22:53:22.0293 5448 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 2011/04/17 22:53:22.0371 5448 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys 2011/04/17 22:53:22.0402 5448 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/04/17 22:53:22.0464 5448 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 2011/04/17 22:53:22.0511 5448 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/17 22:53:22.0542 5448 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/04/17 22:53:22.0589 5448 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 2011/04/17 22:53:22.0651 5448 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/04/17 22:53:22.0714 5448 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/04/17 22:53:22.0761 5448 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 2011/04/17 22:53:22.0823 5448 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 2011/04/17 22:53:22.0901 5448 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys 2011/04/17 22:53:22.0917 5448 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 2011/04/17 22:53:22.0995 5448 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\Windows\system32\DRIVERS\kl1.sys 2011/04/17 22:53:23.0073 5448 kl2 (713576569667ac9e0f8556076004a96b) C:\Windows\system32\DRIVERS\kl2.sys 2011/04/17 22:53:23.0151 5448 KLIF (39920d69eaedb51757527aa54fe25216) C:\Windows\system32\DRIVERS\klif.sys 2011/04/17 22:53:23.0213 5448 KLIM6 (cf88b4985d957eee45c9939092e87c92) C:\Windows\system32\DRIVERS\klim6.sys 2011/04/17 22:53:23.0291 5448 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys 2011/04/17 22:53:23.0369 5448 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/17 22:53:23.0431 5448 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys 2011/04/17 22:53:23.0509 5448 L8042Kbd (d88846f9f4f27ae9be584a6e5b6b8753) C:\Windows\system32\DRIVERS\L8042Kbd.sys 2011/04/17 22:53:23.0603 5448 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys 2011/04/17 22:53:23.0665 5448 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/17 22:53:23.0712 5448 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys 2011/04/17 22:53:23.0743 5448 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/04/17 22:53:23.0775 5448 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/04/17 22:53:23.0790 5448 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/04/17 22:53:23.0821 5448 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/04/17 22:53:23.0853 5448 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/04/17 22:53:23.0884 5448 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\Windows\system32\Drivers\LUsbFilt.Sys 2011/04/17 22:53:23.0962 5448 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\Windows\system32\drivers\mbam.sys 2011/04/17 22:53:24.0055 5448 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/04/17 22:53:24.0102 5448 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/04/17 22:53:24.0133 5448 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/04/17 22:53:24.0165 5448 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/17 22:53:24.0227 5448 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys 2011/04/17 22:53:24.0289 5448 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/17 22:53:24.0383 5448 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 2011/04/17 22:53:24.0445 5448 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 2011/04/17 22:53:24.0523 5448 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/17 22:53:24.0586 5448 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 2011/04/17 22:53:24.0664 5448 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/17 22:53:24.0726 5448 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/17 22:53:24.0804 5448 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/17 22:53:24.0867 5448 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 2011/04/17 22:53:24.0913 5448 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 2011/04/17 22:53:24.0991 5448 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/04/17 22:53:25.0038 5448 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/04/17 22:53:25.0069 5448 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 2011/04/17 22:53:25.0116 5448 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/17 22:53:25.0132 5448 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/17 22:53:25.0163 5448 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/04/17 22:53:25.0194 5448 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/04/17 22:53:25.0257 5448 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 2011/04/17 22:53:25.0288 5448 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/04/17 22:53:25.0319 5448 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/04/17 22:53:25.0366 5448 MTsensor (0f24624106d8042e7f27882d9d6ff5c0) C:\Windows\system32\DRIVERS\ASACPI.sys 2011/04/17 22:53:25.0413 5448 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/04/17 22:53:25.0475 5448 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/04/17 22:53:25.0537 5448 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 2011/04/17 22:53:25.0584 5448 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/04/17 22:53:25.0615 5448 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/04/17 22:53:25.0678 5448 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/04/17 22:53:25.0756 5448 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/04/17 22:53:25.0818 5448 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 2011/04/17 22:53:25.0849 5448 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/04/17 22:53:25.0927 5448 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 2011/04/17 22:53:25.0990 5448 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/04/17 22:53:26.0052 5448 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/04/17 22:53:26.0083 5448 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/04/17 22:53:26.0161 5448 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys 2011/04/17 22:53:26.0239 5448 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/04/17 22:53:26.0286 5448 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys 2011/04/17 22:53:26.0364 5448 NVHDA (0e40ef12bc029ff8b13043f157452c47) C:\Windows\system32\drivers\nvhda32v.sys 2011/04/17 22:53:26.0614 5448 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/04/17 22:53:26.0817 5448 NVNET (1de923088878b495cd4219e47ba34eb8) C:\Windows\system32\DRIVERS\nvmf6232.sys 2011/04/17 22:53:26.0879 5448 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys 2011/04/17 22:53:26.0973 5448 nvsmu (f13618f0cb1e95232f4c2401592a59e9) C:\Windows\system32\DRIVERS\nvsmu.sys 2011/04/17 22:53:27.0019 5448 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys 2011/04/17 22:53:27.0051 5448 nvstor32 (032ef66dd96692ad3a9d36160f467f67) C:\Windows\system32\DRIVERS\nvstor32.sys 2011/04/17 22:53:27.0113 5448 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 2011/04/17 22:53:27.0175 5448 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 2011/04/17 22:53:27.0253 5448 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/04/17 22:53:27.0347 5448 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 2011/04/17 22:53:27.0378 5448 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/04/17 22:53:27.0456 5448 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 2011/04/17 22:53:27.0519 5448 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 2011/04/17 22:53:27.0550 5448 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/04/17 22:53:27.0581 5448 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/04/17 22:53:27.0612 5448 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/04/17 22:53:27.0690 5448 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/04/17 22:53:27.0737 5448 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/04/17 22:53:27.0784 5448 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/17 22:53:27.0846 5448 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/04/17 22:53:27.0909 5448 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/04/17 22:53:27.0987 5448 qtsmon (c9e96ed9df5b260806f6ec041662bf0f) C:\Windows\system32\drivers\qtsmon.sys 2011/04/17 22:53:28.0049 5448 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/17 22:53:28.0080 5448 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/04/17 22:53:28.0143 5448 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/04/17 22:53:28.0174 5448 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/04/17 22:53:28.0221 5448 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/04/17 22:53:28.0267 5448 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/04/17 22:53:28.0345 5448 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 2011/04/17 22:53:28.0377 5448 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/04/17 22:53:28.0423 5448 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/17 22:53:28.0470 5448 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/04/17 22:53:28.0501 5448 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/04/17 22:53:28.0564 5448 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys 2011/04/17 22:53:28.0642 5448 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 2011/04/17 22:53:28.0751 5448 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/04/17 22:53:28.0891 5448 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2011/04/17 22:53:28.0954 5448 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2011/04/17 22:53:29.0047 5448 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 2011/04/17 22:53:29.0125 5448 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 2011/04/17 22:53:29.0188 5448 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/04/17 22:53:29.0235 5448 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/04/17 22:53:29.0266 5448 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/04/17 22:53:29.0313 5448 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/04/17 22:53:29.0391 5448 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 2011/04/17 22:53:29.0422 5448 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 2011/04/17 22:53:29.0453 5448 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 2011/04/17 22:53:29.0484 5448 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/04/17 22:53:29.0562 5448 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 2011/04/17 22:53:29.0609 5448 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/04/17 22:53:29.0671 5448 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/04/17 22:53:29.0703 5448 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/04/17 22:53:29.0781 5448 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/04/17 22:53:29.0843 5448 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys 2011/04/17 22:53:29.0905 5448 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/17 22:53:29.0968 5448 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/17 22:53:30.0061 5448 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/04/17 22:53:30.0124 5448 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 2011/04/17 22:53:30.0249 5448 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys 2011/04/17 22:53:30.0514 5448 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys 2011/04/17 22:53:30.0592 5448 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 2011/04/17 22:53:30.0654 5448 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 2011/04/17 22:53:30.0685 5448 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys 2011/04/17 22:53:30.0732 5448 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 2011/04/17 22:53:30.0795 5448 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 2011/04/17 22:53:30.0888 5448 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/04/17 22:53:30.0982 5448 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 2011/04/17 22:53:31.0075 5448 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 2011/04/17 22:53:31.0122 5448 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/04/17 22:53:31.0169 5448 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/17 22:53:31.0278 5448 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 2011/04/17 22:53:31.0356 5448 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 2011/04/17 22:53:31.0419 5448 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/04/17 22:53:31.0497 5448 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys 2011/04/17 22:53:31.0512 5448 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 2011/04/17 22:53:31.0543 5448 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/17 22:53:31.0575 5448 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys 2011/04/17 22:53:31.0606 5448 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2011/04/17 22:53:31.0653 5448 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/04/17 22:53:31.0715 5448 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 2011/04/17 22:53:31.0777 5448 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\drivers\USBSTOR.SYS 2011/04/17 22:53:31.0840 5448 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/17 22:53:31.0887 5448 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 2011/04/17 22:53:31.0933 5448 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/17 22:53:31.0965 5448 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/04/17 22:53:32.0027 5448 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 2011/04/17 22:53:32.0105 5448 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 2011/04/17 22:53:32.0136 5448 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/04/17 22:53:32.0214 5448 VIAHdAudAddService (4906e025dd6b322c4bbd6b9e35c9993a) C:\Windows\system32\drivers\viahduaa.sys 2011/04/17 22:53:32.0292 5448 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 2011/04/17 22:53:32.0323 5448 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 2011/04/17 22:53:32.0386 5448 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/04/17 22:53:32.0448 5448 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 2011/04/17 22:53:32.0479 5448 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/04/17 22:53:32.0526 5448 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 2011/04/17 22:53:32.0557 5448 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/04/17 22:53:32.0620 5448 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/17 22:53:32.0651 5448 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/17 22:53:32.0729 5448 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/04/17 22:53:32.0760 5448 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/17 22:53:32.0807 5448 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/04/17 22:53:32.0838 5448 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/04/17 22:53:32.0963 5448 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/04/17 22:53:33.0072 5448 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 2011/04/17 22:53:33.0166 5448 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/17 22:53:33.0322 5448 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 2011/04/17 22:53:33.0447 5448 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/17 22:53:33.0525 5448 ================================================================================ 2011/04/17 22:53:33.0525 5448 Scan finished 2011/04/17 22:53:33.0525 5448 ================================================================================
  • Mooi. Die TDDsKiller mag je handmatig verwijderen. ComboFix verwijder je als volgt: ComboFix mag nu verwijderd worden: [list:4904a16101][*:4904a16101] ga daarvoor naar Start - Uitvoeren [*:4904a16101] kopieer en plak hierin het volgende: [b:4904a16101]Combofix /Uninstall[/b:4904a16101] [*:4904a16101] klik daarna op [b:4904a16101]OK[/b:4904a16101]. [*:4904a16101] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:4904a16101] Voorbeeld: [img:4904a16101]http://home.kpn.nl/stefsmeenk/CFUninstall.PNG[/img:4904a16101] Uitvoeren kan ook gestart worden door de toetsencombinatie [img:4904a16101]http://home.kpn.nl/stefsmeenk/W+R.jpg[/img:4904a16101] Of ComboFix handmatig verwijderen: [b:4904a16101]Verwijder dan:[/b:4904a16101] [list:4904a16101][*:4904a16101] ComboFix.exe [*:4904a16101] C:\combofix.txt [*:4904a16101] C:\ComboFix-quarantined-files.txt [*:4904a16101] C:\ComboFix2.txt [*:4904a16101] C:\ComboFix3.txt [*:4904a16101] etc.etc. [*:4904a16101] de map c:\Qoobox (mits aanwezig)[/list:u:4904a16101] een test, om te kijken hoe goed de huidige veiligheidssituatie in Windows is. Download naar je bureaublad [url=http://screen317.spywareinfoforum.org/SecurityCheck.exe][b:4904a16101][color=Navy:4904a16101]Security Check[/color:4904a16101][/b:4904a16101][/url]. [list:4904a16101][*:4904a16101] Klik/dubbelklik op [b:4904a16101]SecurityCheck.exe[/b:4904a16101] en let op de instrukties in het zwarte vesnter. [*:4904a16101] Een Kladblok document genaamd [b:4904a16101]checkup.txt[/b:4904a16101] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad. [*:4904a16101] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:4904a16101] Post de inhoud van [b:4904a16101]checkup.txt [/b:4904a16101]in je volgende post.En dan nog dit:
  • Oke, hier is de log. Results of screen317's Security Check version 0.99.10 Windows 7 Service Pack 1 [color=red:ddd425a63f][b:ddd425a63f](UAC is disabled!)[/b:ddd425a63f][/color:ddd425a63f] Internet Explorer 8 [b:ddd425a63f]`````````````````````````````` [u:ddd425a63f]Antivirus/Firewall Check:[/u:ddd425a63f][/b:ddd425a63f] Kaspersky Internet Security 2011 [size=1:ddd425a63f]WMI entry may not exist for antivirus; attempting automatic update.[/size:ddd425a63f] [b:ddd425a63f]``````````````````````````````` [u:ddd425a63f]Anti-malware/Other Utilities Check:[/u:ddd425a63f][/b:ddd425a63f] Malwarebytes' Anti-Malware CCleaner Java(TM) 6 Update 24 Adobe Flash Player 10.2.153.1 Adobe Reader X (10.0.1) - Nederlands [b:ddd425a63f]```````````````````````````````` Process Check: [u:ddd425a63f]objlist.exe by Laurent[/u:ddd425a63f][/b:ddd425a63f] Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Kaspersky Lab Kaspersky Internet Security 2011 avp.exe [b:ddd425a63f]``````````End of Log````````````[/b:ddd425a63f]
  • Hoi Klaas, je hebt het prima voor elkaar, mijn complimenten. Enkel, waarom heb je de UserAccountControl uitgeschakeld? En verder kan je Windows nog veiliger maken door DEP voor alles in te schakelen! Heb je dat gedaan, kijk dan ook hier: http://support.microsoft.com/kb/2458544
  • Goedeavond Abraham Hier ben ik dan weer, na een dagje werken. Je wordt hartelijk bedankt voor het complimentje. En u ook voor u inzet. Vraagje hier over. Enkel, waarom heb je de UserAccountControl uitgeschakeld? ? dat weet ik niet, maar hoe zet je die weer aan. En dan deze nog En verder kan je Windows nog veiliger maken door DEP voor alles in te schakelen. ? waar vind ik dat. Dan die link, moet ik Emet ook downloaden.
  • Hoi Klaas, je mag gwoon jijen tegen me. UAC aanzetten: Configuratiescherm\Gebruikersaccounts DEP: computer met rechts aanklikken en Eigenschappen aanklikken. In het venster Systeem klik je links op [b:9b7d7b96c5]Geavanceerde systeeminstellingen[/b:9b7d7b96c5]. Dat venster opent automatisch op de juiste pagina. Klik in het kader Visuele instellingen op de knop "Instellingen" en vervolgens in het nieuwe venster op de bovenste tab "Preventie van gegevensuitvoering DEP" De rest wijst zich vanzelf.
  • Oke Abraham Heb wat je hier boven schreef allemaal uitgevoerd. dus het zit nu wel helemaal goed. Had vanavond nog eens gescand met SAS, maar alleen 1 Tracking cokie gevonden meer niet. Nogmaals bedankt voor je inzet. En nog een fijne avond.
  • Dank je en jij veel plezier weer met je PC.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.