Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

controle HijackThis

None
18 antwoorden
  • Kan iemand deze controleren
    vast bedankt


    yib



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:56, on 02-05-2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    E:\Program Files\Fraps\fraps.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
    E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    E:\Program Files\hyjack\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: &Verzenden naar OneNote - res://E:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - SOURCENEXT - C:\Windows\SysWOW64\bgsvcgen.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32
    vvsvc.exe (file missing)
    O23 - Service: PMBDeviceInfoProvider - Sony Corporation - E:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 9038 bytes


  • Hoi Yibbeda, waarom wil je dat log gecontroleerd hebben - zijn er problemen?

    En: ben je van AVG overgestapt naar Avira?
  • [quote:2459de7af3="Abraham54"]Hoi Yibbeda, waarom wil je dat log gecontroleerd hebben - zijn er problemen?

    En: ben je van AVG overgestapt naar Avira?[/quote:2459de7af3]

    Altijd avira gehad

    maar ik zie steeds wat vreemde lege mappen
    enwel in C:\Users\hans\AppData\Local\Microsoft
    met als namen

    IME12
    IMJP8_1
    IMJP9_0
    IMJP12

    staan ook in C:\Users\Hans\AppData\LocalLow\Microsoft

    heb ze al een aantal keer verwijder maar komen steeds terug
    dus ik vertrouw dit zo erg
  • Dan heb je denk een probleem inderdaad, niet zozeer wat betreft die aangemerkte mappen overigens.

    Daarom nu eerst:

    [b:c9209f7c87]Welk programma[/b:c9209f7c87]: Malwarebytes MBAM
    [b:c9209f7c87]Waarvoor/waarom[/b:c9209f7c87]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:c9209f7c87]Moeilijkheidsgraad[/b:c9209f7c87]: geen.

    [b:c9209f7c87]Download Malwarebytes MBAM via één van deze locaties[/b:c9209f7c87]:
    [list:c9209f7c87] [*:c9209f7c87][b:c9209f7c87]Download.com[/b:c9209f7c87]
    [*:c9209f7c87][b:c9209f7c87]Softpedia.com[/b:c9209f7c87][*:c9209f7c87][b:c9209f7c87]Majorgeeks.com[/b:c9209f7c87][/list:u:c9209f7c87]
    [b:c9209f7c87]Allereerst[/b:c9209f7c87]:[list:c9209f7c87][*:c9209f7c87] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
    [*:c9209f7c87] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:c9209f7c87]
    [b:c9209f7c87]Malwarebytes MBAM opstarten[/b:c9209f7c87]:
    Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
    Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.

    [b:c9209f7c87]Scannen[/b:c9209f7c87]:
    [list:c9209f7c87][*:c9209f7c87] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
    [*:c9209f7c87]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
    [*:c9209f7c87]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:c9209f7c87]
    [b:c9209f7c87]Infecties gevonden[/b:c9209f7c87]:
    [list:c9209f7c87][*:c9209f7c87]Klik nu eerst op OK om de melding weg te klikken
    [*:c9209f7c87]Klik vervolgens rechtsonder op de knop Bekijk resultaten.
    [*:c9209f7c87]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
    [*:c9209f7c87]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [*:c9209f7c87]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
    [*:c9209f7c87]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:c9209f7c87]
    [b:c9209f7c87]MBAM-Log[/b:c9209f7c87]:
    [list:c9209f7c87][*:c9209f7c87] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:c9209f7c87]
    [b:c9209f7c87]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:c9209f7c87]


    En doe ook het volgende:

    [b:c9209f7c87]Welk programma[/b:c9209f7c87]: Kaspersky [b:c9209f7c87]TDSSKiller[/b:c9209f7c87]
    [b:c9209f7c87]Waarvoor/waarom[/b:c9209f7c87]: Rootkitscanner
    [b:c9209f7c87]Moeilijkheidsgraad[/b:c9209f7c87]: geen
    [b:c9209f7c87]Downloadlokatie[/b:c9209f7c87]: Dit programma absoluut naar het bureaublad downloaden!
    [b:c9209f7c87]Download[/b:c9209f7c87] [b:c9209f7c87]TDSSKiller[/b:c9209f7c87] [b:c9209f7c87]hier[/b:c9209f7c87].

    [b:c9209f7c87]Installatie[/b:c9209f7c87]:
    [list:c9209f7c87][*:c9209f7c87] pak het bestand uit op je bureaublad.[/list:u:c9209f7c87]

    [b:c9209f7c87]TDSSKiller gebruiken[/b:c9209f7c87]:
    [list:c9209f7c87][*:c9209f7c87]Windows 2000 en Windows XP: start TDSSKiller middels dubbelklik op TDSSKiller.exe.
    [*:c9209f7c87]Windows Vista en Windows 7: start TDSSKiller middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:c9209f7c87]Als Administrator uitvoeren[/b:c9209f7c87].
    [*:c9209f7c87] Nadat de scan klaar is, vindt je het log in de C:\ partitie
    [*:c9209f7c87] Post de inhoud van dat log[/list:u:c9209f7c87]
    [b:c9209f7c87]Samenvattend: hierna post je de inhoud van de volgende logs:[/b:c9209f7c87]
    [list:c9209f7c87][*:c9209f7c87] MBAM scanlog
    [*:c9209f7c87] TDSSKiller scanlog[/list:u:c9209f7c87]
  • [quote:97bd267817="Abraham54"]Dan heb je denk een probleem inderdaad, niet zozeer wat betreft die aangemerkte mappen overigens.
    [/quote:97bd267817]

    eh wat voor probleem dan ???

    yib
  • Post nu maar eerst de logs!
  • [quote:a7a1ebfbc9="Abraham54"]Post nu maar eerst de logs![/quote:a7a1ebfbc9]

    de eerste log

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Databaseversie: 6493

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    02-05-2011 22:16:09
    mbam-log-2011-05-02 (22-16-09).txt

    Scantype: Snelle scan
    Objecten gescand: 185815
    Verstreken tijd: 2 minuut/minuten, 21 seconde(n)

    Geheugenprocessen geïnfecteerd: 1
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 1

    Geheugenprocessen geïnfecteerd:
    c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> 2504 -> Unloaded process successfully.

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.




    en de 2e
    daar heeft ie niets gevonden


    2011/05/02 22:22:21.0148 4456 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/05/02 22:22:21.0458 4456 ================================================================================
    2011/05/02 22:22:21.0458 4456 SystemInfo:
    2011/05/02 22:22:21.0458 4456
    2011/05/02 22:22:21.0458 4456 OS Version: 6.1.7601 ServicePack: 1.0
    2011/05/02 22:22:21.0458 4456 Product type: Workstation
    2011/05/02 22:22:21.0458 4456 ComputerName: HANS-PC
    2011/05/02 22:22:21.0458 4456 UserName: Hans
    2011/05/02 22:22:21.0458 4456 Windows directory: C:\Windows
    2011/05/02 22:22:21.0458 4456 System windows directory: C:\Windows
    2011/05/02 22:22:21.0458 4456 Running under WOW64
    2011/05/02 22:22:21.0458 4456 Processor architecture: Intel x64
    2011/05/02 22:22:21.0458 4456 Number of processors: 2
    2011/05/02 22:22:21.0458 4456 Page size: 0x1000
    2011/05/02 22:22:21.0458 4456 Boot type: Normal boot
    2011/05/02 22:22:21.0458 4456 ================================================================================
    2011/05/02 22:22:22.0218 4456 Initialize success
    2011/05/02 22:22:37.0828 3108 ================================================================================
    2011/05/02 22:22:37.0828 3108 Scan started
    2011/05/02 22:22:37.0828 3108 Mode: Manual;
    2011/05/02 22:22:37.0828 3108 ================================================================================
    2011/05/02 22:22:39.0458 3108 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    2011/05/02 22:22:39.0518 3108 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    2011/05/02 22:22:39.0548 3108 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    2011/05/02 22:22:39.0598 3108 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/05/02 22:22:39.0658 3108 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/05/02 22:22:39.0698 3108 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/05/02 22:22:39.0748 3108 afcdp (769b6f7dee0e943712a6316129d4bb0e) C:\Windows\system32\DRIVERS\afcdp.sys
    2011/05/02 22:22:39.0798 3108 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
    2011/05/02 22:22:39.0828 3108 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    2011/05/02 22:22:39.0868 3108 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    2011/05/02 22:22:39.0888 3108 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    2011/05/02 22:22:39.0918 3108 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/05/02 22:22:39.0948 3108 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/05/02 22:22:39.0988 3108 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    2011/05/02 22:22:40.0028 3108 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/05/02 22:22:40.0058 3108 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    2011/05/02 22:22:40.0108 3108 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    2011/05/02 22:22:40.0158 3108 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/05/02 22:22:40.0178 3108 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/05/02 22:22:40.0208 3108 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/05/02 22:22:40.0228 3108 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    2011/05/02 22:22:40.0268 3108 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
    2011/05/02 22:22:40.0288 3108 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
    2011/05/02 22:22:40.0328 3108 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/05/02 22:22:40.0378 3108 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/05/02 22:22:40.0418 3108 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/05/02 22:22:40.0508 3108 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/05/02 22:22:40.0548 3108 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    2011/05/02 22:22:40.0578 3108 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/05/02 22:22:40.0588 3108 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/05/02 22:22:40.0628 3108 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/05/02 22:22:40.0658 3108 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/05/02 22:22:40.0678 3108 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/05/02 22:22:40.0688 3108 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/05/02 22:22:40.0718 3108 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/05/02 22:22:40.0748 3108 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/05/02 22:22:40.0778 3108 cdrbsdrv (9456fae4bf8abf6316405724e7ea597e) C:\Windows\system32\drivers\cdrbsdrv.sys
    2011/05/02 22:22:40.0808 3108 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    2011/05/02 22:22:40.0848 3108 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/05/02 22:22:40.0888 3108 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/05/02 22:22:40.0948 3108 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/05/02 22:22:40.0988 3108 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    2011/05/02 22:22:41.0038 3108 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    2011/05/02 22:22:41.0068 3108 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/05/02 22:22:41.0108 3108 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    2011/05/02 22:22:41.0138 3108 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/05/02 22:22:41.0178 3108 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    2011/05/02 22:22:41.0248 3108 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    2011/05/02 22:22:41.0268 3108 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/05/02 22:22:41.0308 3108 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/05/02 22:22:41.0358 3108 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/05/02 22:22:41.0398 3108 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/05/02 22:22:41.0478 3108 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/05/02 22:22:41.0558 3108 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/05/02 22:22:41.0618 3108 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
    2011/05/02 22:22:41.0658 3108 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    2011/05/02 22:22:41.0708 3108 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
    2011/05/02 22:22:41.0748 3108 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/05/02 22:22:41.0778 3108 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/05/02 22:22:41.0818 3108 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/05/02 22:22:41.0848 3108 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/05/02 22:22:41.0878 3108 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/05/02 22:22:41.0898 3108 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/05/02 22:22:41.0938 3108 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    2011/05/02 22:22:41.0978 3108 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/05/02 22:22:42.0008 3108 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/05/02 22:22:42.0038 3108 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/05/02 22:22:42.0088 3108 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/05/02 22:22:42.0148 3108 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/05/02 22:22:42.0198 3108 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    2011/05/02 22:22:42.0238 3108 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    2011/05/02 22:22:42.0258 3108 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/05/02 22:22:42.0288 3108 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/05/02 22:22:42.0318 3108 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/05/02 22:22:42.0368 3108 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/05/02 22:22:42.0398 3108 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    2011/05/02 22:22:42.0438 3108 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    2011/05/02 22:22:42.0478 3108 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    2011/05/02 22:22:42.0538 3108 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    2011/05/02 22:22:42.0578 3108 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    2011/05/02 22:22:42.0618 3108 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/05/02 22:22:42.0658 3108 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    2011/05/02 22:22:42.0698 3108 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/05/02 22:22:42.0728 3108 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/05/02 22:22:42.0778 3108 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    2011/05/02 22:22:42.0818 3108 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/05/02 22:22:42.0878 3108 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/05/02 22:22:42.0908 3108 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    2011/05/02 22:22:42.0938 3108 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    2011/05/02 22:22:42.0978 3108 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/05/02 22:22:42.0988 3108 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/05/02 22:22:43.0048 3108 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    2011/05/02 22:22:43.0078 3108 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/05/02 22:22:43.0108 3108 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/05/02 22:22:43.0168 3108 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    2011/05/02 22:22:43.0208 3108 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/05/02 22:22:43.0238 3108 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    2011/05/02 22:22:43.0268 3108 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/05/02 22:22:43.0298 3108 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/05/02 22:22:43.0318 3108 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/05/02 22:22:43.0328 3108 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/05/02 22:22:43.0368 3108 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/05/02 22:22:43.0398 3108 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/05/02 22:22:43.0418 3108 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/05/02 22:22:43.0458 3108 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/05/02 22:22:43.0498 3108 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/05/02 22:22:43.0518 3108 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/05/02 22:22:43.0558 3108 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/05/02 22:22:43.0588 3108 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    2011/05/02 22:22:43.0618 3108 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    2011/05/02 22:22:43.0638 3108 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/05/02 22:22:43.0678 3108 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    2011/05/02 22:22:43.0718 3108 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/05/02 22:22:43.0738 3108 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/05/02 22:22:43.0788 3108 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/05/02 22:22:43.0808 3108 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    2011/05/02 22:22:43.0838 3108 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    2011/05/02 22:22:43.0868 3108 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/05/02 22:22:43.0898 3108 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/05/02 22:22:43.0918 3108 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    2011/05/02 22:22:43.0958 3108 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/05/02 22:22:43.0978 3108 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/05/02 22:22:43.0988 3108 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/05/02 22:22:44.0028 3108 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    2011/05/02 22:22:44.0048 3108 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    2011/05/02 22:22:44.0068 3108 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/05/02 22:22:44.0078 3108 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/05/02 22:22:44.0108 3108 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/05/02 22:22:44.0148 3108 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS
    wifi.sys
    2011/05/02 22:22:44.0218 3108 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers
    dis.sys
    2011/05/02 22:22:44.0248 3108 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS
    discap.sys
    2011/05/02 22:22:44.0288 3108 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS
    distapi.sys
    2011/05/02 22:22:44.0318 3108 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS
    disuio.sys
    2011/05/02 22:22:44.0358 3108 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS
    diswan.sys
    2011/05/02 22:22:44.0398 3108 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    2011/05/02 22:22:44.0418 3108 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS
    etbios.sys
    2011/05/02 22:22:44.0438 3108 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS
    etbt.sys
    2011/05/02 22:22:44.0508 3108 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS
    frd960.sys
    2011/05/02 22:22:44.0578 3108 nmwcd (985a3f046dfcd58e26d3a95283bb8f1d) C:\Windows\system32\drivers\ccdcmbx64.sys
    2011/05/02 22:22:44.0618 3108 nmwcdc (5eb41a9656388dc21119ccc33f0ee22a) C:\Windows\system32\drivers\ccdcmbox64.sys
    2011/05/02 22:22:44.0648 3108 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/05/02 22:22:44.0678 3108 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers
    siproxy.sys
    2011/05/02 22:22:44.0758 3108 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    2011/05/02 22:22:44.0798 3108 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/05/02 22:22:45.0108 3108 nvlddmkm (ac8cbe9a0663e88f6429ee5530d5e32b) C:\Windows\system32\DRIVERS
    vlddmkm.sys
    2011/05/02 22:22:45.0248 3108 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers
    vraid.sys
    2011/05/02 22:22:45.0268 3108 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers
    vstor.sys
    2011/05/02 22:22:45.0328 3108 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers
    v_agp.sys
    2011/05/02 22:22:45.0358 3108 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    2011/05/02 22:22:45.0448 3108 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/05/02 22:22:45.0478 3108 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    2011/05/02 22:22:45.0508 3108 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
    2011/05/02 22:22:45.0538 3108 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    2011/05/02 22:22:45.0558 3108 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    2011/05/02 22:22:45.0598 3108 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/05/02 22:22:45.0638 3108 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
    2011/05/02 22:22:45.0668 3108 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/05/02 22:22:45.0698 3108 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/05/02 22:22:45.0798 3108 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/05/02 22:22:45.0828 3108 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/05/02 22:22:45.0898 3108 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    2011/05/02 22:22:45.0948 3108 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
    2011/05/02 22:22:45.0998 3108 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/05/02 22:22:46.0038 3108 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/05/02 22:22:46.0078 3108 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/05/02 22:22:46.0098 3108 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/05/02 22:22:46.0138 3108 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/05/02 22:22:46.0178 3108 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/05/02 22:22:46.0208 3108 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/05/02 22:22:46.0228 3108 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/05/02 22:22:46.0268 3108 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/05/02 22:22:46.0298 3108 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/05/02 22:22:46.0318 3108 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/05/02 22:22:46.0358 3108 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    2011/05/02 22:22:46.0378 3108 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/05/02 22:22:46.0398 3108 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/05/02 22:22:46.0448 3108 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
    2011/05/02 22:22:46.0488 3108 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    2011/05/02 22:22:46.0538 3108 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    2011/05/02 22:22:46.0598 3108 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/05/02 22:22:46.0638 3108 RTL8167 (4fe1cef69d36e913738234303986fbb3) C:\Windows\system32\DRIVERS\Rt64win7.sys
    2011/05/02 22:22:46.0668 3108 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    2011/05/02 22:22:46.0698 3108 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    2011/05/02 22:22:46.0748 3108 SCDEmu (4b12e2e559641b0f26474bbc6d7cfaff) C:\Windows\system32\drivers\SCDEmu.sys
    2011/05/02 22:22:46.0778 3108 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/05/02 22:22:46.0808 3108 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/05/02 22:22:46.0848 3108 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/05/02 22:22:46.0878 3108 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/05/02 22:22:46.0908 3108 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/05/02 22:22:46.0958 3108 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    2011/05/02 22:22:46.0978 3108 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/05/02 22:22:47.0008 3108 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    2011/05/02 22:22:47.0038 3108 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/05/02 22:22:47.0078 3108 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/05/02 22:22:47.0108 3108 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/05/02 22:22:47.0138 3108 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/05/02 22:22:47.0198 3108 snapman (446eb38ce4a6d040f548b2f547ca96ff) C:\Windows\system32\DRIVERS\snapman.sys
    2011/05/02 22:22:47.0218 3108 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/05/02 22:22:47.0268 3108 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
    2011/05/02 22:22:47.0298 3108 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
    2011/05/02 22:22:47.0338 3108 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/05/02 22:22:47.0388 3108 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/05/02 22:22:47.0428 3108 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    2011/05/02 22:22:47.0468 3108 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    2011/05/02 22:22:47.0488 3108 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    2011/05/02 22:22:47.0588 3108 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
    2011/05/02 22:22:47.0638 3108 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/05/02 22:22:47.0668 3108 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    2011/05/02 22:22:47.0698 3108 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/05/02 22:22:47.0768 3108 tdrpman255 (5a1ce027712f76ad4c485e803db7d08c) C:\Windows\system32\DRIVERS\tdrpm255.sys
    2011/05/02 22:22:47.0798 3108 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/05/02 22:22:47.0828 3108 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    2011/05/02 22:22:47.0858 3108 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    2011/05/02 22:22:47.0888 3108 timounter (f7546ead58cc3000ac02cf9529b9934e) C:\Windows\system32\DRIVERS\timntr.sys
    2011/05/02 22:22:47.0938 3108 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/05/02 22:22:47.0978 3108 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    2011/05/02 22:22:48.0038 3108 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/05/02 22:22:48.0068 3108 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/05/02 22:22:48.0098 3108 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    2011/05/02 22:22:48.0128 3108 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    2011/05/02 22:22:48.0168 3108 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    2011/05/02 22:22:48.0188 3108 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/05/02 22:22:48.0238 3108 upperdev (afa3a0937b7044a8322d8bc91722c53b) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
    2011/05/02 22:22:48.0258 3108 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
    2011/05/02 22:22:48.0298 3108 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    2011/05/02 22:22:48.0328 3108 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/05/02 22:22:48.0348 3108 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
    2011/05/02 22:22:48.0368 3108 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/05/02 22:22:48.0398 3108 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/05/02 22:22:48.0438 3108 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/05/02 22:22:48.0478 3108 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
    2011/05/02 22:22:48.0518 3108 UsbserFilt (b826f3ff5a1975cc9096b4caadde77b6) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
    2011/05/02 22:22:48.0558 3108 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
    2011/05/02 22:22:48.0588 3108 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/05/02 22:22:48.0628 3108 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    2011/05/02 22:22:48.0658 3108 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/05/02 22:22:48.0678 3108 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/05/02 22:22:48.0738 3108 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    2011/05/02 22:22:48.0768 3108 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    2011/05/02 22:22:48.0798 3108 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    2011/05/02 22:22:48.0828 3108 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    2011/05/02 22:22:48.0868 3108 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    2011/05/02 22:22:48.0898 3108 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    2011/05/02 22:22:48.0928 3108 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    2011/05/02 22:22:48.0968 3108 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/05/02 22:22:48.0998 3108 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    2011/05/02 22:22:49.0028 3108 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/05/02 22:22:49.0068 3108 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/02 22:22:49.0078 3108 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/02 22:22:49.0138 3108 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/05/02 22:22:49.0228 3108 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/05/02 22:22:49.0288 3108 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/05/02 22:22:49.0308 3108 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/05/02 22:22:49.0368 3108 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/05/02 22:22:49.0418 3108 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    2011/05/02 22:22:49.0468 3108 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/05/02 22:22:49.0518 3108 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    2011/05/02 22:22:49.0558 3108 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/05/02 22:22:49.0748 3108 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74983addca2d9618512c088d856d6615) e:\Program Files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl
    2011/05/02 22:22:49.0888 3108 ================================================================================
    2011/05/02 22:22:49.0888 3108 Scan finished
    2011/05/02 22:22:49.0888 3108 ================================================================================













  • nieuwe scan

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 22:27, on 02-05-2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    E:\Program Files\Fraps\fraps.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
    E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    E:\Program Files\hyjack\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: &Verzenden naar OneNote - res://E:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - SOURCENEXT - C:\Windows\SysWOW64\bgsvcgen.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32
    vvsvc.exe (file missing)
    O23 - Service: PMBDeviceInfoProvider - Sony Corporation - E:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 9039 bytes


  • Hoi Yibbeda, doe het volgende:

    [b:a158b8e2e6]Welk programma[/b:a158b8e2e6]: ComboFix
    [b:a158b8e2e6]Waarvoor/waarom[/b:a158b8e2e6]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:a158b8e2e6]Moeilijkheidsgraad[/b:a158b8e2e6]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:a158b8e2e6]Downloadlokatie[/b:a158b8e2e6]: Dit programma absoluut naar het bureaublad downloaden!
    [b:a158b8e2e6]Download ComboFix via één van deze locaties[/b:a158b8e2e6]:
    [list:a158b8e2e6][*:a158b8e2e6][b:a158b8e2e6]Bleepingcomputer[/b:a158b8e2e6]
    [*:a158b8e2e6][b:a158b8e2e6]ForoSpyware[/b:a158b8e2e6]
    [*:a158b8e2e6][b:a158b8e2e6]Geekstogo[/b:a158b8e2e6][/list:u:a158b8e2e6]
    [b:a158b8e2e6]Hier[/b:a158b8e2e6] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:a158b8e2e6]Hier[/b:a158b8e2e6] en [b:a158b8e2e6]hier[/b:a158b8e2e6] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:a158b8e2e6]Voor alle duidelijkheid nogmaals[/b:a158b8e2e6]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:a158b8e2e6]Opmerkingen[/b:a158b8e2e6]:
    [list:a158b8e2e6][*:a158b8e2e6] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:a158b8e2e6]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:a158b8e2e6]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:a158b8e2e6]
    [b:a158b8e2e6]ComboFix is opgestart[/b:a158b8e2e6]:
    [list:a158b8e2e6][*:a158b8e2e6]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:a158b8e2e6]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:a158b8e2e6]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:a158b8e2e6]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:a158b8e2e6]Post de inhoud van dit logbestand in je volgende bericht.
    [*:a158b8e2e6]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:a158b8e2e6]
    [b:a158b8e2e6]Belangrijke opmerking[/b:a158b8e2e6]:
    [list:a158b8e2e6][*:a158b8e2e6][b:a158b8e2e6]
  • Hoi Yibbeda, doe het volgende:

    dat wordt dan morgen
    morgenochtend om 5 uur gaat de wekker helaas

    bedankt tot zover
    morgenavond weer verder


    yib
  • Maakt niet uit, welterusten dus!
  • [quote:f5cc24a774="Abraham54"]Maakt niet uit, welterusten dus![/quote:f5cc24a774]

    daar zijn we dan weer met;


    ComboFix 11-05-02.04 - Hans 03-05-2011 18:29:07.1.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.4095.2503 [GMT 2:00]
    Gestart vanuit: c:\users\Hans\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Hans\AppData\Roaming\inst.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-04-03 to 2011-05-03 ))))))))))))))))))))))))))))))
    .
    .
    2011-05-02 20:12 . 2011-05-02 20:12 ——– d—–w- c:\users\Hans\AppData\Roaming\Malwarebytes
    2011-05-02 20:12 . 2011-05-02 20:12 ——– d—–w- c:\programdata\Malwarebytes
    2011-05-02 20:12 . 2010-12-20 16:09 38224 —-a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-05-02 20:12 . 2010-12-20 16:08 24152 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-02 18:48 . 2011-05-02 18:48 388096 —-a-r- c:\users\Hans\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-04-30 06:56 . 2011-04-11 08:21 8802128 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FE22F67-0E2D-4EB3-A667-6FEE51AE265C}\mpengine.dll
    2011-04-19 06:29 . 2011-04-19 06:29 ——– d—–w- c:\users\Administrator\AppData\Roaming\Logitech
    2011-04-14 07:47 . 2011-04-14 07:47 86016 —-a-w- c:\windows\SysWow64\frapsvid.dll
    2011-04-14 07:47 . 2011-04-14 07:47 84992 —-a-w- c:\windows\system32\frapsv64.dll
    2011-04-12 20:19 . 2011-02-23 04:56 158208 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-12 20:19 . 2011-02-23 04:55 287744 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-04-12 20:19 . 2011-02-23 04:55 128000 —-a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-04-12 20:19 . 2011-02-23 04:55 90624 —-a-w- c:\windows\system32\drivers\bowser.sys
    2011-04-08 08:01 . 2011-04-08 08:01 ——– d—–w- c:\program files\Microsoft Forefront UAG
    2011-04-04 16:54 . 2011-04-04 16:54 356352 —-a-w- c:\windows\eSellerateEngine.dll
    2011-04-04 16:54 . 2011-04-04 16:54 ——– d—–w- c:\users\Hans\AppData\Roaming\Flight1
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-24 14:33 . 2011-03-24 14:33 91648 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-03-24 14:33 . 2011-03-24 14:33 89088 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-03-24 14:33 . 2011-03-24 14:33 86528 —-a-w- c:\windows\SysWow64\iesysprep.dll
    2011-03-24 14:33 . 2011-03-24 14:33 76800 —-a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-03-24 14:33 . 2011-03-24 14:33 76800 —-a-w- c:\windows\system32\tdc.ocx
    2011-03-24 14:33 . 2011-03-24 14:33 74752 —-a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-03-24 14:33 . 2011-03-24 14:33 74752 —-a-w- c:\windows\SysWow64\iesetup.dll
    2011-03-24 14:33 . 2011-03-24 14:33 63488 —-a-w- c:\windows\SysWow64\tdc.ocx
    2011-03-24 14:33 . 2011-03-24 14:33 49664 —-a-w- c:\windows\system32\imgutil.dll
    2011-03-24 14:33 . 2011-03-24 14:33 48640 —-a-w- c:\windows\SysWow64\mshtmler.dll
    2011-03-24 14:33 . 2011-03-24 14:33 48640 —-a-w- c:\windows\system32\mshtmler.dll
    2011-03-24 14:33 . 2011-03-24 14:33 448512 —-a-w- c:\windows\system32\html.iec
    2011-03-24 14:33 . 2011-03-24 14:33 420864 —-a-w- c:\windows\SysWow64\vbscript.dll
    2011-03-24 14:33 . 2011-03-24 14:33 367104 —-a-w- c:\windows\SysWow64\html.iec
    2011-03-24 14:33 . 2011-03-24 14:33 35840 —-a-w- c:\windows\SysWow64\imgutil.dll
    2011-03-24 14:33 . 2011-03-24 14:33 2382848 —-a-w- c:\windows\SysWow64\mshtml.tlb
    2011-03-24 14:33 . 2011-03-24 14:33 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-03-24 14:33 . 2011-03-24 14:33 23552 —-a-w- c:\windows\SysWow64\licmgr10.dll
    2011-03-24 14:33 . 2011-03-24 14:33 2303488 —-a-w- c:\windows\system32\jscript9.dll
    2011-03-24 14:33 . 2011-03-24 14:33 222208 —-a-w- c:\windows\system32\msls31.dll
    2011-03-24 14:33 . 2011-03-24 14:33 1797632 —-a-w- c:\windows\SysWow64\jscript9.dll
    2011-03-24 14:33 . 2011-03-24 14:33 173056 —-a-w- c:\windows\system32\ieUnatt.exe
    2011-03-24 14:33 . 2011-03-24 14:33 161792 —-a-w- c:\windows\SysWow64\msls31.dll
    2011-03-24 14:33 . 2011-03-24 14:33 152064 —-a-w- c:\windows\SysWow64\wextract.exe
    2011-03-24 14:33 . 2011-03-24 14:33 150528 —-a-w- c:\windows\SysWow64\iexpress.exe
    2011-03-24 14:33 . 2011-03-24 14:33 142848 —-a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-03-24 14:33 . 2011-03-24 14:33 1427456 —-a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-03-24 14:33 . 2011-03-24 14:33 1389056 —-a-w- c:\windows\system32\wininet.dll
    2011-03-24 14:33 . 2011-03-24 14:33 135168 —-a-w- c:\windows\system32\IEAdvpack.dll
    2011-03-24 14:33 . 2011-03-24 14:33 12288 —-a-w- c:\windows\system32\mshta.exe
    2011-03-24 14:33 . 2011-03-24 14:33 11776 —-a-w- c:\windows\SysWow64\mshta.exe
    2011-03-24 14:33 . 2011-03-24 14:33 114176 —-a-w- c:\windows\system32\admparse.dll
    2011-03-24 14:33 . 2011-03-24 14:33 1126912 —-a-w- c:\windows\SysWow64\wininet.dll
    2011-03-24 14:33 . 2011-03-24 14:33 111616 —-a-w- c:\windows\system32\iesysprep.dll
    2011-03-24 14:33 . 2011-03-24 14:33 110592 —-a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-03-24 14:33 . 2011-03-24 14:33 101888 —-a-w- c:\windows\SysWow64\admparse.dll
    2011-03-24 14:33 . 2011-03-24 14:33 85504 —-a-w- c:\windows\system32\iesetup.dll
    2011-03-24 14:33 . 2011-03-24 14:33 603648 —-a-w- c:\windows\system32\vbscript.dll
    2011-03-24 14:33 . 2011-03-24 14:33 30720 —-a-w- c:\windows\system32\licmgr10.dll
    2011-03-24 14:33 . 2011-03-24 14:33 165888 —-a-w- c:\windows\system32\iexpress.exe
    2011-03-24 14:33 . 2011-03-24 14:33 160256 —-a-w- c:\windows\system32\wextract.exe
    2011-03-24 14:33 . 2011-03-24 14:33 1492992 —-a-w- c:\windows\system32\inetcpl.cpl
    2011-03-21 15:46 . 2011-03-21 15:47 8192 —-a-w- c:\windows\SysWow64\srvany.exe
    2011-03-20 15:50 . 2011-03-20 15:37 8107 —-a-w- c:\windows\w7dsd.reg
    2011-03-20 15:50 . 2011-03-20 15:37 8089 —-a-w- c:\windows\w7dse.reg
    2011-03-20 15:37 . 2011-03-20 15:37 275360 —-a-w- c:\windows\system32\DreamScene.dll
    2011-03-09 15:02 . 2010-06-24 10:33 18328 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-08 12:17 . 2011-03-08 12:17 53248 —-a-r- c:\users\Hans\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2011-03-08 12:16 . 2011-03-08 12:16 18960 —-a-w- c:\windows\system32\drivers\LNonPnP.sys
    2011-03-07 22:20 . 2009-07-13 23:57 22370304 —-a-w- c:\windows\system32\imageres.dll
    2011-03-04 06:19 . 2011-04-27 13:01 135168 —-a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2011-03-04 06:19 . 2011-04-27 13:01 350208 —-a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2011-02-28 13:13 . 2011-02-28 13:14 38944 —-a-w- c:\windows\system32\drivers\cdrbsdrv.sys
    2011-02-28 13:13 . 2011-02-28 12:49 59240 —-a-w- c:\windows\SysWow64\GenSvcInst.exe
    2011-02-28 13:13 . 2011-02-28 12:49 139264 —-a-w- c:\windows\SysWow64\bgsvcgen.exe
    2011-02-28 12:48 . 2011-02-28 12:49 33408 —-a-w- c:\windows\SysWow64\drivers\CDRBSDRV.SYS
    2011-02-26 22:31 . 2011-02-26 22:31 82816 —-a-w- c:\windows\system32\drivers\pcouffin.sys
    2011-02-26 22:31 . 2011-02-26 22:31 82816 —-a-w- c:\users\Hans\AppData\Roaming\pcouffin.sys
    2011-02-25 14:20 . 2011-02-25 14:20 472808 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2011-02-25 12:46 . 2011-02-25 12:47 2414360 —-a-w- c:\windows\system32\d3dx9_31.dll
    2011-02-25 12:27 . 2011-02-25 12:27 466520 —-a-w- c:\windows\system32\wrap_oal.dll
    2011-02-25 12:27 . 2011-02-25 12:27 445016 —-a-w- c:\windows\SysWow64\wrap_oal.dll
    2011-02-25 12:27 . 2011-02-25 12:27 122968 —-a-w- c:\windows\system32\OpenAL32.dll
    2011-02-25 12:27 . 2011-02-25 12:27 109144 —-a-w- c:\windows\SysWow64\OpenAL32.dll
    2011-02-24 17:25 . 2011-02-24 17:25 29480 —-a-w- c:\windows\SysWow64\msxml3a.dll
    2011-02-24 17:25 . 2011-02-02 13:31 505128 —-a-w- c:\windows\SysWow64\msvcp71.dll
    2011-02-24 17:25 . 2011-02-02 13:31 353576 —-a-w- c:\windows\SysWow64\msvcr71.dll
    2011-02-24 15:31 . 2011-02-24 15:31 250464 —-a-w- c:\windows\system32\drivers\afcdp.sys
    2011-02-24 15:31 . 2011-02-24 15:31 1477152 —-a-w- c:\windows\system32\drivers\tdrpm255.sys
    2011-02-24 15:31 . 2011-02-24 15:31 929312 —-a-w- c:\windows\system32\drivers\timntr.sys
    2011-02-24 15:31 . 2011-02-24 15:31 254496 —-a-w- c:\windows\system32\drivers\snapman.sys
    2011-02-24 10:44 . 2009-07-14 02:36 175616 —-a-w- c:\windows\system32\msclmd.dll
    2011-02-24 10:44 . 2009-07-14 02:36 152576 —-a-w- c:\windows\SysWow64\msclmd.dll
    2011-02-23 06:28 . 2011-02-24 13:11 5654120 —-a-w- c:\windows\SysWow64
    vwgf2um.dll
    2011-02-23 06:28 . 2011-02-24 13:11 1965672 —-a-w- c:\windows\SysWow64
    vapi.dll
    2011-02-23 06:28 . 2011-02-24 13:11 1614440 —-a-w- c:\windows\system32
    vdispco642090.dll
    2011-02-23 06:28 . 2011-02-24 13:11 1359976 —-a-w- c:\windows\system32
    vgenco642040.dll
    2011-02-23 06:28 . 2011-02-24 13:11 10079336 —-a-w- c:\windows\SysWow64
    vd3dum.dll
    2011-02-23 06:28 . 2011-02-23 06:28 67176 —-a-w- c:\windows\system32\OpenCL.dll
    2011-02-23 06:28 . 2011-02-23 06:28 6606440 —-a-w- c:\windows\system32
    vcuda.dll
    2011-02-23 06:28 . 2011-02-23 06:28 57960 —-a-w- c:\windows\SysWow64\OpenCL.dll
    2011-02-23 06:28 . 2011-02-23 06:28 4942952 —-a-w- c:\windows\SysWow64
    vcuda.dll
    2011-02-23 06:28 . 2011-02-23 06:28 3112040 —-a-w- c:\windows\system32
    vcuvid.dll
    2011-02-23 06:28 . 2011-02-23 06:28 2895976 —-a-w- c:\windows\SysWow64
    vcuvid.dll
    2011-02-23 06:28 . 2011-02-23 06:28 2479720 —-a-w- c:\windows\system32
    vcuvenc.dll
    2011-02-23 06:28 . 2011-02-23 06:28 2251368 —-a-w- c:\windows\SysWow64
    vcuvenc.dll
    2011-02-23 06:28 . 2011-02-23 06:28 20473960 —-a-w- c:\windows\system32
    voglv64.dll
    2011-02-23 06:28 . 2011-02-23 06:28 18580072 —-a-w- c:\windows\system32
    vcompiler.dll
    2011-02-23 06:28 . 2011-02-23 06:28 15047272 —-a-w- c:\windows\SysWow64
    voglv32.dll
    2011-02-23 06:28 . 2011-02-23 06:28 13011560 —-a-w- c:\windows\SysWow64
    vcompiler.dll
    2011-02-23 06:28 . 2011-02-23 06:28 12962792 —-a-w- c:\windows\system32\drivers
    vlddmkm.sys
    2011-02-23 06:28 . 2011-02-23 06:28 12862568 —-a-w- c:\windows\system32
    vd3dumx.dll
    2011-02-23 06:28 . 2010-07-10 04:38 2200680 —-a-w- c:\windows\system32
    vapi64.dll
    2011-02-23 06:28 . 2009-07-13 21:59 7732328 —-a-w- c:\windows\system32
    vwgf2umx.dll
    2011-02-19 12:05 . 2011-03-09 15:47 1139200 —-a-w- c:\windows\system32\FntCache.dll
    2011-02-19 12:04 . 2011-03-09 15:47 1544192 —-a-w- c:\windows\system32\DWrite.dll
    2011-02-19 12:04 . 2011-03-09 15:47 902656 —-a-w- c:\windows\system32\d2d1.dll
    2011-02-19 06:30 . 2011-03-09 15:47 1076736 —-a-w- c:\windows\SysWow64\DWrite.dll
    2011-02-19 06:30 . 2011-03-09 15:47 739840 —-a-w- c:\windows\SysWow64\d2d1.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="e:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
    "TrueImageMonitor.exe"="e:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-13 5075776]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 16776]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 9096]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176]
    R3 NVIDIAHWAccess;NVIDIAHWAccess;c:\users\Hans\AppData\Roaming\NVIDIA\HWAccess.sys [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\DRIVERS\tdrpm255.sys [x]
    S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/02/24 18:27];e:\program files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl [2010-03-13 11:58 146928]
    S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-02-24 2475952]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;e:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe [2011-01-07 378984]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 09:51]
    .
    2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 09:51]
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acronis Scheduler2Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-13 357304]
    "NoSleepHD"="e:\program files\NoSleepHDv2.0.exe" [2009-04-11 110080]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.nu.nl/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyServer = http=;ftp=;https=;
    IE: &Verzenden naar OneNote - e:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: E&xporteren naar Microsoft Excel - e:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki… - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
    "ImagePath"="\??\e:\program files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2011-05-03 18:33:53
    ComboFix-quarantined-files.txt 2011-05-03 16:33
    .
    Pre-Run: 17.367.298.048 bytes beschikbaar
    Post-Run: 16.925.958.144 bytes beschikbaar
    .
    - - End Of File - - 90B4698D8986F3BB0E759E840AD96D9E



















  • en de nieuwe HijackThis


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:38, on 03-05-2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    E:\Program Files\Fraps\fraps.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
    E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    E:\Program Files\hyjack\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O8 - Extra context menu item: &Verzenden naar OneNote - res://E:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - SOURCENEXT - C:\Windows\SysWOW64\bgsvcgen.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32
    vvsvc.exe (file missing)
    O23 - Service: PMBDeviceInfoProvider - Sony Corporation - E:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 8471 bytes


  • Hoi Hans, je hoeft geen logs te posten waarom ik niet gevraagd heb!

    Dat comboFix-log ziet er al goed uit!

    Je mag nu het volgende doen:

    [b:e5f8e51169]Doe de ESET online scan (Klik).[/b:e5f8e51169]
    [list:e5f8e51169]
    [*:e5f8e51169]Klik op de knop [b:e5f8e51169]ESET Online Scanner[/b:e5f8e51169]
    [*:e5f8e51169]Zet een vinkje bij [b:e5f8e51169]YES, I accept the Terms of Use[/b:e5f8e51169]
    [*:e5f8e51169]Klik op [b:e5f8e51169]Start[/b:e5f8e51169]
    [*:e5f8e51169]Sta het ActiveX control toe om te installeren.
    [*:e5f8e51169]Klik op [b:e5f8e51169]"Advanced settings"[/b:e5f8e51169]
    [*:e5f8e51169]Zet een vinkje bij de volgende opties:
    [list:e5f8e51169][*:e5f8e51169][b:e5f8e51169]Remove found threats[/b:e5f8e51169]
    [*:e5f8e51169][b:e5f8e51169]Scan archives[/b:e5f8e51169]
    [*:e5f8e51169][b:e5f8e51169]Scan for potentially unwanted applications[/b:e5f8e51169]
    [*:e5f8e51169][b:e5f8e51169]Scan for potentially unsafe applications[/b:e5f8e51169]
    [*:e5f8e51169][b:e5f8e51169]Enable Anti-Stealth technology [/b:e5f8e51169][/list:u:e5f8e51169]
    [*:e5f8e51169]Klik op [b:e5f8e51169]Start[/b:e5f8e51169]
    [*:e5f8e51169]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
    [*:e5f8e51169]Je mag het venster sluiten wanneer de scan klaar is.
    [*:e5f8e51169]Gebruik [b:e5f8e51169]Kladblok[/b:e5f8e51169] om het logje te openen. Dit logje vind je in de lokatie C:\Program Files\EsetOnlineScanner\[b:e5f8e51169]log.txt[/b:e5f8e51169]
    [*:e5f8e51169]Kopieer en plak de inhoud van dit logje in je volgende bericht.[/list:u:e5f8e51169]
    N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller!
  • ESETSmartInstaller@High as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
    # OnlineScanner.ocx=1.0.0.6427
    # api_version=3.0.2
    # EOSSerial=0a2241cb32dc284e80bc52fe551cef30
    # end=stopped
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-05-03 06:19:35
    # local_time=2011-05-03 08:19:35 (+0100, West-Europa (zomertijd))
    # country="Netherlands"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=1797 16775165 100 100 3138 45732189 1605 0
    # compatibility_mode=5893 16776573 100 94 297078 56073535 0 0
    # compatibility_mode=8192 67108863 100 0 144 144 0 0
    # scanned=122854
    # found=0
    # cleaned=0
    # scan_time=3089
    esets_scanner_update returned -1 esets_gle=53251
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6427
    # api_version=3.0.2
    # EOSSerial=0a2241cb32dc284e80bc52fe551cef30
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-05-03 06:54:54
    # local_time=2011-05-03 08:54:54 (+0100, West-Europa (zomertijd))
    # country="Netherlands"
    # lang=1043
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=1797 16775165 100 100 6349 45735400 4816 0
    # compatibility_mode=5893 16776573 100 94 300289 56076746 0 0
    # compatibility_mode=8192 67108863 100 0 3355 3355 0 0
    # scanned=89647
    # found=0
    # cleaned=0
    # scan_time=1998
  • Hoi Hans, ondervindt jij nog problemen met Windows of heb jij nog vragen?
  • [quote:4228efb2c2="Abraham54"]Hoi Hans, ondervindt jij nog problemen met Windows of heb jij nog vragen?[/quote:4228efb2c2]

    de problemen vermeld in mijn eerste bericht doen zich tot op heden niet voor (de mappen die er steeds weer in terug kwamen)

    bedankt zover
  • Hoi Hans, dat is dan fijn.

    Dan gaan we nu eerst opruimen!

    ComboFix mag nu verwijderd worden:
    [list:faa4439c64][*:faa4439c64] ga daarvoor naar Start - Uitvoeren
    [*:faa4439c64] kopieer en plak hierin het volgende: [b:faa4439c64]Combofix /Uninstall[/b:faa4439c64]
    [*:faa4439c64] klik daarna op [b:faa4439c64]OK[/b:faa4439c64].
    [*:faa4439c64] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:faa4439c64]

    Voorbeeld:

    [img:faa4439c64]http://home.kpn.nl/stefsmeenk/CFUninstall.PNG[/img:faa4439c64]

    Uitvoeren kan ook gestart worden door de toetsencombinatie [img:faa4439c64]http://home.kpn.nl/stefsmeenk/W+R.jpg[/img:faa4439c64]


    Of ComboFix handmatig verwijderen:

    [b:faa4439c64]Verwijder dan:[/b:faa4439c64]
    [list:faa4439c64][*:faa4439c64] ComboFix.exe
    [*:faa4439c64] C:\combofix.txt
    [*:faa4439c64] C:\ComboFix-quarantined-files.txt
    [*:faa4439c64] C:\ComboFix2.txt
    [*:faa4439c64] C:\ComboFix3.txt
    [*:faa4439c64] etc.etc.
    [*:faa4439c64] de map c:\Qoobox (mits aanwezig)[/list:u:faa4439c64]
    Lukt het handmatig opruimen niet helemaal, herstart dan naar Veilige modus.


    Hou MBAM aan boord voor een wekelijkse snelle scan - na het tool eerst geupdated te hebben.


    En hou het Eset bestand ook in Windows en doe maandelijks een onlinescan met Eset.
    Dan wordt het bestand enkel updates voorzien.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.