Vraag & Antwoord

Beveiliging & privacy

controle HijackThis

18 antwoorden
  • Kan iemand deze controleren vast bedankt yib Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:56, on 02-05-2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: E:\Program Files\Fraps\fraps.exe C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe E:\Program Files\Avira\AntiVir Desktop\avgnt.exe E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe E:\Program Files\hyjack\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=; R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [TrueImageMonitor.exe] E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &Verzenden naar OneNote - res://E:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - SOURCENEXT - C:\Windows\SysWOW64\bgsvcgen.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PMBDeviceInfoProvider - Sony Corporation - E:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9038 bytes
  • Hoi Yibbeda, waarom wil je dat log gecontroleerd hebben - zijn er problemen? En: ben je van AVG overgestapt naar Avira?
  • [quote:2459de7af3="Abraham54"]Hoi Yibbeda, waarom wil je dat log gecontroleerd hebben - zijn er problemen? En: ben je van AVG overgestapt naar Avira?[/quote:2459de7af3] Altijd avira gehad maar ik zie steeds wat vreemde lege mappen enwel in C:\Users\hans\AppData\Local\Microsoft met als namen IME12 IMJP8_1 IMJP9_0 IMJP12 staan ook in C:\Users\Hans\AppData\LocalLow\Microsoft heb ze al een aantal keer verwijder maar komen steeds terug dus ik vertrouw dit zo erg
  • Dan heb je denk een probleem inderdaad, niet zozeer wat betreft die aangemerkte mappen overigens. Daarom nu eerst: [b:c9209f7c87]Welk programma[/b:c9209f7c87]: Malwarebytes MBAM [b:c9209f7c87]Waarvoor/waarom[/b:c9209f7c87]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware. [b:c9209f7c87]Moeilijkheidsgraad[/b:c9209f7c87]: geen. [b:c9209f7c87]Download Malwarebytes MBAM via één van deze locaties[/b:c9209f7c87]: [list:c9209f7c87] [*:c9209f7c87][url=http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?][b:c9209f7c87]Download.com[/b:c9209f7c87][/url] [*:c9209f7c87][url=http://www.softpedia.com/result.php?sid=&pid=1-423&r=Z2V0L0FudGl2aXJ1cy9NYWx3YXJlYnl0ZXMtQW50aS1NYWx3YXJlLnNodG1s][b:c9209f7c87]Softpedia.com[/b:c9209f7c87][/url][*:c9209f7c87][url=http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html][b:c9209f7c87]Majorgeeks.com[/b:c9209f7c87][/url][/list:u:c9209f7c87] [b:c9209f7c87]Allereerst[/b:c9209f7c87]:[list:c9209f7c87][*:c9209f7c87] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus. [*:c9209f7c87] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:c9209f7c87] [b:c9209f7c87]Malwarebytes MBAM opstarten[/b:c9209f7c87]: Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling. Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren. [b:c9209f7c87]Scannen[/b:c9209f7c87]: [list:c9209f7c87][*:c9209f7c87] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'. [*:c9209f7c87]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'. [*:c9209f7c87]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:c9209f7c87] [b:c9209f7c87]Infecties gevonden[/b:c9209f7c87]: [list:c9209f7c87][*:c9209f7c87]Klik nu eerst op OK om de melding weg te klikken [*:c9209f7c87]Klik vervolgens rechtsonder op de knop Bekijk resultaten. [*:c9209f7c87]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde. [*:c9209f7c87]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [*:c9209f7c87]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken! [*:c9209f7c87]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:c9209f7c87] [b:c9209f7c87]MBAM-Log[/b:c9209f7c87]: [list:c9209f7c87][*:c9209f7c87] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:c9209f7c87] [b:c9209f7c87]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:c9209f7c87] En doe ook het volgende: [b:c9209f7c87]Welk programma[/b:c9209f7c87]: Kaspersky [b:c9209f7c87]TDSSKiller[/b:c9209f7c87] [b:c9209f7c87]Waarvoor/waarom[/b:c9209f7c87]: Rootkitscanner [b:c9209f7c87]Moeilijkheidsgraad[/b:c9209f7c87]: geen [b:c9209f7c87]Downloadlokatie[/b:c9209f7c87]: Dit programma absoluut naar het bureaublad downloaden! [b:c9209f7c87]Download[/b:c9209f7c87] [b:c9209f7c87]TDSSKiller[/b:c9209f7c87] [url=http://support.kaspersky.com/downloads/utils/tdsskiller.zip][b:c9209f7c87]hier[/b:c9209f7c87][/url]. [b:c9209f7c87]Installatie[/b:c9209f7c87]: [list:c9209f7c87][*:c9209f7c87] pak het bestand uit op je bureaublad.[/list:u:c9209f7c87] [b:c9209f7c87]TDSSKiller gebruiken[/b:c9209f7c87]: [list:c9209f7c87][*:c9209f7c87]Windows 2000 en Windows XP: start TDSSKiller middels dubbelklik op TDSSKiller.exe. [*:c9209f7c87]Windows Vista en Windows 7: start TDSSKiller middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:c9209f7c87]Als Administrator uitvoeren[/b:c9209f7c87]. [*:c9209f7c87] Nadat de scan klaar is, vindt je het log in de C:\ partitie [*:c9209f7c87] Post de inhoud van dat log[/list:u:c9209f7c87] [b:c9209f7c87]Samenvattend: hierna post je de inhoud van de volgende logs:[/b:c9209f7c87] [list:c9209f7c87][*:c9209f7c87] MBAM scanlog [*:c9209f7c87] TDSSKiller scanlog[/list:u:c9209f7c87]
  • [quote:97bd267817="Abraham54"]Dan heb je denk een probleem inderdaad, niet zozeer wat betreft die aangemerkte mappen overigens. [/quote:97bd267817] eh wat voor probleem dan ??? yib
  • Post nu maar eerst de logs!
  • [quote:a7a1ebfbc9="Abraham54"]Post nu maar eerst de logs![/quote:a7a1ebfbc9] de eerste log Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversie: 6493 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 02-05-2011 22:16:09 mbam-log-2011-05-02 (22-16-09).txt Scantype: Snelle scan Objecten gescand: 185815 Verstreken tijd: 2 minuut/minuten, 21 seconde(n) Geheugenprocessen geïnfecteerd: 1 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> 2504 -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. en de 2e daar heeft ie niets gevonden 2011/05/02 22:22:21.0148 4456 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/05/02 22:22:21.0458 4456 ================================================================================ 2011/05/02 22:22:21.0458 4456 SystemInfo: 2011/05/02 22:22:21.0458 4456 2011/05/02 22:22:21.0458 4456 OS Version: 6.1.7601 ServicePack: 1.0 2011/05/02 22:22:21.0458 4456 Product type: Workstation 2011/05/02 22:22:21.0458 4456 ComputerName: HANS-PC 2011/05/02 22:22:21.0458 4456 UserName: Hans 2011/05/02 22:22:21.0458 4456 Windows directory: C:\Windows 2011/05/02 22:22:21.0458 4456 System windows directory: C:\Windows 2011/05/02 22:22:21.0458 4456 Running under WOW64 2011/05/02 22:22:21.0458 4456 Processor architecture: Intel x64 2011/05/02 22:22:21.0458 4456 Number of processors: 2 2011/05/02 22:22:21.0458 4456 Page size: 0x1000 2011/05/02 22:22:21.0458 4456 Boot type: Normal boot 2011/05/02 22:22:21.0458 4456 ================================================================================ 2011/05/02 22:22:22.0218 4456 Initialize success 2011/05/02 22:22:37.0828 3108 ================================================================================ 2011/05/02 22:22:37.0828 3108 Scan started 2011/05/02 22:22:37.0828 3108 Mode: Manual; 2011/05/02 22:22:37.0828 3108 ================================================================================ 2011/05/02 22:22:39.0458 3108 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 2011/05/02 22:22:39.0518 3108 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 2011/05/02 22:22:39.0548 3108 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 2011/05/02 22:22:39.0598 3108 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/05/02 22:22:39.0658 3108 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2011/05/02 22:22:39.0698 3108 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2011/05/02 22:22:39.0748 3108 afcdp (769b6f7dee0e943712a6316129d4bb0e) C:\Windows\system32\DRIVERS\afcdp.sys 2011/05/02 22:22:39.0798 3108 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys 2011/05/02 22:22:39.0828 3108 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 2011/05/02 22:22:39.0868 3108 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 2011/05/02 22:22:39.0888 3108 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 2011/05/02 22:22:39.0918 3108 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2011/05/02 22:22:39.0948 3108 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2011/05/02 22:22:39.0988 3108 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 2011/05/02 22:22:40.0028 3108 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/05/02 22:22:40.0058 3108 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 2011/05/02 22:22:40.0108 3108 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 2011/05/02 22:22:40.0158 3108 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2011/05/02 22:22:40.0178 3108 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2011/05/02 22:22:40.0208 3108 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/05/02 22:22:40.0228 3108 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 2011/05/02 22:22:40.0268 3108 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/05/02 22:22:40.0288 3108 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys 2011/05/02 22:22:40.0328 3108 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2011/05/02 22:22:40.0378 3108 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2011/05/02 22:22:40.0418 3108 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2011/05/02 22:22:40.0508 3108 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/05/02 22:22:40.0548 3108 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 2011/05/02 22:22:40.0578 3108 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/05/02 22:22:40.0588 3108 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/05/02 22:22:40.0628 3108 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2011/05/02 22:22:40.0658 3108 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/05/02 22:22:40.0678 3108 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/05/02 22:22:40.0688 3108 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/05/02 22:22:40.0718 3108 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/05/02 22:22:40.0748 3108 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/05/02 22:22:40.0778 3108 cdrbsdrv (9456fae4bf8abf6316405724e7ea597e) C:\Windows\system32\drivers\cdrbsdrv.sys 2011/05/02 22:22:40.0808 3108 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 2011/05/02 22:22:40.0848 3108 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2011/05/02 22:22:40.0888 3108 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2011/05/02 22:22:40.0948 3108 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/05/02 22:22:40.0988 3108 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 2011/05/02 22:22:41.0038 3108 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys 2011/05/02 22:22:41.0068 3108 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2011/05/02 22:22:41.0108 3108 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 2011/05/02 22:22:41.0138 3108 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/05/02 22:22:41.0178 3108 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 2011/05/02 22:22:41.0248 3108 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 2011/05/02 22:22:41.0268 3108 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2011/05/02 22:22:41.0308 3108 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2011/05/02 22:22:41.0358 3108 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2011/05/02 22:22:41.0398 3108 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 2011/05/02 22:22:41.0478 3108 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2011/05/02 22:22:41.0558 3108 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2011/05/02 22:22:41.0618 3108 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys 2011/05/02 22:22:41.0658 3108 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 2011/05/02 22:22:41.0708 3108 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys 2011/05/02 22:22:41.0748 3108 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2011/05/02 22:22:41.0778 3108 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2011/05/02 22:22:41.0818 3108 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2011/05/02 22:22:41.0848 3108 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2011/05/02 22:22:41.0878 3108 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2011/05/02 22:22:41.0898 3108 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/05/02 22:22:41.0938 3108 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 2011/05/02 22:22:41.0978 3108 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2011/05/02 22:22:42.0008 3108 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2011/05/02 22:22:42.0038 3108 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 2011/05/02 22:22:42.0088 3108 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/05/02 22:22:42.0148 3108 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2011/05/02 22:22:42.0198 3108 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 2011/05/02 22:22:42.0238 3108 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 2011/05/02 22:22:42.0258 3108 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/05/02 22:22:42.0288 3108 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2011/05/02 22:22:42.0318 3108 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2011/05/02 22:22:42.0368 3108 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 2011/05/02 22:22:42.0398 3108 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 2011/05/02 22:22:42.0438 3108 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 2011/05/02 22:22:42.0478 3108 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 2011/05/02 22:22:42.0538 3108 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 2011/05/02 22:22:42.0578 3108 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 2011/05/02 22:22:42.0618 3108 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2011/05/02 22:22:42.0658 3108 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 2011/05/02 22:22:42.0698 3108 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2011/05/02 22:22:42.0728 3108 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/05/02 22:22:42.0778 3108 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 2011/05/02 22:22:42.0818 3108 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2011/05/02 22:22:42.0878 3108 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2011/05/02 22:22:42.0908 3108 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 2011/05/02 22:22:42.0938 3108 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 2011/05/02 22:22:42.0978 3108 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/05/02 22:22:42.0988 3108 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/05/02 22:22:43.0048 3108 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys 2011/05/02 22:22:43.0078 3108 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys 2011/05/02 22:22:43.0108 3108 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2011/05/02 22:22:43.0168 3108 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys 2011/05/02 22:22:43.0208 3108 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2011/05/02 22:22:43.0238 3108 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys 2011/05/02 22:22:43.0268 3108 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/05/02 22:22:43.0298 3108 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/05/02 22:22:43.0318 3108 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/05/02 22:22:43.0328 3108 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/05/02 22:22:43.0368 3108 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2011/05/02 22:22:43.0398 3108 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2011/05/02 22:22:43.0418 3108 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/05/02 22:22:43.0458 3108 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2011/05/02 22:22:43.0498 3108 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2011/05/02 22:22:43.0518 3108 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 2011/05/02 22:22:43.0558 3108 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2011/05/02 22:22:43.0588 3108 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 2011/05/02 22:22:43.0618 3108 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 2011/05/02 22:22:43.0638 3108 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2011/05/02 22:22:43.0678 3108 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 2011/05/02 22:22:43.0718 3108 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/05/02 22:22:43.0738 3108 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/05/02 22:22:43.0788 3108 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/05/02 22:22:43.0808 3108 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 2011/05/02 22:22:43.0838 3108 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 2011/05/02 22:22:43.0868 3108 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2011/05/02 22:22:43.0898 3108 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2011/05/02 22:22:43.0918 3108 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 2011/05/02 22:22:43.0958 3108 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2011/05/02 22:22:43.0978 3108 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/05/02 22:22:43.0988 3108 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2011/05/02 22:22:44.0028 3108 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 2011/05/02 22:22:44.0048 3108 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 2011/05/02 22:22:44.0068 3108 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2011/05/02 22:22:44.0078 3108 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/05/02 22:22:44.0108 3108 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2011/05/02 22:22:44.0148 3108 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2011/05/02 22:22:44.0218 3108 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 2011/05/02 22:22:44.0248 3108 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/05/02 22:22:44.0288 3108 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/05/02 22:22:44.0318 3108 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/05/02 22:22:44.0358 3108 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/05/02 22:22:44.0398 3108 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 2011/05/02 22:22:44.0418 3108 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2011/05/02 22:22:44.0438 3108 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 2011/05/02 22:22:44.0508 3108 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/05/02 22:22:44.0578 3108 nmwcd (985a3f046dfcd58e26d3a95283bb8f1d) C:\Windows\system32\drivers\ccdcmbx64.sys 2011/05/02 22:22:44.0618 3108 nmwcdc (5eb41a9656388dc21119ccc33f0ee22a) C:\Windows\system32\drivers\ccdcmbox64.sys 2011/05/02 22:22:44.0648 3108 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2011/05/02 22:22:44.0678 3108 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2011/05/02 22:22:44.0758 3108 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 2011/05/02 22:22:44.0798 3108 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2011/05/02 22:22:45.0108 3108 nvlddmkm (ac8cbe9a0663e88f6429ee5530d5e32b) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/05/02 22:22:45.0248 3108 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 2011/05/02 22:22:45.0268 3108 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 2011/05/02 22:22:45.0328 3108 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 2011/05/02 22:22:45.0358 3108 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 2011/05/02 22:22:45.0448 3108 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2011/05/02 22:22:45.0478 3108 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 2011/05/02 22:22:45.0508 3108 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys 2011/05/02 22:22:45.0538 3108 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 2011/05/02 22:22:45.0558 3108 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 2011/05/02 22:22:45.0598 3108 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/05/02 22:22:45.0638 3108 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys 2011/05/02 22:22:45.0668 3108 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2011/05/02 22:22:45.0698 3108 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2011/05/02 22:22:45.0798 3108 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 2011/05/02 22:22:45.0828 3108 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2011/05/02 22:22:45.0898 3108 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 2011/05/02 22:22:45.0948 3108 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys 2011/05/02 22:22:45.0998 3108 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2011/05/02 22:22:46.0038 3108 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/05/02 22:22:46.0078 3108 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2011/05/02 22:22:46.0098 3108 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2011/05/02 22:22:46.0138 3108 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/05/02 22:22:46.0178 3108 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/05/02 22:22:46.0208 3108 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/05/02 22:22:46.0228 3108 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2011/05/02 22:22:46.0268 3108 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 2011/05/02 22:22:46.0298 3108 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/05/02 22:22:46.0318 3108 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/05/02 22:22:46.0358 3108 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 2011/05/02 22:22:46.0378 3108 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2011/05/02 22:22:46.0398 3108 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2011/05/02 22:22:46.0448 3108 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys 2011/05/02 22:22:46.0488 3108 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 2011/05/02 22:22:46.0538 3108 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 2011/05/02 22:22:46.0598 3108 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2011/05/02 22:22:46.0638 3108 RTL8167 (4fe1cef69d36e913738234303986fbb3) C:\Windows\system32\DRIVERS\Rt64win7.sys 2011/05/02 22:22:46.0668 3108 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 2011/05/02 22:22:46.0698 3108 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 2011/05/02 22:22:46.0748 3108 SCDEmu (4b12e2e559641b0f26474bbc6d7cfaff) C:\Windows\system32\drivers\SCDEmu.sys 2011/05/02 22:22:46.0778 3108 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 2011/05/02 22:22:46.0808 3108 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/05/02 22:22:46.0848 3108 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2011/05/02 22:22:46.0878 3108 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2011/05/02 22:22:46.0908 3108 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2011/05/02 22:22:46.0958 3108 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 2011/05/02 22:22:46.0978 3108 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 2011/05/02 22:22:47.0008 3108 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 2011/05/02 22:22:47.0038 3108 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/05/02 22:22:47.0078 3108 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/05/02 22:22:47.0108 3108 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/05/02 22:22:47.0138 3108 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2011/05/02 22:22:47.0198 3108 snapman (446eb38ce4a6d040f548b2f547ca96ff) C:\Windows\system32\DRIVERS\snapman.sys 2011/05/02 22:22:47.0218 3108 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2011/05/02 22:22:47.0268 3108 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys 2011/05/02 22:22:47.0298 3108 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys 2011/05/02 22:22:47.0338 3108 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys 2011/05/02 22:22:47.0388 3108 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2011/05/02 22:22:47.0428 3108 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 2011/05/02 22:22:47.0468 3108 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 2011/05/02 22:22:47.0488 3108 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 2011/05/02 22:22:47.0588 3108 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys 2011/05/02 22:22:47.0638 3108 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys 2011/05/02 22:22:47.0668 3108 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 2011/05/02 22:22:47.0698 3108 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2011/05/02 22:22:47.0768 3108 tdrpman255 (5a1ce027712f76ad4c485e803db7d08c) C:\Windows\system32\DRIVERS\tdrpm255.sys 2011/05/02 22:22:47.0798 3108 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2011/05/02 22:22:47.0828 3108 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 2011/05/02 22:22:47.0858 3108 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 2011/05/02 22:22:47.0888 3108 timounter (f7546ead58cc3000ac02cf9529b9934e) C:\Windows\system32\DRIVERS\timntr.sys 2011/05/02 22:22:47.0938 3108 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/05/02 22:22:47.0978 3108 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 2011/05/02 22:22:48.0038 3108 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 2011/05/02 22:22:48.0068 3108 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2011/05/02 22:22:48.0098 3108 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 2011/05/02 22:22:48.0128 3108 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 2011/05/02 22:22:48.0168 3108 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 2011/05/02 22:22:48.0188 3108 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2011/05/02 22:22:48.0238 3108 upperdev (afa3a0937b7044a8322d8bc91722c53b) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys 2011/05/02 22:22:48.0258 3108 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys 2011/05/02 22:22:48.0298 3108 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 2011/05/02 22:22:48.0328 3108 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys 2011/05/02 22:22:48.0348 3108 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys 2011/05/02 22:22:48.0368 3108 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 2011/05/02 22:22:48.0398 3108 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2011/05/02 22:22:48.0438 3108 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 2011/05/02 22:22:48.0478 3108 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys 2011/05/02 22:22:48.0518 3108 UsbserFilt (b826f3ff5a1975cc9096b4caadde77b6) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys 2011/05/02 22:22:48.0558 3108 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS 2011/05/02 22:22:48.0588 3108 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/05/02 22:22:48.0628 3108 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 2011/05/02 22:22:48.0658 3108 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/05/02 22:22:48.0678 3108 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2011/05/02 22:22:48.0738 3108 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 2011/05/02 22:22:48.0768 3108 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 2011/05/02 22:22:48.0798 3108 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 2011/05/02 22:22:48.0828 3108 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 2011/05/02 22:22:48.0868 3108 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 2011/05/02 22:22:48.0898 3108 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 2011/05/02 22:22:48.0928 3108 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 2011/05/02 22:22:48.0968 3108 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/05/02 22:22:48.0998 3108 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 2011/05/02 22:22:49.0028 3108 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2011/05/02 22:22:49.0068 3108 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/02 22:22:49.0078 3108 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/02 22:22:49.0138 3108 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2011/05/02 22:22:49.0228 3108 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2011/05/02 22:22:49.0288 3108 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/05/02 22:22:49.0308 3108 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2011/05/02 22:22:49.0368 3108 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/05/02 22:22:49.0418 3108 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 2011/05/02 22:22:49.0468 3108 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2011/05/02 22:22:49.0518 3108 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 2011/05/02 22:22:49.0558 3108 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/05/02 22:22:49.0748 3108 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74983addca2d9618512c088d856d6615) e:\Program Files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl 2011/05/02 22:22:49.0888 3108 ================================================================================ 2011/05/02 22:22:49.0888 3108 Scan finished 2011/05/02 22:22:49.0888 3108 ================================================================================
  • nieuwe scan Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:27, on 02-05-2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: E:\Program Files\Fraps\fraps.exe C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe E:\Program Files\Avira\AntiVir Desktop\avgnt.exe E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe E:\Program Files\hyjack\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=; R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [TrueImageMonitor.exe] E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &Verzenden naar OneNote - res://E:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - SOURCENEXT - C:\Windows\SysWOW64\bgsvcgen.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PMBDeviceInfoProvider - Sony Corporation - E:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9039 bytes
  • Hoi Yibbeda, doe het volgende: [b:a158b8e2e6]Welk programma[/b:a158b8e2e6]: ComboFix [b:a158b8e2e6]Waarvoor/waarom[/b:a158b8e2e6]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:a158b8e2e6]Moeilijkheidsgraad[/b:a158b8e2e6]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:a158b8e2e6]Downloadlokatie[/b:a158b8e2e6]: Dit programma absoluut naar het bureaublad downloaden! [b:a158b8e2e6]Download ComboFix via één van deze locaties[/b:a158b8e2e6]: [list:a158b8e2e6][*:a158b8e2e6][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:a158b8e2e6]Bleepingcomputer[/b:a158b8e2e6][/url] [*:a158b8e2e6][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:a158b8e2e6]ForoSpyware[/b:a158b8e2e6][/url] [*:a158b8e2e6][url=http://subs.geekstogo.com/ComboFix.exe][b:a158b8e2e6]Geekstogo[/b:a158b8e2e6][/url][/list:u:a158b8e2e6] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:a158b8e2e6]Hier[/b:a158b8e2e6][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:a158b8e2e6]Hier[/b:a158b8e2e6][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:a158b8e2e6]hier[/b:a158b8e2e6][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:a158b8e2e6]Voor alle duidelijkheid nogmaals[/b:a158b8e2e6]: ComboFix dient vanaf het bureaublad gestart te worden. [b:a158b8e2e6]Opmerkingen[/b:a158b8e2e6]: [list:a158b8e2e6][*:a158b8e2e6] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:a158b8e2e6]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:a158b8e2e6]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:a158b8e2e6] [b:a158b8e2e6]ComboFix is opgestart[/b:a158b8e2e6]: [list:a158b8e2e6][*:a158b8e2e6]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:a158b8e2e6]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:a158b8e2e6]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:a158b8e2e6]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:a158b8e2e6]Post de inhoud van dit logbestand in je volgende bericht. [*:a158b8e2e6]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:a158b8e2e6] [b:a158b8e2e6]Belangrijke opmerking[/b:a158b8e2e6]: [list:a158b8e2e6][*:a158b8e2e6][b:a158b8e2e6][color=Red:a158b8e2e6]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:a158b8e2e6][/b:a158b8e2e6] [*:a158b8e2e6][b:a158b8e2e6][color=blue:a158b8e2e6]Illegal operation attempted on a registery key that has been marked for deletion.[/color:a158b8e2e6][/b:a158b8e2e6] [*:a158b8e2e6][b:a158b8e2e6][color=Red:a158b8e2e6]Start dan de computer opnieuw op.[/color:a158b8e2e6][/b:a158b8e2e6][/list:u:a158b8e2e6]
  • [quote="Abraham54"]Hoi Yibbeda, doe het volgende: dat wordt dan morgen morgenochtend om 5 uur gaat de wekker helaas bedankt tot zover morgenavond weer verder yib
  • Maakt niet uit, welterusten dus!
  • [quote:f5cc24a774="Abraham54"]Maakt niet uit, welterusten dus![/quote:f5cc24a774] daar zijn we dan weer met; ComboFix 11-05-02.04 - Hans 03-05-2011 18:29:07.1.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.4095.2503 [GMT 2:00] Gestart vanuit: c:\users\Hans\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Hans\AppData\Roaming\inst.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-04-03 to 2011-05-03 )))))))))))))))))))))))))))))) . . 2011-05-02 20:12 . 2011-05-02 20:12 -------- d-----w- c:\users\Hans\AppData\Roaming\Malwarebytes 2011-05-02 20:12 . 2011-05-02 20:12 -------- d-----w- c:\programdata\Malwarebytes 2011-05-02 20:12 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-05-02 20:12 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-02 18:48 . 2011-05-02 18:48 388096 ----a-r- c:\users\Hans\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-04-30 06:56 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FE22F67-0E2D-4EB3-A667-6FEE51AE265C}\mpengine.dll 2011-04-19 06:29 . 2011-04-19 06:29 -------- d-----w- c:\users\Administrator\AppData\Roaming\Logitech 2011-04-14 07:47 . 2011-04-14 07:47 86016 ----a-w- c:\windows\SysWow64\frapsvid.dll 2011-04-14 07:47 . 2011-04-14 07:47 84992 ----a-w- c:\windows\system32\frapsv64.dll 2011-04-12 20:19 . 2011-02-23 04:56 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-12 20:19 . 2011-02-23 04:55 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-04-12 20:19 . 2011-02-23 04:55 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-04-12 20:19 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys 2011-04-08 08:01 . 2011-04-08 08:01 -------- d-----w- c:\program files\Microsoft Forefront UAG 2011-04-04 16:54 . 2011-04-04 16:54 356352 ----a-w- c:\windows\eSellerateEngine.dll 2011-04-04 16:54 . 2011-04-04 16:54 -------- d-----w- c:\users\Hans\AppData\Roaming\Flight1 . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-24 14:33 . 2011-03-24 14:33 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-03-24 14:33 . 2011-03-24 14:33 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-03-24 14:33 . 2011-03-24 14:33 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-03-24 14:33 . 2011-03-24 14:33 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-03-24 14:33 . 2011-03-24 14:33 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-03-24 14:33 . 2011-03-24 14:33 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-03-24 14:33 . 2011-03-24 14:33 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-03-24 14:33 . 2011-03-24 14:33 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-03-24 14:33 . 2011-03-24 14:33 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-03-24 14:33 . 2011-03-24 14:33 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-03-24 14:33 . 2011-03-24 14:33 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-03-24 14:33 . 2011-03-24 14:33 448512 ----a-w- c:\windows\system32\html.iec 2011-03-24 14:33 . 2011-03-24 14:33 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-03-24 14:33 . 2011-03-24 14:33 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-03-24 14:33 . 2011-03-24 14:33 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-03-24 14:33 . 2011-03-24 14:33 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-03-24 14:33 . 2011-03-24 14:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-03-24 14:33 . 2011-03-24 14:33 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-03-24 14:33 . 2011-03-24 14:33 2303488 ----a-w- c:\windows\system32\jscript9.dll 2011-03-24 14:33 . 2011-03-24 14:33 222208 ----a-w- c:\windows\system32\msls31.dll 2011-03-24 14:33 . 2011-03-24 14:33 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-03-24 14:33 . 2011-03-24 14:33 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-03-24 14:33 . 2011-03-24 14:33 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-03-24 14:33 . 2011-03-24 14:33 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-03-24 14:33 . 2011-03-24 14:33 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-03-24 14:33 . 2011-03-24 14:33 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-03-24 14:33 . 2011-03-24 14:33 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-03-24 14:33 . 2011-03-24 14:33 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-03-24 14:33 . 2011-03-24 14:33 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-03-24 14:33 . 2011-03-24 14:33 12288 ----a-w- c:\windows\system32\mshta.exe 2011-03-24 14:33 . 2011-03-24 14:33 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-03-24 14:33 . 2011-03-24 14:33 114176 ----a-w- c:\windows\system32\admparse.dll 2011-03-24 14:33 . 2011-03-24 14:33 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-03-24 14:33 . 2011-03-24 14:33 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-03-24 14:33 . 2011-03-24 14:33 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-03-24 14:33 . 2011-03-24 14:33 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-03-24 14:33 . 2011-03-24 14:33 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-03-24 14:33 . 2011-03-24 14:33 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-03-24 14:33 . 2011-03-24 14:33 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-03-24 14:33 . 2011-03-24 14:33 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-03-24 14:33 . 2011-03-24 14:33 160256 ----a-w- c:\windows\system32\wextract.exe 2011-03-24 14:33 . 2011-03-24 14:33 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-03-21 15:46 . 2011-03-21 15:47 8192 ----a-w- c:\windows\SysWow64\srvany.exe 2011-03-20 15:50 . 2011-03-20 15:37 8107 ----a-w- c:\windows\w7dsd.reg 2011-03-20 15:50 . 2011-03-20 15:37 8089 ----a-w- c:\windows\w7dse.reg 2011-03-20 15:37 . 2011-03-20 15:37 275360 ----a-w- c:\windows\system32\DreamScene.dll 2011-03-09 15:02 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-03-08 12:17 . 2011-03-08 12:17 53248 ----a-r- c:\users\Hans\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-03-08 12:16 . 2011-03-08 12:16 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-03-07 22:20 . 2009-07-13 23:57 22370304 ----a-w- c:\windows\system32\imageres.dll 2011-03-04 06:19 . 2011-04-27 13:01 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2011-03-04 06:19 . 2011-04-27 13:01 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2011-02-28 13:13 . 2011-02-28 13:14 38944 ----a-w- c:\windows\system32\drivers\cdrbsdrv.sys 2011-02-28 13:13 . 2011-02-28 12:49 59240 ----a-w- c:\windows\SysWow64\GenSvcInst.exe 2011-02-28 13:13 . 2011-02-28 12:49 139264 ----a-w- c:\windows\SysWow64\bgsvcgen.exe 2011-02-28 12:48 . 2011-02-28 12:49 33408 ----a-w- c:\windows\SysWow64\drivers\CDRBSDRV.SYS 2011-02-26 22:31 . 2011-02-26 22:31 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2011-02-26 22:31 . 2011-02-26 22:31 82816 ----a-w- c:\users\Hans\AppData\Roaming\pcouffin.sys 2011-02-25 14:20 . 2011-02-25 14:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-02-25 12:46 . 2011-02-25 12:47 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll 2011-02-25 12:27 . 2011-02-25 12:27 466520 ----a-w- c:\windows\system32\wrap_oal.dll 2011-02-25 12:27 . 2011-02-25 12:27 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2011-02-25 12:27 . 2011-02-25 12:27 122968 ----a-w- c:\windows\system32\OpenAL32.dll 2011-02-25 12:27 . 2011-02-25 12:27 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2011-02-24 17:25 . 2011-02-24 17:25 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll 2011-02-24 17:25 . 2011-02-02 13:31 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll 2011-02-24 17:25 . 2011-02-02 13:31 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll 2011-02-24 15:31 . 2011-02-24 15:31 250464 ----a-w- c:\windows\system32\drivers\afcdp.sys 2011-02-24 15:31 . 2011-02-24 15:31 1477152 ----a-w- c:\windows\system32\drivers\tdrpm255.sys 2011-02-24 15:31 . 2011-02-24 15:31 929312 ----a-w- c:\windows\system32\drivers\timntr.sys 2011-02-24 15:31 . 2011-02-24 15:31 254496 ----a-w- c:\windows\system32\drivers\snapman.sys 2011-02-24 10:44 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-02-24 10:44 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-02-23 06:28 . 2011-02-24 13:11 5654120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2011-02-23 06:28 . 2011-02-24 13:11 1965672 ----a-w- c:\windows\SysWow64\nvapi.dll 2011-02-23 06:28 . 2011-02-24 13:11 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll 2011-02-23 06:28 . 2011-02-24 13:11 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll 2011-02-23 06:28 . 2011-02-24 13:11 10079336 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2011-02-23 06:28 . 2011-02-23 06:28 67176 ----a-w- c:\windows\system32\OpenCL.dll 2011-02-23 06:28 . 2011-02-23 06:28 6606440 ----a-w- c:\windows\system32\nvcuda.dll 2011-02-23 06:28 . 2011-02-23 06:28 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll 2011-02-23 06:28 . 2011-02-23 06:28 4942952 ----a-w- c:\windows\SysWow64\nvcuda.dll 2011-02-23 06:28 . 2011-02-23 06:28 3112040 ----a-w- c:\windows\system32\nvcuvid.dll 2011-02-23 06:28 . 2011-02-23 06:28 2895976 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2011-02-23 06:28 . 2011-02-23 06:28 2479720 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-02-23 06:28 . 2011-02-23 06:28 2251368 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2011-02-23 06:28 . 2011-02-23 06:28 20473960 ----a-w- c:\windows\system32\nvoglv64.dll 2011-02-23 06:28 . 2011-02-23 06:28 18580072 ----a-w- c:\windows\system32\nvcompiler.dll 2011-02-23 06:28 . 2011-02-23 06:28 15047272 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2011-02-23 06:28 . 2011-02-23 06:28 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2011-02-23 06:28 . 2011-02-23 06:28 12962792 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-02-23 06:28 . 2011-02-23 06:28 12862568 ----a-w- c:\windows\system32\nvd3dumx.dll 2011-02-23 06:28 . 2010-07-10 04:38 2200680 ----a-w- c:\windows\system32\nvapi64.dll 2011-02-23 06:28 . 2009-07-13 21:59 7732328 ----a-w- c:\windows\system32\nvwgf2umx.dll 2011-02-19 12:05 . 2011-03-09 15:47 1139200 ----a-w- c:\windows\system32\FntCache.dll 2011-02-19 12:04 . 2011-03-09 15:47 1544192 ----a-w- c:\windows\system32\DWrite.dll 2011-02-19 12:04 . 2011-03-09 15:47 902656 ----a-w- c:\windows\system32\d2d1.dll 2011-02-19 06:30 . 2011-03-09 15:47 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll 2011-02-19 06:30 . 2011-03-09 15:47 739840 ----a-w- c:\windows\SysWow64\d2d1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avgnt"="e:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768] "TrueImageMonitor.exe"="e:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-13 5075776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 16776] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 9096] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176] R3 NVIDIAHWAccess;NVIDIAHWAccess;c:\users\Hans\AppData\Roaming\NVIDIA\HWAccess.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\DRIVERS\tdrpm255.sys [x] S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/02/24 18:27];e:\program files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl [2010-03-13 11:58 146928] S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-02-24 2475952] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;e:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 09:51] . 2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 09:51] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acronis Scheduler2Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-13 357304] "NoSleepHD"="e:\program files\NoSleepHDv2.0.exe" [2009-04-11 110080] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.nu.nl/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = http=;ftp=;https=; IE: &Verzenden naar OneNote - e:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - e:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}] "ImagePath"="\??\e:\program files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2011-05-03 18:33:53 ComboFix-quarantined-files.txt 2011-05-03 16:33 . Pre-Run: 17.367.298.048 bytes beschikbaar Post-Run: 16.925.958.144 bytes beschikbaar . - - End Of File - - 90B4698D8986F3BB0E759E840AD96D9E
  • en de nieuwe HijackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:38, on 03-05-2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: E:\Program Files\Fraps\fraps.exe C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe E:\Program Files\Avira\AntiVir Desktop\avgnt.exe E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe E:\Program Files\hyjack\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=; R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [TrueImageMonitor.exe] E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O8 - Extra context menu item: &Verzenden naar OneNote - res://E:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - SOURCENEXT - C:\Windows\SysWOW64\bgsvcgen.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PMBDeviceInfoProvider - Sony Corporation - E:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8471 bytes
  • Hoi Hans, je hoeft geen logs te posten waarom ik niet gevraagd heb! Dat comboFix-log ziet er al goed uit! Je mag nu het volgende doen: [b:e5f8e51169][url=http://www.eset.com/onlinescan/]Doe de ESET online scan (Klik).[/url][/b:e5f8e51169] [list:e5f8e51169] [*:e5f8e51169]Klik op de knop [b:e5f8e51169]ESET Online Scanner[/b:e5f8e51169] [*:e5f8e51169]Zet een vinkje bij [b:e5f8e51169]YES, I accept the Terms of Use[/b:e5f8e51169] [*:e5f8e51169]Klik op [b:e5f8e51169]Start[/b:e5f8e51169] [*:e5f8e51169]Sta het ActiveX control toe om te installeren. [*:e5f8e51169]Klik op [b:e5f8e51169]"Advanced settings"[/b:e5f8e51169] [*:e5f8e51169]Zet een vinkje bij de volgende opties: [list:e5f8e51169][*:e5f8e51169][b:e5f8e51169]Remove found threats[/b:e5f8e51169] [*:e5f8e51169][b:e5f8e51169]Scan archives[/b:e5f8e51169] [*:e5f8e51169][b:e5f8e51169]Scan for potentially unwanted applications[/b:e5f8e51169] [*:e5f8e51169][b:e5f8e51169]Scan for potentially unsafe applications[/b:e5f8e51169] [*:e5f8e51169][b:e5f8e51169]Enable Anti-Stealth technology [/b:e5f8e51169][/list:u:e5f8e51169] [*:e5f8e51169]Klik op [b:e5f8e51169]Start[/b:e5f8e51169] [*:e5f8e51169]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld. [*:e5f8e51169]Je mag het venster sluiten wanneer de scan klaar is. [*:e5f8e51169]Gebruik [b:e5f8e51169]Kladblok[/b:e5f8e51169] om het logje te openen. Dit logje vind je in de lokatie C:\Program Files\EsetOnlineScanner\[b:e5f8e51169]log.txt[/b:e5f8e51169] [*:e5f8e51169]Kopieer en plak de inhoud van dit logje in je volgende bericht.[/list:u:e5f8e51169] N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller!
  • ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=0a2241cb32dc284e80bc52fe551cef30 # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-05-03 06:19:35 # local_time=2011-05-03 08:19:35 (+0100, West-Europa (zomertijd)) # country="Netherlands" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775165 100 100 3138 45732189 1605 0 # compatibility_mode=5893 16776573 100 94 297078 56073535 0 0 # compatibility_mode=8192 67108863 100 0 144 144 0 0 # scanned=122854 # found=0 # cleaned=0 # scan_time=3089 esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=0a2241cb32dc284e80bc52fe551cef30 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-05-03 06:54:54 # local_time=2011-05-03 08:54:54 (+0100, West-Europa (zomertijd)) # country="Netherlands" # lang=1043 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775165 100 100 6349 45735400 4816 0 # compatibility_mode=5893 16776573 100 94 300289 56076746 0 0 # compatibility_mode=8192 67108863 100 0 3355 3355 0 0 # scanned=89647 # found=0 # cleaned=0 # scan_time=1998
  • Hoi Hans, ondervindt jij nog problemen met Windows of heb jij nog vragen?
  • [quote:4228efb2c2="Abraham54"]Hoi Hans, ondervindt jij nog problemen met Windows of heb jij nog vragen?[/quote:4228efb2c2] de problemen vermeld in mijn eerste bericht doen zich tot op heden niet voor (de mappen die er steeds weer in terug kwamen) bedankt zover
  • Hoi Hans, dat is dan fijn. Dan gaan we nu eerst opruimen! ComboFix mag nu verwijderd worden: [list:faa4439c64][*:faa4439c64] ga daarvoor naar Start - Uitvoeren [*:faa4439c64] kopieer en plak hierin het volgende: [b:faa4439c64]Combofix /Uninstall[/b:faa4439c64] [*:faa4439c64] klik daarna op [b:faa4439c64]OK[/b:faa4439c64]. [*:faa4439c64] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:faa4439c64] Voorbeeld: [img:faa4439c64]http://home.kpn.nl/stefsmeenk/CFUninstall.PNG[/img:faa4439c64] Uitvoeren kan ook gestart worden door de toetsencombinatie [img:faa4439c64]http://home.kpn.nl/stefsmeenk/W+R.jpg[/img:faa4439c64] Of ComboFix handmatig verwijderen: [b:faa4439c64]Verwijder dan:[/b:faa4439c64] [list:faa4439c64][*:faa4439c64] ComboFix.exe [*:faa4439c64] C:\combofix.txt [*:faa4439c64] C:\ComboFix-quarantined-files.txt [*:faa4439c64] C:\ComboFix2.txt [*:faa4439c64] C:\ComboFix3.txt [*:faa4439c64] etc.etc. [*:faa4439c64] de map c:\Qoobox (mits aanwezig)[/list:u:faa4439c64] Lukt het handmatig opruimen niet helemaal, herstart dan naar Veilige modus. Hou MBAM aan boord voor een wekelijkse snelle scan - na het tool eerst geupdated te hebben. En hou het Eset bestand ook in Windows en doe maandelijks een onlinescan met Eset. Dan wordt het bestand enkel updates voorzien.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.