Vraag & Antwoord

Beveiliging & privacy

ERNSTIG - Windows Vista start niet meer

23 antwoorden
  • Beste mensen, Ik heb een HP laptop met daarop windows Vista home. Van de een op de andere dag wilde hij niet meer opstarten in windows. In het begin startte hij meteen op met startup repair, die gaf vervolgens de melding dat hij het probleem niet kon oplossen. Voordat ik het heb proberen op te lossen, heb ik via een Ubuntu cdrom mijn belangrijke bestanden eerst op USB sticks gezet, deze zijn dus al veilig. Na wat zoeken op internet heb ik via de command console (wat je ook kan kiezen in het menu'tje waar dat startup repair in staat) de [b:44f8a0b533]Fixmbr[/b:44f8a0b533], [b:44f8a0b533]FixBoot[/b:44f8a0b533] en [b:44f8a0b533]RebuilbBcd[/b:44f8a0b533] commands ingevoerd, die zijn allemaal uitgevoerd. Nu dacht ik dat hij het wel weer zou doen, maar wat blijkt, bij opstarten krijg ik het volgende bericht: ***************************** Windows Boot Manager Windows failed to start. A recent hardware or software change might be the cause. To fix problem: 1) Insert your Windows Installations Disc and restart your computer 2) Choose language settings, and click "next" 3) Click "Repair Your computer" File: \windows\system32\drivers\dwprot.sys Status: 0xc0000221 Info: Windows failed to load because a critical system driver is missing, or corrupt. *********************************** Nu is het zo dat bij startup repair ook al naar voren kwam dat het bestand dwprot.sys beschadigd of vermist werd. P.S. Ik heb ergens gelezen op internet dat het dwprot.sys bestand verband houd met DrWeb. Dit programma heb ik wel gebruikt, ik heb geen idee of het nog op de laptop staat. Ik heb geen idee hoe ik nu verder moet en wat er nog voor mogelijkheden zijn. Ik zie er erg tegenop om een clean install te moeten uitvoeren, omdat er dan alsnog veel data en programma's verloren gaan (muziek/films/Ebooks) die nu niet op USB sticks staan. Wie oh wie zou mij kunnen helpen ?! Vriendelijke groeten, Shot_Caller
  • [quote:84b2ec7a2a="Shot_Caller"]File: \windows\system32\drivers\dwprot.sys Status: 0xc0000221 [/quote:84b2ec7a2a] Volgens deze hyperlink [url=http://www.pcsafedoctor.com/exe-errors/dwprot.sys.html]dwprot.sys[/url] zou het mogelijk om een virus Trojan, worm, of spyware kunnen gaan. Heb je al geprobeerd of je de PC nog in veilige modus kunt opstarten. Eventueel met netwerk verbinding. Als dat lukt zou je kunnen checken, of je een [url=http://free.antivirus.com/hijackthis/]HijackThis[/url] log kunt posten.
  • Bedankt voor je reactie Jolo, Oke, het lukt me niet meer om in Windows Vista te komen, ook niet via veilige modus. Zodra ik de laptop opstart, dan krijg ik bijna meteen het scherm van windows boot manager met de foutmelding. Wat wel nog lukt is via de Ubuntu cd, met Ubuntu toegang krijgen tot alle files op mijn harddisk. Heeft het dan nut om vanuit Ubuntu een HijackThis log te maken? of mist hij dan essentiele checkpoints? Heeft het verder nog nut om DrWeb te deinstalleren? Aangezien het betreffende bestand "dwprot.sys" een verwijzing schijnt te zijn naar DrWeb..
  • Update: Ik zie nu net in de doelmap waarin het bestand staat (windows\system32\drivers) dat het bestand dwprot.sys een ander icoon heeft dan alle andere .sys bestanden. Een kijkje bij eigenschappen van het bestand, laat zien dat het type bestand "unknown" is. Het lijkt erop dat het dus niet goed is meeverwijderd toen drWeb verwijderd werd ??
  • Hoi [b:fb78806c55]dwprot.sys[/b:fb78806c55] is pure malware en ik vermoed dat er nog wel meer in jouw Vista zit. Wat je ook kan doen, is bijv. een Avira rescue CD te branden om daarvan te booten en de stukkende Windows op die wijze te scannen! Download van de ISO: http://www.avira.com/en/support-download-avira-antivir-rescue-system Handleiding: http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163 Doordat de scan onder Windows gebeurt is het ook niet mogelijk, dat malware de scan kan neutraliseren! Extra info Maxstar: http://www.pcwebplus.nl/phpbb/viewtopic.php?f=222&t=3941
  • Bedankt voor de tip Abraham54, Ik ga er meteen mee aan de slag en ik laat van me horen.
  • Oke, de scan van Avira Antivir Rescue system is voltooid. Wat opvalt is dat er redelijk wat resultaten zijn, maar dat het bestand dwprot.sys niet gemeld wordt in de scan.. Hieronder de resultaten uit het logfile (het is een hele lijst): Avira / Linux Version 1.9.152.0 Copyright (c) 2010 by Avira GmbH All rights reserved. engine set: 8.2.5.14 VDF Version: 7.11.9.189 Scan start time: Tue Jun 14 17:27:54 2011 configuration file: /etc/avira/scancl.conf WARNING: [Unexpected end of file] /media/Devices/sda1/DOSBox-0.72/uninstall.exe ALERT: [APPL/KillApp.A] /media/Devices/sda1/HP/BIN/EndProcess.exe <<< Contains signature of the application APPL/KillApp.A [renamed] WARNING: [Unexpected end of file] /media/Devices/sda1/Program Files/Belastingdienst/Aangifte inkomstenbelasting/2007/ib2007u.exe WARNING: [Unexpected end of file] /media/Devices/sda1/Program Files/Belastingdienst/Aangifte inkomstenbelasting/2009/ib2009u.exe WARNING: [Unexpected end of file] /media/Devices/sda1/Program Files/QuickPar/uninst.exe WARNING: [Unexpected end of file] /media/Devices/sda1/Program Files/TuneUp Utilities 2011/data/VistaDefault.tbs WARNING: [Unexpected end of file] /media/Devices/sda1/Program Files/TuneUp Utilities 2011/data/VistaDefault.tla WARNING: [Unexpected end of file] /media/Devices/sda1/Program Files/TuneUp Utilities 2011/data/VistaDefault.tls WARNING: [Unexpected end of file] /media/Devices/sda1/Program Files/TuneUp Utilities 2011/TUData.dat --> data/VistaDefault.tbs WARNING: [Unexpected end of file] /media/Devices/sda1/Program Files/TuneUp Utilities 2011/TUData.dat --> data/VistaDefault.tla WARNING: [Unexpected end of file] /media/Devices/sda1/Program Files/TuneUp Utilities 2011/TUData.dat --> data/VistaDefault.tls WARNING: [Unsupported archive version] /media/Devices/sda1/Program Files/FTDv3.8/Uninstall.exe WARNING: [Bad archive header] /media/Devices/sda1/ProgramData/NortonInstaller/Settings/{0C55C096-0F1D-4F28-AAA2-85EF591126E7}.7z WARNING: [Error opening file. (Input/output error)] /media/Devices/sda1/ProgramData/AVG10/Chjw/2c88743c8874071c.dat WARNING: [Error opening file. (Input/output error)] /media/Devices/sda1/ProgramData/AVG10/Chjw/79ac246860f0a1cd.dat WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/config/BehavioralEventProcessors.dat WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/config/BehavioralEvents.dat WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/config/Characteristics.dat WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/config/internalList.zip WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/config/internalList.zip.bak WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/config/md5Cache.dat WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/config/quarantinedList.zip WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/config/quarantinedList.zip.bak WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/config/registryCoverage.dat WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/config/Relationships.dat WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/config/userList.zip WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/config/userList.zip.bak WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/quarantine/263df8d2-0000-1000-8001-000000000000.zip WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/quarantine/9e61e382-ffff-ffff-8000-000000000000.zip WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/quarantine/c3c20950-ffff-ffff-8000-000000000000.zip WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/quarantine/c5239e98-ffff-ffff-8000-000000000000.zip WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/quarantine/ce1a970e-ffff-ffff-8000-000000000000.zip WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/quarantine/cfd92ca2-ffff-ffff-8000-000000000000.zip WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/quarantine/e59cc48c-ffff-ffff-8000-000000000000.zip WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/MFAData/pack/bins/f10idatx1120xy.bin --> data --> internalList.zip WARNING: [Bad archive header] /media/Devices/sda1/$RECYCLE.BIN/S-1-5-21-1362925174-1269254538-546090230-1000/$R810G1V/Support/DirectX/t3740t170.tmp WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/02/REDIST/IE6/IENT_S1.CAB --> IENT_1.CAB WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/02/REDIST/IE6/IENT_S2.CAB --> IENT_2.CAB WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/02/REDIST/IE6/IENT_S3.CAB --> IENT_3.CAB WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/02/REDIST/IE6/IENT_S4.CAB --> IENT_4.CAB WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/02/REDIST/IE6/IENT_S5.CAB --> IENT_5.CAB WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/02/REDIST/IE6/IENT_S6.CAB --> IENT_6.CAB WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/02/REDIST/IE6/IE_S1.CAB --> IE_1.CAB WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/02/REDIST/IE6/IE_S2.CAB --> IE_2.CAB WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/02/REDIST/IE6/IE_S3.CAB --> IE_3.CAB WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/02/REDIST/IE6/IE_S4.CAB --> IE_4.CAB WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/02/REDIST/IE6/IE_S5.CAB --> IE_5.CAB WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/02/REDIST/IE6/IE_S6.CAB --> IE_6.CAB WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/NL/Redist/IE6/ient_s1.CAB --> IENT_1.CAB WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/NL/Redist/IE6/ient_s2.CAB --> IENT_2.CAB WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/NL/Redist/IE6/ient_s3.CAB --> IENT_3.CAB WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/NL/Redist/IE6/ient_s4.CAB --> IENT_4.CAB WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/NL/Redist/IE6/ient_s5.CAB --> IENT_5.CAB WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/NL/Redist/IE6/ie_s1.CAB --> IE_1.CAB WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/NL/Redist/IE6/ie_s2.CAB --> IE_2.CAB WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/NL/Redist/IE6/ie_s3.CAB --> IE_3.CAB WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/NL/Redist/IE6/ie_s4.CAB --> IE_4.CAB WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/NL/Redist/IE6/ie_s5.CAB --> IE_5.CAB WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/NL/Redist/IE6/ie_s6.CAB --> IE_6.CAB WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/NL/Redist/IE6/ient_s6.CAB --> IENT_6.CAB WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/RoxioCB9/EMC_HPCPC_905/Data1.cab WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/RoxioCB9/EMC_HPCPC_905/Data11.cab ALERT: [JAVA/Fester.D.1] /media/Devices/sda1/Users/Jeroen/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/27/7061701b-1398909c --> vload.class <<< Contains signature of the Java virus JAVA/Fester.D.1 [archive scan abort] WARNING: [The files in archive are multiple volume] /media/Devices/sda1/Users/Jeroen/AppData/Roaming/GrabIt/Temp/B05L02I20N11KIHTEVLTDG09.part55.rar WARNING: [The files in archive are multiple volume] /media/Devices/sda1/Users/Jeroen/AppData/Roaming/GrabIt/Temp/B05L02I20N11KIHTEVLTDG09.part56.rar WARNING: [The files in archive are multiple volume] /media/Devices/sda1/Users/Jeroen/AppData/Roaming/GrabIt/Temp/B05L02I20N11KIHTEVLTDG09.part57.rar WARNING: [The files in archive are multiple volume] /media/Devices/sda1/Users/Jeroen/AppData/Roaming/GrabIt/Temp/QDAP-2116.part004.rar WARNING: [The files in archive are multiple volume] /media/Devices/sda1/Users/Jeroen/AppData/Roaming/GrabIt/Temp/QDAP-2116.part006.rar WARNING: [The files in archive are multiple volume] /media/Devices/sda1/Users/Jeroen/AppData/Roaming/GrabIt/Temp/QDAP-2116.part011.rar WARNING: [The files in archive are multiple volume] /media/Devices/sda1/Users/Jeroen/AppData/Roaming/GrabIt/Temp/QDAP-2116.part089.rar ALERT: [TR/Dropper.Gen] /media/Devices/sda1/Users/Jeroen/Documents/Azureus Downloads/Black and White Plus Key Generator PLUS Manual - Gowenna/B&Wkg.exe <<< Is the Trojan horse TR/Dropper.Gen [renamed] WARNING: [The files in archive are multiple volume] /media/Devices/sda1/Users/Jeroen/Documents/Downloads/mystery and style/Erik von Markovik aka _Mystery_ method - venusian arts/Mystery Method - Volume 3 - 05.avi ALERT: [TR/ADH.SP] /media/Devices/sda1/Users/Jeroen/Documents/Downloads/Norton Utilities 2010 v14.5.0.116b + TrialReset v1.0 [RH]/NU.2010.v14.5.0.116b_[RH].rar --> Norton Utilities 2010 v14.5.0.116b\Norton Utilities_Trial.Reset v1.0\NUTR_1.0.exe <<< Is the Trojan horse TR/ADH.SP [archive scan abort] WARNING: [Unsupported archive type] /media/Devices/sda1/Users/Jeroen/Documents/Downloads/Hunter Windows xp professional 2009 NL/Windows Xp Professional NL 2009.iso --> OEM/DP3P0002.7z WARNING: [Error writing file] /media/Devices/sda1/Users/Jeroen/Downloads/AssassinsCreedREPACK-RELOADED/rld-acrr.iso ALERT: [TR/Dldr.Age.1171323] /media/Devices/sda1/Users/Jeroen/Shared/De Heideroosjes - Ik Wil Niks.wma <<< Is the Trojan horse TR/Dldr.Age.1171323 [renamed] ALERT: [TR/Dldr.Age.1171323] /media/Devices/sda1/Users/Jeroen/Shared/De Heideroosjes - The Lovesong that Im Not Allowed To Write.wma <<< Is the Trojan horse TR/Dldr.Age.1171323 [renamed] WARNING: [Unexpected end of file] /media/Devices/sda1/Users/Public/Phoenix_15beta4.rar --> Phoenix.exe --> ProgramFilesDir/[UnknownDir] ALERT: [Java/Exdoer.BK] /media/Devices/sda1/Windows/System32/config/systemprofile/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/1/68cd3e01-6521a1d9 --> settings/Form.class <<< Contains signature of the Java virus JAVA/Exdoer.BK [archive scan abort] ALERT: [EXP/2010-4452.D] /media/Devices/sda1/Windows/System32/config/systemprofile/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/49/73190831-414a2e6f <<< Contains signature of the exploits EXP/2010-4452.D [renamed] Statistics : Directories............... : 26453 Archives.................. : 3759 Files..................... : 923515 Infected.............. : 8 Renamed........... : 8 Warnings.............. : 72 Suspicious............ : 0 Infections................ : 8 Na de scan heb ik een reboot gedaan zoals stond bij de uitleg. Echter, daardoor kwam ik weer terug bij de foutmelding van windows boot manager. Hoe nu verder?? Alvast bedankt voor de hulp, Shot_Caller
  • Ik heb inmiddels (na een backup te hebben gemaakt van het betreffende bestand) [b:0eb7798878]dwprot.sys [/b:0eb7798878]verwijderd uit de driver directory van windows. En wat blijkt: hij start weer gewoon op zonder foutmelding! Voor de zekerheid knal ik er ook nog even een HijackThis tegenaan waarvan ik de logfile zo even zal plaatsen. Ik heb namelijk het idee dat er adware of spyware of virussen op de laptop staan, omdat hij in de loop der tijd nogal traag is geworden.
  • En zoals beloofd is hier de HijackThis logfile. Als iemand hier nog even naar zou willen kijken, zou dat super zijn! De laptop doet het tot nu toe redelijk goed, alleen had hij wel wat moeite met Hijackthis (foutmelding tijdens het scannen, maar scan ging gewoon door). Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:32:20, on 14-6-2011 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.17037) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:49657 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Users\Jeroen\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jeroen\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O13 - Gopher Prefix: O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O20 - AppInit_DLLs: APSHook.dll O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- End of file - 7562 bytes
  • Mooi dat je het machientje weer aan de praat hebt! Begin met de volgende 3 scans: 1) [b:96088754d7]Welk programma[/b:96088754d7]: MBRCheck.exe [b:96088754d7]Waarvoor/waarom[/b:96088754d7]: speciale scan op mbr-rootkits [b:96088754d7]Moeilijkheidsgraad[/b:96088754d7]: geen. [b:96088754d7]Download [url=http://ad13.geekstogo.com/MBRCheck.exe]MBRCheck.exe[/url][/b:96088754d7] [b:96088754d7]MBRCheck.exe opstarten[/b:96088754d7]: Windows 2000 en Windows XP: start "MBRCheck.exe" middels dubbelklik op "MBRCheck.exe". Windows Vista en Windows 7: start "MBRCheck.exe" middels rechtsklik op "MBRCheck.exe" en dan kiezen voor "Als Administrator uitvoeren". [list:96088754d7][*:96088754d7]een zwart scherm toont zich met enkele data erin. [*:96088754d7]Op je bureaublad zal een logbestand met de naam "MBRcheckxxxx.txt" verschijnen. [*:96088754d7]Kopieer nu de inhoud van dat log in je volgende post.[/list:u:96088754d7] 2) [b:96088754d7]Welk programma[/b:96088754d7]: Kaspersky [b:96088754d7]TDSSKiller[/b:96088754d7] [b:96088754d7]Waarvoor/waarom[/b:96088754d7]: Rootkitscanner [b:96088754d7]Moeilijkheidsgraad[/b:96088754d7]: geen [b:96088754d7]Downloadlokatie[/b:96088754d7]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen! [b:96088754d7]Download[/b:96088754d7] [b:96088754d7]TDSSKiller[/b:96088754d7] [url=http://support.kaspersky.com/downloads/utils/tdsskiller.zip][b:96088754d7]hier[/b:96088754d7][/url]. [b:96088754d7]Installatie[/b:96088754d7]: [list:96088754d7][*:96088754d7] pak het bestand uit op je bureaublad.[/list:u:96088754d7] [b:96088754d7]TDSSKiller gebruiken[/b:96088754d7]: [list:96088754d7][*:96088754d7]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe. [*:96088754d7]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:96088754d7]Als Administrator uitvoeren[/b:96088754d7]. [*:96088754d7] Nadat de scan klaar is, vindt je het log in de C:\ partitie [*:96088754d7] Post de inhoud van dat log[/list:u:96088754d7] 3) [b:96088754d7]Welk programma[/b:96088754d7]: Malwarebytes MBAM [b:96088754d7]Waarvoor/waarom[/b:96088754d7]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware. [b:96088754d7]Moeilijkheidsgraad[/b:96088754d7]: geen. [b:96088754d7]Download Malwarebytes MBAM via één van deze locaties[/b:96088754d7]: [list:96088754d7][*:96088754d7][url=http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?][b:96088754d7]Download.com[/b:96088754d7][/url] [*:96088754d7][url=http://www.softpedia.com/result.php?sid=&pid=1-423&r=Z2V0L0FudGl2aXJ1cy9NYWx3YXJlYnl0ZXMtQW50aS1NYWx3YXJlLnNodG1s][b:96088754d7]Softpedia.com[/b:96088754d7][/url][*:96088754d7][url=http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html][b:96088754d7]Majorgeeks.com[/b:96088754d7][/url][/list:u:96088754d7] [b:96088754d7]Allereerst[/b:96088754d7]:[list:96088754d7][*:96088754d7] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus. [*:96088754d7] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:96088754d7] [b:96088754d7]Malwarebytes MBAM opstarten[/b:96088754d7]: Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling. Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren. [b:96088754d7]Scannen[/b:96088754d7]: [list:96088754d7][*:96088754d7] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'. [*:96088754d7]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'. [*:96088754d7]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:96088754d7] [b:96088754d7]Infecties gevonden[/b:96088754d7]: [list:96088754d7][*:96088754d7]Klik nu eerst op OK om de melding weg te klikken [*:96088754d7]Klik vervolgens rechtsonder op de knop Bekijk resultaten. [*:96088754d7]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde. [*:96088754d7]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [*:96088754d7]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken! [*:96088754d7]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:96088754d7] [b:96088754d7]MBAM-Log[/b:96088754d7]: [list:96088754d7][*:96088754d7] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:96088754d7] [b:96088754d7]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:96088754d7] [b:96088754d7]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:96088754d7] [list:96088754d7][*:96088754d7] MBRCheck-log [*:96088754d7] TDSSKiller-log [*:96088754d7] MBAM scanlog [*:96088754d7] laat ook weten wanneer je ergens een probleem mee hebt[/list:u:96088754d7]
  • Thanks voor de hulp! Hierbij de logfiles, als eerste de [b:6caf6550b3]MBRCheck-log[/b:6caf6550b3]: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: (build 6000), 32-bit Base Board Manufacturer: Quanta BIOS Manufacturer: Hewlett-Packard System Manufacturer: Hewlett-Packard System Product Name: HP Pavilion dv9500 Notebook PC Logical Drives Mask: 0x0000003c Kernel Drivers (total 166): 0x82800000 \SystemRoot\system32\ntkrnlpa.exe 0x82BA1000 \SystemRoot\system32\hal.dll 0x802C6000 \SystemRoot\system32\kdcom.dll 0x802BD000 \SystemRoot\system32\PSHED.dll 0x802B5000 \SystemRoot\system32\BOOTVID.dll 0x8027A000 \SystemRoot\system32\CLFS.SYS 0x8051F000 \SystemRoot\system32\CI.dll 0x804A3000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8026D000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8070D000 \SystemRoot\System32\Drivers\spia.sys 0x80264000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x8023E000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x80460000 \SystemRoot\system32\drivers\acpi.sys 0x80236000 \SystemRoot\system32\drivers\msisadrv.sys 0x80227000 \SystemRoot\system32\drivers\volmgr.sys 0x80202000 \SystemRoot\system32\drivers\pci.sys 0x8045D000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x80453000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x80443000 \SystemRoot\System32\drivers\mountmgr.sys 0x8043C000 \SystemRoot\system32\drivers\pciide.sys 0x8042E000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x806C3000 \SystemRoot\System32\drivers\volmgrx.sys 0x80426000 \SystemRoot\system32\drivers\atapi.sys 0x80408000 \SystemRoot\system32\drivers\ataport.SYS 0x806B6000 \SystemRoot\System32\Drivers\AFS.sys 0x80685000 \SystemRoot\system32\drivers\fltmgr.sys 0x80675000 \SystemRoot\system32\drivers\fileinfo.sys 0x80666000 \SystemRoot\system32\DRIVERS\Lbd.sys 0x8065D000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x826FC000 \SystemRoot\system32\drivers\ndis.sys 0x80632000 \SystemRoot\system32\drivers\msrpc.sys 0x826C3000 \SystemRoot\system32\drivers\NETIO.SYS 0x830F8000 \SystemRoot\System32\Drivers\Ntfs.sys 0x82659000 \SystemRoot\System32\Drivers\ksecdd.sys 0x80400000 \SystemRoot\system32\drivers\wd.sys 0x82623000 \SystemRoot\system32\drivers\volsnap.sys 0x8062A000 \SystemRoot\System32\Drivers\spldr.sys 0x8061B000 \SystemRoot\System32\drivers\partmgr.sys 0x8060C000 \SystemRoot\System32\Drivers\mup.sys 0x830D3000 \SystemRoot\System32\drivers\ecache.sys 0x82612000 \SystemRoot\system32\drivers\disk.sys 0x830B2000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x80603000 \SystemRoot\system32\drivers\crcdisk.sys 0x8260B000 \SystemRoot\system32\DRIVERS\avgrkx86.sys 0x82607000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys 0x8B842000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8B950000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x83063000 \SystemRoot\system32\DRIVERS\amdk8.sys 0x890E2000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8B818000 \SystemRoot\system32\DRIVERS\cpqbttn.sys 0x891F0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x8B805000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x8B959000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x8B81E000 \SystemRoot\system32\DRIVERS\nvsmu.sys 0x8BD96000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x8BD59000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x89001000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8BC58000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys 0x8BC3F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x832EC000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x8BC31000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x8BC19000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x8B860000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0x8BC05000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0x8C0EF000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0x8C0D7000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8C051000 \SystemRoot\system32\DRIVERS\bcmwl6.sys 0x8C306000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x8B9FE000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x8C269000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8900F000 \SystemRoot\System32\drivers\watchdog.sys 0x8C230000 \SystemRoot\System32\Drivers\alpljjku.SYS 0x8C21D000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8C006000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8C1F2000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x8B9FC000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8C1E7000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8D105000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8D0C5000 \SystemRoot\system32\DRIVERS\storport.sys 0x8C1DC000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8D0AE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8D0A3000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8D080000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8B86F000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8D06D000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8B87E000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8B9E4000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8D043000 \SystemRoot\system32\DRIVERS\ks.sys 0x8D039000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8D13D000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8B974000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x8D005000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x891A0000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8D332000 \SystemRoot\system32\drivers\CHDRT32.sys 0x8D305000 \SystemRoot\system32\drivers\portcls.sys 0x8D2E0000 \SystemRoot\system32\drivers\drmk.sys 0x8D2A3000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys 0x8D4FD000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys 0x8D449000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys 0x8D14A000 \SystemRoot\system32\drivers\modem.sys 0x8D257000 \SystemRoot\system32\DRIVERS\avgmfx86.sys 0x8B9AA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8C1B3000 \SystemRoot\System32\Drivers\Null.SYS 0x8C1BA000 \SystemRoot\System32\Drivers\Beep.SYS 0x8D24B000 \SystemRoot\System32\drivers\vga.sys 0x8D22A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8907C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x89084000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8D365000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8D21C000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8B9B3000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8D72B000 \SystemRoot\System32\drivers\tcpip.sys 0x8D410000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8D716000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8D702000 \SystemRoot\system32\DRIVERS\smb.sys 0x8D6BB000 \SystemRoot\system32\DRIVERS\avgtdix.sys 0x8D689000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8D642000 \SystemRoot\system32\drivers\afd.sys 0x8D62C000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8D402000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8B9E0000 \SystemRoot\system32\DRIVERS\eabfiltr.sys 0x8D619000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8DDC5000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8D212000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8D602000 \SystemRoot\System32\Drivers\dfsc.sys 0x8DD89000 \SystemRoot\system32\DRIVERS\avgldx86.sys 0x8DC43000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x8B96B000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x89044000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x8DC02000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys 0x90E00000 \SystemRoot\System32\win32k.sys 0x8DF04000 \SystemRoot\System32\drivers\Dxapi.sys 0x8B923000 \SystemRoot\system32\DRIVERS\monitor.sys 0x9A400000 \SystemRoot\System32\TSDDD.dll 0x9A410000 \SystemRoot\System32\cdd.dll 0x91A83000 \SystemRoot\system32\drivers\luafv.sys 0x89150000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x9CEF5000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x8DF2C000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x9CE05000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x9D532000 \SystemRoot\system32\drivers\spsys.sys 0xA0B97000 \SystemRoot\system32\drivers\HTTP.sys 0x9D407000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9D4C9000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9D4B5000 \SystemRoot\System32\drivers\mpsdrv.sys 0xA0B01000 \SystemRoot\system32\drivers\mrxdav.sys 0xA0AE3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA0AAA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA0A98000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA0A74000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA0A23000 \SystemRoot\System32\DRIVERS\srv.sys 0xA117D000 \SystemRoot\system32\DRIVERS\atksgt.sys 0x8BDE8000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys 0x8C14A000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0xA11C0000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xA1322000 \SystemRoot\system32\drivers\peauth.sys 0x8DEA0000 \SystemRoot\System32\Drivers\secdrv.SYS 0x8DCD0000 \SystemRoot\System32\drivers\tcpipreg.sys 0x91888000 \SystemRoot\system32\DRIVERS\xaudio.sys 0x8C14F000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys 0xA1202000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys 0xA1040000 \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys 0xA221B000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA5240000 \SystemRoot\System32\Drivers\fastfat.SYS 0x775D0000 \Windows\System32\ntdll.dll 0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll Processes (total 49): 0 System Idle Process 4 System 428 C:\Windows\System32\smss.exe 464 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe 720 csrss.exe 804 csrss.exe 812 C:\Windows\System32\wininit.exe 864 C:\Windows\System32\winlogon.exe 904 C:\Windows\System32\services.exe 916 C:\Windows\System32\lsass.exe 924 C:\Windows\System32\lsm.exe 1092 C:\Windows\System32\svchost.exe 1132 C:\Windows\System32\svchost.exe 1180 C:\Windows\System32\svchost.exe 1316 C:\Windows\System32\svchost.exe 1340 C:\Windows\System32\svchost.exe 1356 C:\Windows\System32\svchost.exe 1444 C:\Windows\System32\audiodg.exe 1632 C:\Windows\System32\svchost.exe 1648 C:\Windows\System32\SLsvc.exe 1672 C:\Windows\System32\svchost.exe 1880 C:\Windows\System32\svchost.exe 372 C:\Windows\System32\spoolsv.exe 460 C:\Windows\System32\svchost.exe 1028 C:\Program Files\AVG\AVG10\avgwdsvc.exe 1604 C:\Windows\System32\PnkBstrA.exe 1660 C:\Windows\System32\svchost.exe 1828 C:\Windows\System32\svchost.exe 1460 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe 1740 C:\Windows\System32\svchost.exe 2212 C:\Windows\System32\taskeng.exe 2336 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe 2648 C:\Windows\System32\dwm.exe 2664 C:\Windows\System32\taskeng.exe 2728 C:\Windows\explorer.exe 2780 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe 2940 C:\Program Files\AVG\AVG10\avgnsx.exe 3000 C:\Program Files\AVG\AVG10\avgemcx.exe 3116 C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe 3764 C:\Program Files\AVG\AVG10\avgtray.exe 3784 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe 2704 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe 2544 C:\Windows\System32\wuauclt.exe 2204 C:\PROGRA~1\AVG\AVG10\avgrsx.exe 2628 C:\Program Files\AVG\AVG10\avgcsrvx.exe 5080 C:\Program Files\Internet Explorer\iexplore.exe 5228 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe 5688 C:\Users\Jeroen\Desktop\MBRCheck.exe 4304 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000023`85ec6a00 (NTFS) PhysicalDrive0 Model Number: TOSHIBAMK1637GSX, Rev: DL032C Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! Vervolgens de [b:6caf6550b3]TDSSKiller-log [/b:6caf6550b3](hierbij vond hij iets, maar heb ik op de optie "skip geklikt" ik had geen idee wat ik daar had moeten doen. : MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: (build 6000), 32-bit Base Board Manufacturer: Quanta BIOS Manufacturer: Hewlett-Packard System Manufacturer: Hewlett-Packard System Product Name: HP Pavilion dv9500 Notebook PC Logical Drives Mask: 0x0000003c Kernel Drivers (total 166): 0x82800000 \SystemRoot\system32\ntkrnlpa.exe 0x82BA1000 \SystemRoot\system32\hal.dll 0x802C6000 \SystemRoot\system32\kdcom.dll 0x802BD000 \SystemRoot\system32\PSHED.dll 0x802B5000 \SystemRoot\system32\BOOTVID.dll 0x8027A000 \SystemRoot\system32\CLFS.SYS 0x8051F000 \SystemRoot\system32\CI.dll 0x804A3000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8026D000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8070D000 \SystemRoot\System32\Drivers\spia.sys 0x80264000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x8023E000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x80460000 \SystemRoot\system32\drivers\acpi.sys 0x80236000 \SystemRoot\system32\drivers\msisadrv.sys 0x80227000 \SystemRoot\system32\drivers\volmgr.sys 0x80202000 \SystemRoot\system32\drivers\pci.sys 0x8045D000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x80453000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x80443000 \SystemRoot\System32\drivers\mountmgr.sys 0x8043C000 \SystemRoot\system32\drivers\pciide.sys 0x8042E000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x806C3000 \SystemRoot\System32\drivers\volmgrx.sys 0x80426000 \SystemRoot\system32\drivers\atapi.sys 0x80408000 \SystemRoot\system32\drivers\ataport.SYS 0x806B6000 \SystemRoot\System32\Drivers\AFS.sys 0x80685000 \SystemRoot\system32\drivers\fltmgr.sys 0x80675000 \SystemRoot\system32\drivers\fileinfo.sys 0x80666000 \SystemRoot\system32\DRIVERS\Lbd.sys 0x8065D000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x826FC000 \SystemRoot\system32\drivers\ndis.sys 0x80632000 \SystemRoot\system32\drivers\msrpc.sys 0x826C3000 \SystemRoot\system32\drivers\NETIO.SYS 0x830F8000 \SystemRoot\System32\Drivers\Ntfs.sys 0x82659000 \SystemRoot\System32\Drivers\ksecdd.sys 0x80400000 \SystemRoot\system32\drivers\wd.sys 0x82623000 \SystemRoot\system32\drivers\volsnap.sys 0x8062A000 \SystemRoot\System32\Drivers\spldr.sys 0x8061B000 \SystemRoot\System32\drivers\partmgr.sys 0x8060C000 \SystemRoot\System32\Drivers\mup.sys 0x830D3000 \SystemRoot\System32\drivers\ecache.sys 0x82612000 \SystemRoot\system32\drivers\disk.sys 0x830B2000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x80603000 \SystemRoot\system32\drivers\crcdisk.sys 0x8260B000 \SystemRoot\system32\DRIVERS\avgrkx86.sys 0x82607000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys 0x8B842000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8B950000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x83063000 \SystemRoot\system32\DRIVERS\amdk8.sys 0x890E2000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8B818000 \SystemRoot\system32\DRIVERS\cpqbttn.sys 0x891F0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x8B805000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x8B959000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x8B81E000 \SystemRoot\system32\DRIVERS\nvsmu.sys 0x8BD96000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x8BD59000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x89001000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8BC58000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys 0x8BC3F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x832EC000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x8BC31000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x8BC19000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x8B860000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0x8BC05000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0x8C0EF000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0x8C0D7000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8C051000 \SystemRoot\system32\DRIVERS\bcmwl6.sys 0x8C306000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x8B9FE000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x8C269000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8900F000 \SystemRoot\System32\drivers\watchdog.sys 0x8C230000 \SystemRoot\System32\Drivers\alpljjku.SYS 0x8C21D000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8C006000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8C1F2000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x8B9FC000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8C1E7000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8D105000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8D0C5000 \SystemRoot\system32\DRIVERS\storport.sys 0x8C1DC000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8D0AE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8D0A3000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8D080000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8B86F000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8D06D000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8B87E000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8B9E4000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8D043000 \SystemRoot\system32\DRIVERS\ks.sys 0x8D039000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8D13D000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8B974000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x8D005000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x891A0000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8D332000 \SystemRoot\system32\drivers\CHDRT32.sys 0x8D305000 \SystemRoot\system32\drivers\portcls.sys 0x8D2E0000 \SystemRoot\system32\drivers\drmk.sys 0x8D2A3000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys 0x8D4FD000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys 0x8D449000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys 0x8D14A000 \SystemRoot\system32\drivers\modem.sys 0x8D257000 \SystemRoot\system32\DRIVERS\avgmfx86.sys 0x8B9AA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8C1B3000 \SystemRoot\System32\Drivers\Null.SYS 0x8C1BA000 \SystemRoot\System32\Drivers\Beep.SYS 0x8D24B000 \SystemRoot\System32\drivers\vga.sys 0x8D22A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8907C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x89084000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8D365000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8D21C000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8B9B3000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8D72B000 \SystemRoot\System32\drivers\tcpip.sys 0x8D410000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8D716000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8D702000 \SystemRoot\system32\DRIVERS\smb.sys 0x8D6BB000 \SystemRoot\system32\DRIVERS\avgtdix.sys 0x8D689000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8D642000 \SystemRoot\system32\drivers\afd.sys 0x8D62C000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8D402000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8B9E0000 \SystemRoot\system32\DRIVERS\eabfiltr.sys 0x8D619000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8DDC5000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8D212000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8D602000 \SystemRoot\System32\Drivers\dfsc.sys 0x8DD89000 \SystemRoot\system32\DRIVERS\avgldx86.sys 0x8DC43000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x8B96B000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x89044000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x8DC02000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys 0x90E00000 \SystemRoot\System32\win32k.sys 0x8DF04000 \SystemRoot\System32\drivers\Dxapi.sys 0x8B923000 \SystemRoot\system32\DRIVERS\monitor.sys 0x9A400000 \SystemRoot\System32\TSDDD.dll 0x9A410000 \SystemRoot\System32\cdd.dll 0x91A83000 \SystemRoot\system32\drivers\luafv.sys 0x89150000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x9CEF5000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x8DF2C000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x9CE05000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x9D532000 \SystemRoot\system32\drivers\spsys.sys 0xA0B97000 \SystemRoot\system32\drivers\HTTP.sys 0x9D407000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9D4C9000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9D4B5000 \SystemRoot\System32\drivers\mpsdrv.sys 0xA0B01000 \SystemRoot\system32\drivers\mrxdav.sys 0xA0AE3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA0AAA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA0A98000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA0A74000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA0A23000 \SystemRoot\System32\DRIVERS\srv.sys 0xA117D000 \SystemRoot\system32\DRIVERS\atksgt.sys 0x8BDE8000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys 0x8C14A000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0xA11C0000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xA1322000 \SystemRoot\system32\drivers\peauth.sys 0x8DEA0000 \SystemRoot\System32\Drivers\secdrv.SYS 0x8DCD0000 \SystemRoot\System32\drivers\tcpipreg.sys 0x91888000 \SystemRoot\system32\DRIVERS\xaudio.sys 0x8C14F000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys 0xA1202000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys 0xA1040000 \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys 0xA221B000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA5240000 \SystemRoot\System32\Drivers\fastfat.SYS 0x775D0000 \Windows\System32\ntdll.dll 0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll Processes (total 49): 0 System Idle Process 4 System 428 C:\Windows\System32\smss.exe 464 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe 720 csrss.exe 804 csrss.exe 812 C:\Windows\System32\wininit.exe 864 C:\Windows\System32\winlogon.exe 904 C:\Windows\System32\services.exe 916 C:\Windows\System32\lsass.exe 924 C:\Windows\System32\lsm.exe 1092 C:\Windows\System32\svchost.exe 1132 C:\Windows\System32\svchost.exe 1180 C:\Windows\System32\svchost.exe 1316 C:\Windows\System32\svchost.exe 1340 C:\Windows\System32\svchost.exe 1356 C:\Windows\System32\svchost.exe 1444 C:\Windows\System32\audiodg.exe 1632 C:\Windows\System32\svchost.exe 1648 C:\Windows\System32\SLsvc.exe 1672 C:\Windows\System32\svchost.exe 1880 C:\Windows\System32\svchost.exe 372 C:\Windows\System32\spoolsv.exe 460 C:\Windows\System32\svchost.exe 1028 C:\Program Files\AVG\AVG10\avgwdsvc.exe 1604 C:\Windows\System32\PnkBstrA.exe 1660 C:\Windows\System32\svchost.exe 1828 C:\Windows\System32\svchost.exe 1460 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe 1740 C:\Windows\System32\svchost.exe 2212 C:\Windows\System32\taskeng.exe 2336 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe 2648 C:\Windows\System32\dwm.exe 2664 C:\Windows\System32\taskeng.exe 2728 C:\Windows\explorer.exe 2780 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe 2940 C:\Program Files\AVG\AVG10\avgnsx.exe 3000 C:\Program Files\AVG\AVG10\avgemcx.exe 3116 C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe 3764 C:\Program Files\AVG\AVG10\avgtray.exe 3784 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe 2704 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe 2544 C:\Windows\System32\wuauclt.exe 2204 C:\PROGRA~1\AVG\AVG10\avgrsx.exe 2628 C:\Program Files\AVG\AVG10\avgcsrvx.exe 5080 C:\Program Files\Internet Explorer\iexplore.exe 5228 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe 5688 C:\Users\Jeroen\Desktop\MBRCheck.exe 4304 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000023`85ec6a00 (NTFS) PhysicalDrive0 Model Number: TOSHIBAMK1637GSX, Rev: DL032C Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! En als laatste de [b:6caf6550b3]MBAM-log[/b:6caf6550b3]: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Databaseversie: 6856 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 14-6-2011 20:05:03 mbam-log-2011-06-14 (20-05-03).txt Scantype: Snelle scan Objecten gescand: 179120 Verstreken tijd: 5 minuut/minuten, 20 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 1 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd)
  • Mijn fout, ik zie dat ik de MBRChecklog 2x heb geplaatst en de TDSSKillerlog ben vergeten, dus hierbij alsnog de TDSSKiller-logfile: 2011/06/14 19:46:50.0381 5152 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48 2011/06/14 19:46:50.0615 5152 ================================================================================ 2011/06/14 19:46:50.0615 5152 SystemInfo: 2011/06/14 19:46:50.0615 5152 2011/06/14 19:46:50.0615 5152 OS Version: 6.0.6000 ServicePack: 0.0 2011/06/14 19:46:50.0615 5152 Product type: Workstation 2011/06/14 19:46:50.0615 5152 ComputerName: PC_VAN_JEROEN 2011/06/14 19:46:50.0615 5152 UserName: Jeroen 2011/06/14 19:46:50.0615 5152 Windows directory: C:\Windows 2011/06/14 19:46:50.0615 5152 System windows directory: C:\Windows 2011/06/14 19:46:50.0615 5152 Processor architecture: Intel x86 2011/06/14 19:46:50.0615 5152 Number of processors: 2 2011/06/14 19:46:50.0615 5152 Page size: 0x1000 2011/06/14 19:46:50.0615 5152 Boot type: Normal boot 2011/06/14 19:46:50.0615 5152 ================================================================================ 2011/06/14 19:46:51.0145 5152 Initialize success 2011/06/14 19:46:55.0217 4944 ================================================================================ 2011/06/14 19:46:55.0217 4944 Scan started 2011/06/14 19:46:55.0217 4944 Mode: Manual; 2011/06/14 19:46:55.0217 4944 ================================================================================ 2011/06/14 19:46:56.0293 4944 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys 2011/06/14 19:46:56.0371 4944 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/06/14 19:46:56.0434 4944 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/06/14 19:46:56.0480 4944 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/06/14 19:46:56.0574 4944 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/06/14 19:46:56.0636 4944 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys 2011/06/14 19:46:56.0730 4944 AFS (be913403ed7219894b30e362fd8d4313) C:\Windows\system32\drivers\AFS.sys 2011/06/14 19:46:56.0808 4944 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2011/06/14 19:46:56.0933 4944 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/06/14 19:46:56.0980 4944 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2011/06/14 19:46:56.0995 4944 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/06/14 19:46:57.0026 4944 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2011/06/14 19:46:57.0058 4944 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/06/14 19:46:57.0120 4944 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys 2011/06/14 19:46:57.0276 4944 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/06/14 19:46:57.0323 4944 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/06/14 19:46:57.0432 4944 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/06/14 19:46:57.0479 4944 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys 2011/06/14 19:46:57.0635 4944 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys 2011/06/14 19:46:57.0682 4944 ATSWPDRV (fb2162aff83d519cd77431a1bc5ee0ed) C:\Windows\system32\DRIVERS\ATSwpDrv.sys 2011/06/14 19:46:57.0806 4944 AVGIDSDriver (97824e8c95d9717777abd46a7b632310) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 2011/06/14 19:46:57.0916 4944 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 2011/06/14 19:46:57.0947 4944 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 2011/06/14 19:46:58.0009 4944 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 2011/06/14 19:46:58.0087 4944 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys 2011/06/14 19:46:58.0165 4944 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys 2011/06/14 19:46:58.0259 4944 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys 2011/06/14 19:46:58.0368 4944 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys 2011/06/14 19:46:58.0602 4944 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys 2011/06/14 19:46:58.0649 4944 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys 2011/06/14 19:46:58.0898 4944 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys 2011/06/14 19:46:59.0226 4944 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys 2011/06/14 19:46:59.0366 4944 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/06/14 19:46:59.0444 4944 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/06/14 19:46:59.0522 4944 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/06/14 19:46:59.0585 4944 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/06/14 19:46:59.0803 4944 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/06/14 19:46:59.0850 4944 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/06/14 19:46:59.0990 4944 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/06/14 19:47:00.0068 4944 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys 2011/06/14 19:47:00.0115 4944 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys 2011/06/14 19:47:00.0302 4944 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/06/14 19:47:00.0380 4944 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys 2011/06/14 19:47:00.0583 4944 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/06/14 19:47:00.0646 4944 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2011/06/14 19:47:00.0708 4944 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys 2011/06/14 19:47:00.0755 4944 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/06/14 19:47:01.0004 4944 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/06/14 19:47:01.0051 4944 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/06/14 19:47:01.0160 4944 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys 2011/06/14 19:47:01.0192 4944 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys 2011/06/14 19:47:01.0332 4944 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys 2011/06/14 19:47:01.0457 4944 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys 2011/06/14 19:47:01.0504 4944 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys 2011/06/14 19:47:01.0566 4944 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/06/14 19:47:01.0675 4944 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys 2011/06/14 19:47:01.0738 4944 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys 2011/06/14 19:47:01.0909 4944 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/06/14 19:47:02.0034 4944 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys 2011/06/14 19:47:02.0065 4944 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/06/14 19:47:02.0143 4944 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys 2011/06/14 19:47:02.0190 4944 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys 2011/06/14 19:47:02.0221 4944 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/06/14 19:47:02.0268 4944 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys 2011/06/14 19:47:02.0362 4944 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys 2011/06/14 19:47:02.0393 4944 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/06/14 19:47:02.0596 4944 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys 2011/06/14 19:47:02.0720 4944 HdAudAddService (a08f4808fb19a40792a6056848187afe) C:\Windows\system32\drivers\CHDART.sys 2011/06/14 19:47:02.0798 4944 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/06/14 19:47:02.0845 4944 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/06/14 19:47:02.0876 4944 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/06/14 19:47:02.0970 4944 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys 2011/06/14 19:47:03.0064 4944 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/06/14 19:47:03.0126 4944 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2011/06/14 19:47:03.0220 4944 HSF_DPV (0d7a055a840c3099c37d576573a42cd5) C:\Windows\system32\DRIVERS\HSX_DPV.sys 2011/06/14 19:47:03.0313 4944 HSXHWAZL (bcc074692882c056b0e1ac97f3331a02) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 2011/06/14 19:47:03.0469 4944 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys 2011/06/14 19:47:03.0547 4944 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/06/14 19:47:03.0594 4944 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/06/14 19:47:03.0688 4944 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/06/14 19:47:03.0828 4944 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/06/14 19:47:03.0890 4944 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/06/14 19:47:03.0937 4944 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys 2011/06/14 19:47:03.0984 4944 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 2011/06/14 19:47:04.0015 4944 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/06/14 19:47:04.0156 4944 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/06/14 19:47:04.0202 4944 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys 2011/06/14 19:47:04.0234 4944 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys 2011/06/14 19:47:04.0280 4944 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2011/06/14 19:47:04.0327 4944 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/06/14 19:47:04.0452 4944 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/06/14 19:47:04.0483 4944 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/06/14 19:47:04.0530 4944 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/06/14 19:47:04.0577 4944 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/06/14 19:47:04.0639 4944 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys 2011/06/14 19:47:04.0795 4944 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\Windows\system32\DRIVERS\Lbd.sys 2011/06/14 19:47:04.0920 4944 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys 2011/06/14 19:47:04.0967 4944 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys 2011/06/14 19:47:05.0076 4944 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/06/14 19:47:05.0123 4944 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/06/14 19:47:05.0154 4944 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/06/14 19:47:05.0201 4944 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys 2011/06/14 19:47:05.0279 4944 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\Windows\system32\Drivers\LVPr2Mon.sys 2011/06/14 19:47:05.0419 4944 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\Windows\system32\DRIVERS\lvrs.sys 2011/06/14 19:47:05.0466 4944 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\Windows\system32\drivers\LVUSBSta.sys 2011/06/14 19:47:05.0653 4944 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\Windows\system32\DRIVERS\lvuvc.sys 2011/06/14 19:47:05.0934 4944 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2011/06/14 19:47:05.0981 4944 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/06/14 19:47:06.0043 4944 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys 2011/06/14 19:47:06.0090 4944 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys 2011/06/14 19:47:06.0152 4944 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys 2011/06/14 19:47:06.0230 4944 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys 2011/06/14 19:47:06.0277 4944 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys 2011/06/14 19:47:06.0308 4944 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/06/14 19:47:06.0355 4944 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys 2011/06/14 19:47:06.0433 4944 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/06/14 19:47:06.0496 4944 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys 2011/06/14 19:47:06.0558 4944 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/06/14 19:47:06.0589 4944 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/06/14 19:47:06.0620 4944 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/06/14 19:47:06.0683 4944 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 2011/06/14 19:47:06.0730 4944 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/06/14 19:47:06.0839 4944 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys 2011/06/14 19:47:06.0901 4944 msisadrv (2c3f1983cd3629573cb9e9658247847a) C:\Windows\system32\drivers\msisadrv.sys 2011/06/14 19:47:06.0979 4944 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys 2011/06/14 19:47:07.0026 4944 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/06/14 19:47:07.0088 4944 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys 2011/06/14 19:47:07.0135 4944 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys 2011/06/14 19:47:07.0198 4944 mssmbios (1f6f7159c75e4b27d138b5225808860f) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/06/14 19:47:07.0260 4944 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys 2011/06/14 19:47:07.0307 4944 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys 2011/06/14 19:47:07.0416 4944 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys 2011/06/14 19:47:07.0525 4944 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys 2011/06/14 19:47:07.0619 4944 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/06/14 19:47:07.0681 4944 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/06/14 19:47:07.0697 4944 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/06/14 19:47:07.0744 4944 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys 2011/06/14 19:47:07.0790 4944 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys 2011/06/14 19:47:07.0822 4944 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys 2011/06/14 19:47:07.0931 4944 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/06/14 19:47:08.0071 4944 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys 2011/06/14 19:47:08.0180 4944 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys 2011/06/14 19:47:08.0290 4944 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys 2011/06/14 19:47:08.0383 4944 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/06/14 19:47:08.0461 4944 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys 2011/06/14 19:47:08.0539 4944 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys 2011/06/14 19:47:09.0023 4944 nvlddmkm (19f5c4949b2e4cbd2e95b8ecdfc84d25) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/06/14 19:47:09.0584 4944 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/06/14 19:47:09.0631 4944 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys 2011/06/14 19:47:09.0678 4944 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/06/14 19:47:09.0725 4944 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2011/06/14 19:47:09.0834 4944 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/06/14 19:47:09.0974 4944 PAC207 (dca942c0a19a0ad2abcd9acf94eb4b10) C:\Windows\system32\DRIVERS\PFC027.SYS 2011/06/14 19:47:10.0068 4944 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/06/14 19:47:10.0099 4944 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys 2011/06/14 19:47:10.0177 4944 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/06/14 19:47:10.0255 4944 pci (5bedd5e1416da009c4f24adf8da13773) C:\Windows\system32\drivers\pci.sys 2011/06/14 19:47:10.0302 4944 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys 2011/06/14 19:47:10.0380 4944 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/06/14 19:47:10.0474 4944 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/06/14 19:47:10.0614 4944 PID_PEPI (a7598e897da639e255ad4188fa398478) C:\Windows\system32\DRIVERS\LV302V32.SYS 2011/06/14 19:47:10.0770 4944 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys 2011/06/14 19:47:10.0817 4944 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/06/14 19:47:10.0895 4944 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys 2011/06/14 19:47:10.0973 4944 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys 2011/06/14 19:47:11.0082 4944 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/06/14 19:47:11.0160 4944 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/06/14 19:47:11.0207 4944 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys 2011/06/14 19:47:11.0254 4944 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys 2011/06/14 19:47:11.0332 4944 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/06/14 19:47:11.0363 4944 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/06/14 19:47:11.0410 4944 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys 2011/06/14 19:47:11.0472 4944 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/06/14 19:47:11.0519 4944 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2011/06/14 19:47:11.0566 4944 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys 2011/06/14 19:47:11.0628 4944 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys 2011/06/14 19:47:11.0722 4944 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys 2011/06/14 19:47:11.0753 4944 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys 2011/06/14 19:47:11.0784 4944 rismxdp (c663af77e2f4eabf8eb08b388d2f1f36) C:\Windows\system32\DRIVERS\rixdptsk.sys 2011/06/14 19:47:11.0846 4944 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys 2011/06/14 19:47:11.0924 4944 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/06/14 19:47:11.0987 4944 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys 2011/06/14 19:47:12.0034 4944 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/06/14 19:47:12.0080 4944 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/06/14 19:47:12.0127 4944 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/06/14 19:47:12.0205 4944 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys 2011/06/14 19:47:12.0330 4944 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 2011/06/14 19:47:12.0377 4944 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 2011/06/14 19:47:12.0408 4944 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 2011/06/14 19:47:12.0439 4944 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/06/14 19:47:12.0548 4944 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2011/06/14 19:47:12.0611 4944 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/06/14 19:47:12.0689 4944 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/06/14 19:47:12.0751 4944 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys 2011/06/14 19:47:12.0860 4944 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys 2011/06/14 19:47:12.0938 4944 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2011/06/14 19:47:12.0938 4944 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/06/14 19:47:12.0970 4944 sptd - detected LockedFile.Multi.Generic (1) 2011/06/14 19:47:13.0048 4944 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys 2011/06/14 19:47:13.0094 4944 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys 2011/06/14 19:47:13.0172 4944 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys 2011/06/14 19:47:13.0235 4944 swenum (92894dd7fdd62af808b1409b73af9c73) C:\Windows\system32\DRIVERS\swenum.sys 2011/06/14 19:47:13.0297 4944 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/06/14 19:47:13.0375 4944 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/06/14 19:47:13.0422 4944 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/06/14 19:47:13.0469 4944 SynTP (8327106d1c93e9a7b98e63b9fcc24bb7) C:\Windows\system32\DRIVERS\SynTP.sys 2011/06/14 19:47:13.0796 4944 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys 2011/06/14 19:47:13.0906 4944 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys 2011/06/14 19:47:13.0968 4944 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys 2011/06/14 19:47:14.0015 4944 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys 2011/06/14 19:47:14.0108 4944 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys 2011/06/14 19:47:14.0140 4944 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys 2011/06/14 19:47:14.0186 4944 TermDD (85908da29af0ab835048107ad2ad07d1) C:\Windows\system32\DRIVERS\termdd.sys 2011/06/14 19:47:14.0311 4944 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/06/14 19:47:14.0452 4944 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys 2011/06/14 19:47:14.0514 4944 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys 2011/06/14 19:47:14.0576 4944 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys 2011/06/14 19:47:14.0623 4944 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/06/14 19:47:14.0670 4944 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys 2011/06/14 19:47:14.0748 4944 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2011/06/14 19:47:14.0810 4944 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/06/14 19:47:14.0873 4944 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/06/14 19:47:14.0935 4944 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/06/14 19:47:14.0998 4944 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys 2011/06/14 19:47:15.0107 4944 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys 2011/06/14 19:47:15.0154 4944 usbccgp (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/06/14 19:47:15.0216 4944 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/06/14 19:47:15.0263 4944 usbehci (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys 2011/06/14 19:47:15.0325 4944 usbhub (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys 2011/06/14 19:47:15.0356 4944 usbohci (51dc36722172d45f2f935ce5cc18a812) C:\Windows\system32\DRIVERS\usbohci.sys 2011/06/14 19:47:15.0419 4944 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys 2011/06/14 19:47:15.0512 4944 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys 2011/06/14 19:47:15.0575 4944 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/06/14 19:47:15.0637 4944 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/06/14 19:47:15.0715 4944 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys 2011/06/14 19:47:15.0824 4944 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/06/14 19:47:15.0887 4944 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys 2011/06/14 19:47:15.0980 4944 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2011/06/14 19:47:16.0058 4944 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/06/14 19:47:16.0105 4944 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2011/06/14 19:47:16.0168 4944 volmgr (d9e9490c960624c416fbde080deeb7fe) C:\Windows\system32\drivers\volmgr.sys 2011/06/14 19:47:16.0214 4944 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys 2011/06/14 19:47:16.0277 4944 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys 2011/06/14 19:47:16.0355 4944 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/06/14 19:47:16.0433 4944 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/06/14 19:47:16.0480 4944 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys 2011/06/14 19:47:16.0511 4944 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys 2011/06/14 19:47:16.0589 4944 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/06/14 19:47:16.0651 4944 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/06/14 19:47:16.0760 4944 winachsf (3b4522d0e750bac8fe7ae61622a57014) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2011/06/14 19:47:16.0948 4944 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/06/14 19:47:17.0026 4944 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/06/14 19:47:17.0119 4944 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys 2011/06/14 19:47:17.0197 4944 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/06/14 19:47:17.0260 4944 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys 2011/06/14 19:47:17.0338 4944 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 2011/06/14 19:47:17.0353 4944 ================================================================================ 2011/06/14 19:47:17.0353 4944 Scan finished 2011/06/14 19:47:17.0353 4944 ================================================================================ 2011/06/14 19:47:17.0384 0636 Detected object count: 1 2011/06/14 19:47:17.0384 0636 Actual detected object count: 1 2011/06/14 19:47:34.0295 0636 LockedFile.Multi.Generic(sptd) - User select action: Skip 2011/06/14 19:47:41.0783 1412 Deinitialize success
  • Heb jij DaemonTools in jouw Windows?
  • Ja dat klopt, ik gebruik DaemonToolsLite. Moet ik trouwens nog actie ondernemen op het gevonden item bij TDSSKiller?
  • Nee, hoor, sptd.sys is onderdeel van DaemonTools. Die moeten nu wel tijdelijk gedeaktiveerd worden! [b:ab76744c62]Welk programma[/b:ab76744c62]: Defogger [b:ab76744c62]Waarvoor/waarom[/b:ab76744c62]: Tool om CD-emulator-software te de-aktiveren dan wel weer te re-aktiveren [b:ab76744c62]Moeilijkheidsgraad[/b:ab76744c62]: geen. Download [URL=http://www.jpshortstuff.247fixes.com/Defogger.exe][b:ab76744c62]Defogger[/b:ab76744c62][/URL] naar of herplaats het tool naar jouw bureaublad. [list:ab76744c62][*:ab76744c62]Dubbelklik op Defogger.exe om de tool te starten. [*:ab76744c62]In het scherm dat verschijnt klik je op de knop "Disable". [*:ab76744c62]In het volgende scherm klik je op Ja (Yes) om verder te gaan. [*:ab76744c62]Wacht vervolgens tot je de melding 'Finished' krijgt en klik in dat scherm op "Ok". [*:ab76744c62]Indien DeFogger vraagt om de computer te herstarten doe je dit.[/list:u:ab76744c62] [color=Red:ab76744c62][b:ab76744c62]N.B.[/b:ab76744c62] Krijg je een foutmelding wanneer je Defogger gebruikt, dan zoek je op het bureaublad naar het bestand [b:ab76744c62]defogger_disable [/b:ab76744c62]en post je de inhoud van dit bestand.[/color:ab76744c62] De CD-emulator-software kan je weer inschakelen met behulp van Defogger door wederom het tool te starten en op de knop "Re-enable" te klikken. Echter, dit doe je pas wanneer we volledig klaar zijn met de computerfix. Daarna gaan we voor ComboFix. Eerst dien je echter AVG2011 te deïnstalleren, want AVG is de enigste antivirus welke niet compatibel is met ComboFix! AVG Remover: http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1322.exe [b:ab76744c62]Welk programma[/b:ab76744c62]: ComboFix [b:ab76744c62]Waarvoor/waarom[/b:ab76744c62]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:ab76744c62]Moeilijkheidsgraad[/b:ab76744c62]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:ab76744c62]Downloadlokatie[/b:ab76744c62]: Dit programma absoluut naar het bureaublad downloaden! [b:ab76744c62]Download ComboFix via één van deze locaties[/b:ab76744c62]: [list:ab76744c62][*:ab76744c62][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:ab76744c62]Bleepingcomputer[/b:ab76744c62][/url] [*:ab76744c62][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:ab76744c62]ForoSpyware[/b:ab76744c62][/url] [*:ab76744c62][url=http://subs.geekstogo.com/ComboFix.exe][b:ab76744c62]Geekstogo[/b:ab76744c62][/url][/list:u:ab76744c62] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:ab76744c62]Hier[/b:ab76744c62][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:ab76744c62]Hier[/b:ab76744c62][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:ab76744c62]hier[/b:ab76744c62][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:ab76744c62]Voor alle duidelijkheid nogmaals[/b:ab76744c62]: ComboFix dient vanaf het bureaublad gestart te worden. [b:ab76744c62]Opmerkingen[/b:ab76744c62]: [list:ab76744c62][*:ab76744c62] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:ab76744c62]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:ab76744c62]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:ab76744c62] [b:ab76744c62]ComboFix is opgestart[/b:ab76744c62]: [list:ab76744c62][*:ab76744c62]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:ab76744c62]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:ab76744c62]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:ab76744c62]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:ab76744c62]Post de inhoud van dit logbestand in je volgende bericht. [*:ab76744c62]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:ab76744c62] [b:ab76744c62]Belangrijke opmerking[/b:ab76744c62]: [list:ab76744c62][*:ab76744c62][b:ab76744c62][color=Red:ab76744c62]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:ab76744c62][/b:ab76744c62] [*:ab76744c62][b:ab76744c62][color=blue:ab76744c62]Illegal operation attempted on a registery key that has been marked for deletion.[/color:ab76744c62][/b:ab76744c62] [*:ab76744c62][b:ab76744c62][color=Red:ab76744c62]Start dan de computer opnieuw op.[/color:ab76744c62][/b:ab76744c62][/list:u:ab76744c62]
  • Bedankt voor je reactie. Defogger ging probleemloos. Hier is dan de logfile van ComboFix: ComboFix 11-06-14.03 - Jeroen 15-06-2011 10:51:49.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.31.1043.18.2046.1395 [GMT 2:00] Gestart vanuit: c:\users\Jeroen\Desktop\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Public\avg_free_stb_eu_2011_1325_free.exe c:\users\Public\Empires_DMW.exe c:\users\Public\mbam-setup.exe c:\windows\system32\tmp.tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2011-05-15 to 2011-06-15 )))))))))))))))))))))))))))))) . . 2011-06-15 09:00 . 2011-06-15 09:05 -------- d-----w- c:\users\Jeroen\AppData\Local\temp 2011-06-15 09:00 . 2011-06-15 09:00 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2011-06-15 09:00 . 2011-06-15 09:00 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2011-06-15 09:00 . 2011-06-15 09:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-14 19:10 . 2011-06-14 19:10 -------- d---a-w- C:\.Trash-999 2011-06-14 17:28 . 2011-06-14 17:28 -------- d-----w- c:\program files\Trend Micro 2011-06-14 17:24 . 2011-06-14 17:24 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\TuneUp Software 2011-06-09 15:13 . 2011-06-09 15:25 -------- d-----w- c:\users\Jeroen\AppData\Local\LogMeIn Hamachi 2011-06-09 15:13 . 2011-06-09 18:00 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\LogMeIn Hamachi 2011-06-09 15:12 . 2011-06-09 15:12 -------- d-----w- c:\program files\LogMeIn Hamachi 2011-06-06 12:16 . 2011-05-20 12:01 31552 ----a-w- c:\windows\system32\TURegOpt.exe 2011-06-06 12:16 . 2011-05-20 11:55 21312 ----a-w- c:\windows\system32\authuitu.dll 2011-06-06 12:16 . 2011-05-20 11:55 29504 ----a-w- c:\windows\system32\uxtuneup.dll 2011-06-06 12:14 . 2011-06-06 12:14 -------- d-----w- c:\users\Jeroen\AppData\Roaming\TuneUp Software 2011-06-06 12:14 . 2011-06-06 14:04 -------- d-----w- c:\program files\TuneUp Utilities 2011 2011-06-06 12:13 . 2011-06-06 12:16 -------- d-----w- c:\programdata\TuneUp Software 2011-06-06 12:13 . 2011-06-06 12:13 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} 2011-06-01 18:53 . 2011-06-06 13:52 -------- d-----w- c:\users\Public\Operation Flashpoint (game of the year edition) 2011-05-30 12:49 . 2011-05-30 12:49 -------- d-----w- c:\users\Jeroen\AppData\Roaming\PDF Writer 2011-05-30 12:49 . 2011-05-30 12:49 -------- d-----w- c:\users\Jeroen\AppData\Local\PDF Writer 2011-05-30 12:49 . 2011-05-30 12:49 -------- d-----w- c:\programdata\PDF Writer 2011-05-30 12:46 . 2006-11-02 09:46 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL 2011-05-30 12:45 . 2011-05-30 12:45 -------- d-----w- c:\program files\Common Files\Bullzip 2011-05-30 12:45 . 2010-09-27 13:27 135168 ----a-w- c:\windows\system32\bzpdfc.dll 2011-05-30 12:45 . 2008-10-30 21:15 227840 ----a-w- c:\windows\system32\bzFlRdr.dll 2011-05-30 12:45 . 2008-07-09 22:19 103424 ----a-w- c:\windows\system32\bzDCT.dll 2011-05-30 12:45 . 2010-09-27 13:28 196096 ----a-w- c:\windows\system32\bzpdf.dll 2011-05-30 12:44 . 2011-05-30 12:44 -------- d-----w- c:\program files\Bullzip 2011-05-28 20:49 . 2011-06-06 08:45 -------- d-----r- c:\users\Jeroen\Dropbox 2011-05-28 20:47 . 2011-06-06 08:45 -------- d-----w- c:\users\Jeroen\AppData\Roaming\Dropbox 2011-05-18 18:19 . 2011-05-18 18:19 -------- d-----w- c:\users\Jeroen\AppData\Local\Spotnet 2011-05-17 20:20 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2011-05-17 20:20 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2011-05-17 20:20 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2011-05-17 20:20 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2011-05-17 20:20 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2011-05-17 20:18 . 2011-05-19 16:47 -------- d-----w- c:\programdata\Spotnet 2011-05-17 20:18 . 2011-05-17 20:18 -------- d-----w- c:\program files\Spotnet . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 07:11 . 2010-04-26 17:03 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 07:11 . 2010-04-26 17:03 22712 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Jeroen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Jeroen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Jeroen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Jeroen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] . c:\users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Jeroen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 2 (0x2) "EnableLUA"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\APSHook.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] 2009-03-10 19:32 342848 ----a-w- c:\program files\DNA\btdna.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS] 2003-12-22 18:12 17920 ----a-r- c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager] 2008-12-04 11:24 665424 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series] 2008-11-05 23:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler] 2008-10-09 05:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2008-12-08 13:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] 2007-03-01 11:18 472776 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2009-06-17 10:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] 2008-08-14 16:11 565008 ----a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2008-08-14 16:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] 2007-11-03 19:34 190024 ----a-w- c:\program files\MessengerPlus! 3\MsgPlus.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor] 2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\Pac207\Monitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] 2007-03-23 12:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] 2007-02-13 09:38 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] 2007-04-23 16:11 176128 ----a-w- c:\program files\HP\QuickPlay\QPService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2007-01-13 03:36 827392 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage] 2007-01-10 14:12 317128 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984] R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136] R4 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664] R4 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664] R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-06-30 1352832] R4 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-12 691696] R4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 AFS;AFS; [x] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288] S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2006-11-02 22016] S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2006-11-02 22016] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-05-20 1523008] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-04-26 10064] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 19:46] . 2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 19:46] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Free YouTube to Mp3 Converter - c:\users\Jeroen\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.2.254 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab . - - - - ORPHANS VERWIJDERD - - - - . MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-15 11:05 Windows 6.0.6000 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1362925174-1269254538-546090230-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:ee,fc,af,f9,e0,f4,e2,4a,31,db,37,e3,f6,be,16,c1,bb,a6,b9,e9,1a,45,e6, 11,27,85,4a,e9,5a,ea,1b,48,5a,34,7f,4a,e1,d1,0c,6a,68,eb,5a,5c,96,0d,7c,f2,\ "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d . [HKEY_USERS\S-1-5-21-1362925174-1269254538-546090230-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:a7,0b,84,72,6f,fa,11,56,7e,74,cb,d7,56,f1,a4,3d,7d,14,dc,16,b4, b4,78,57,a4,99,c4,95,7a,07,56,dd,e1,5e,31,9b,ce,db,ee,86,da,f3,d9,4f,05,69,\ "rkeysecu"=hex:7b,bd,3c,5d,ce,ec,6e,c7,cd,7d,56,7a,b4,04,4d,39 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(1928) c:\windows\system32\APSHook.dll c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_dut.nlr c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe c:\windows\system32\PnkBstrA.exe c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE c:\windows\system32\conime.exe . ************************************************************************** . Voltooingstijd: 2011-06-15 11:12:28 - machine werd herstart ComboFix-quarantined-files.txt 2011-06-15 09:12 . Pre-Run: 26.656.948.224 bytes beschikbaar Post-Run: 26.106.105.856 bytes beschikbaar . - - End Of File - - F36DD6312E8C90EE972666779A9BC356
  • Hoi Jeroen, je mag nu het volgende doen: open een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:743b004b16]Kladblok[/b:743b004b16]". Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:743b004b16][color=Blue:743b004b16]File:: c:\windows\system32\TURegOpt.exe c:\windows\system32\authuitu.dll Folder:: c:\users\TEMP\AppData C:\.Trash-999[/color:743b004b16][/b:743b004b16] Sla dit kladblokbestand op je bureaublad op als [b:743b004b16]CFScript.txt[/b:743b004b16]. [b:743b004b16][color=Red:743b004b16]Nu eerst de antivirus deaktiveren![/color:743b004b16][/b:743b004b16] Sleep CFScript.txt in ComboFix.exe [img:743b004b16]http://img517.imageshack.us/img517/8662/cfscript10uc2.gif[/img:743b004b16] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix log dat na het opnieuw starten wordt getoond!
  • Heey Abraham, Het heeft even geduurd. Dit kwam omdat ik (nadat AVG verwijderd was) een infectie opliep met een trojan, iets met "Windows Vista Security 2012" Een hardnekkig ding dat ook ervoor zorgde dat regedit en alle .exe toepassingen niet meer gebruikt konden worden. Uiteindelijk is het gelukt om met Malwarebytes te scannen en hem eraf te knikkeren. Daarna de ComboFix scan gedaan met script. Ik snapte alleen niet wat je bedoelde met "nu eerst de antivirus uitschakelen", aangezien AVG er al af was? Wat me nu nog wel opvalt is dat ik geen muziek meer hoor in bijvoorbeeld youtube. De windowsgeluiden zijn ook weg, maar als ik dan weer muziek luister via Winamp heb ik wel gewoon geluid.. Naar mijn idee is er het één en ander gewijzigd door dat virus/trojan, maar zeker weten doe ik het niet. Anyway, hierbij de logfile van de Combofix scan met script (hij vroeg overigens niet om opnieuw op te starten). ComboFix 11-06-14.03 - Jeroen 18-06-2011 11:27:07.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.31.1043.18.2046.1362 [GMT 2:00] Gestart vanuit: c:\users\Jeroen\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Jeroen\Desktop\CFScript.txt.txt . FILE :: "c:\windows\system32\authuitu.dll" "c:\windows\system32\TURegOpt.exe" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\.Trash-999 c:\.trash-999\files\dwprot.sys c:\.trash-999\info\dwprot.sys.trashinfo c:\windows\regedit.com c:\windows\system32\authuitu.dll c:\windows\system32\TURegOpt.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-05-18 to 2011-06-18 )))))))))))))))))))))))))))))) . . 2011-06-18 09:35 . 2011-06-18 09:36 -------- d-----w- c:\users\Jeroen\AppData\Local\temp 2011-06-18 09:35 . 2011-06-18 09:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2011-06-18 09:35 . 2011-06-18 09:35 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2011-06-18 09:35 . 2011-06-18 09:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-15 08:49 . 2011-06-18 09:24 -------- d-----w- C:\32788R22FWJFW 2011-06-14 17:28 . 2011-06-14 17:28 -------- d-----w- c:\program files\Trend Micro 2011-06-14 17:24 . 2011-06-14 17:24 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\TuneUp Software 2011-06-09 15:13 . 2011-06-18 09:19 -------- d-----w- c:\users\Jeroen\AppData\Local\LogMeIn Hamachi 2011-06-09 15:13 . 2011-06-18 09:15 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\LogMeIn Hamachi 2011-06-09 15:12 . 2011-06-17 19:29 -------- d-----w- c:\program files\LogMeIn Hamachi 2011-06-06 12:16 . 2011-05-20 11:55 29504 ----a-w- c:\windows\system32\uxtuneup.dll 2011-06-06 12:14 . 2011-06-06 12:14 -------- d-----w- c:\users\Jeroen\AppData\Roaming\TuneUp Software 2011-06-06 12:14 . 2011-06-06 14:04 -------- d-----w- c:\program files\TuneUp Utilities 2011 2011-06-06 12:13 . 2011-06-06 12:16 -------- d-----w- c:\programdata\TuneUp Software 2011-06-06 12:13 . 2011-06-06 12:13 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} 2011-06-01 18:53 . 2011-06-06 13:52 -------- d-----w- c:\users\Public\Operation Flashpoint (game of the year edition) 2011-05-30 12:49 . 2011-05-30 12:49 -------- d-----w- c:\users\Jeroen\AppData\Roaming\PDF Writer 2011-05-30 12:49 . 2011-05-30 12:49 -------- d-----w- c:\users\Jeroen\AppData\Local\PDF Writer 2011-05-30 12:49 . 2011-05-30 12:49 -------- d-----w- c:\programdata\PDF Writer 2011-05-30 12:46 . 2006-11-02 09:46 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL 2011-05-30 12:45 . 2011-05-30 12:45 -------- d-----w- c:\program files\Common Files\Bullzip 2011-05-30 12:45 . 2010-09-27 13:27 135168 ----a-w- c:\windows\system32\bzpdfc.dll 2011-05-30 12:45 . 2008-10-30 21:15 227840 ----a-w- c:\windows\system32\bzFlRdr.dll 2011-05-30 12:45 . 2008-07-09 22:19 103424 ----a-w- c:\windows\system32\bzDCT.dll 2011-05-30 12:45 . 2010-09-27 13:28 196096 ----a-w- c:\windows\system32\bzpdf.dll 2011-05-30 12:44 . 2011-05-30 12:44 -------- d-----w- c:\program files\Bullzip 2011-05-28 20:49 . 2011-06-06 08:45 -------- d-----r- c:\users\Jeroen\Dropbox 2011-05-28 20:47 . 2011-06-06 08:45 -------- d-----w- c:\users\Jeroen\AppData\Roaming\Dropbox . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 07:11 . 2010-04-26 17:03 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 07:11 . 2010-04-26 17:03 22712 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Jeroen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Jeroen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Jeroen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Jeroen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] . c:\users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Jeroen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 2 (0x2) "EnableLUA"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\APSHook.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] 2009-03-10 19:32 342848 ----a-w- c:\program files\DNA\btdna.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS] 2003-12-22 18:12 17920 ----a-r- c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager] 2008-12-04 11:24 665424 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series] 2008-11-05 23:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler] 2008-10-09 05:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2008-12-08 13:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] 2007-03-01 11:18 472776 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2009-06-17 10:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] 2008-08-14 16:11 565008 ----a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2008-08-14 16:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] 2007-11-03 19:34 190024 ----a-w- c:\program files\MessengerPlus! 3\MsgPlus.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor] 2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\Pac207\Monitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] 2007-03-23 12:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] 2007-02-13 09:38 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] 2007-04-23 16:11 176128 ----a-w- c:\program files\HP\QuickPlay\QPService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2007-01-13 03:36 827392 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage] 2007-01-10 14:12 317128 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984] R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136] R4 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664] R4 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664] R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-06-30 1352832] R4 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-12 691696] R4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 AFS;AFS; [x] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288] S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2006-11-02 22016] S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2006-11-02 22016] S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-05-20 1523008] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-04-26 10064] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 19:46] . 2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 19:46] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop uInternet Settings,ProxyServer = http=127.0.0.1:56424 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Free YouTube to Mp3 Converter - c:\users\Jeroen\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html TCP: DhcpNameServer = 10.0.0.138 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-18 11:36 Windows 6.0.6000 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1362925174-1269254538-546090230-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:ee,fc,af,f9,e0,f4,e2,4a,31,db,37,e3,f6,be,16,c1,bb,a6,b9,e9,1a,45,e6, 11,27,85,4a,e9,5a,ea,1b,48,5a,34,7f,4a,e1,d1,0c,6a,68,eb,5a,5c,96,0d,7c,f2,\ "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d . [HKEY_USERS\S-1-5-21-1362925174-1269254538-546090230-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:a7,0b,84,72,6f,fa,11,56,7e,74,cb,d7,56,f1,a4,3d,7d,14,dc,16,b4, b4,78,57,a4,99,c4,95,7a,07,56,dd,e1,5e,31,9b,ce,db,ee,86,da,f3,d9,4f,05,69,\ "rkeysecu"=hex:7b,bd,3c,5d,ce,ec,6e,c7,cd,7d,56,7a,b4,04,4d,39 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2011-06-18 11:38:55 ComboFix-quarantined-files.txt 2011-06-18 09:38 ComboFix2.txt 2011-06-15 09:12 . Pre-Run: 22.797.197.312 bytes beschikbaar Post-Run: 22.805.757.952 bytes beschikbaar . - - End Of File - - 6A677EC289CED01E6A1284D2B1EFBDCE
  • Hoi Jeroen, hoe draait Windows nu? En een vraag nog: heb jij AVG 2011 dormiddel van een fix vrijgeschakeld?
  • Bedankt voor je reactie Abraham, Windows draait nu wel soepel, op het ongemak van het feit dat ik geen geluid heb bij youtube doet alles het goed. Ik heb AVG gedelete met de removal tool die je had aangeraden. Ik heb AVG daarna niet meer opnieuw geinstalleerd...

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.