Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

PC niet meer benaderbaar in eigen netwerk

Abraham54
27 antwoorden
  • Vrienden. Van de week opeens mijn hoofdpc niet meer benaderbaar vanaf mn andere machines. Ik kan m wel pingen en via teamviewer is hij ook te benaderen.
    Enige wat ik bij mijn weten geinstallerd heb kortgeleden is die Auslogics suite om te kijken of t iets voor me is. MBAM zegt niets, dus svp controle HJT

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 22:13:10, on 17-8-2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
    C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe
    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe
    C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe
    C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    C:\Program Files (x86)\Internetbeveiliging\Common\FSM32.EXE
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe
    C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://nl.woofi.info
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=17434
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://nl.woofi.info
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.woofi.info
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Internetbeveiliging\NRS\iescript\baselitmus.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Internetbeveiliging\NRS\iescript\baselitmus.dll
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\Internetbeveiliging\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [HomingBeacon Client] "C:\Program Files (x86)\HomingBeacon.NET\hb3gui.exe" /minimized
    O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -agent
    O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -RESTART
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Acronis Remote Agent (AcronisAgent) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\fsgk32st.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\ORSP Client\fsorsp.exe
    O23 - Service: HomingBeacon Dynamic DNS (HomingBeacon) - ChangeIP.com - C:\Program Files (x86)\HomingBeacon.NET\hb3svc.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 10919 bytes
  • Hallo Anjo, er zit IP-verander-software in jouw Windows, mogelijk dat daardoor de PC niet meer gezien wordt.

    [b:a694fc072e]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:a694fc072e]
    [list:a694fc072e][*:a694fc072e]Lees alle instrukties goed door.
    [*:a694fc072e]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat serieuze problemen in Windows veroorzaken.
    [*:a694fc072e]Onthou je van het gebruik van tools cq. updates anders dan die ik jou adviseer te gebruiken.
    [*:a694fc072e]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken.
    [*:a694fc072e]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht.
    [*:a694fc072e]De fix, eenmaal gestart, moet afgewerkt worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:a694fc072e][/color:a694fc072e]

    [b:a694fc072e]Stap •1•[/b:a694fc072e][/color:a694fc072e]
    [Sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:a694fc072e]Fix checked[/b:a694fc072e] klikt!

    Start nu HijackThis middels rechtsklik met Administratorrechten (lukt dat niet ga dan naar de installatielokatie van HijackThis en start "hijackthis.exe" vervolgens met administratorrechten.)en klik op de knop [b:a694fc072e]Do a Scan only,

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://nl.woofi.info
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=17434
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://nl.woofi.info
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.woofi.info[/b:a694fc072e]
    [list:a694fc072e][*:a694fc072e] zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen
    [*:a694fc072e] Sluit nu de webbrowser en vervolgens klik je daarna op de knop [b:a694fc072e]Fix checked[/b:a694fc072e]
    [*:a694fc072e] Klik hierna HijackThis op uit.[/list:u:a694fc072e]
    [b:a694fc072e]Stap •2•[/b:a694fc072e][/color:a694fc072e]
    [[b:a694fc072e]Welk programma[/b:a694fc072e]: Kaspersky [b:a694fc072e]TDSSKiller[/b:a694fc072e]
    [b:a694fc072e]Waarvoor/waarom[/b:a694fc072e]: Rootkitscanner
    [b:a694fc072e]Moeilijkheidsgraad[/b:a694fc072e]: geen
    [b:a694fc072e]Downloadlokatie[/b:a694fc072e]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
    [b:a694fc072e]Download[/b:a694fc072e] [b:a694fc072e]TDSSKiller[/b:a694fc072e] [b:a694fc072e]hier[/b:a694fc072e].

    [b:a694fc072e]Installatie[/b:a694fc072e]:
    [list:a694fc072e][*:a694fc072e] pak het bestand uit op je bureaublad.[/list:u:a694fc072e]

    [b:a694fc072e]TDSSKiller gebruiken[/b:a694fc072e]:
    [list:a694fc072e][*:a694fc072e]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe.
    [*:a694fc072e]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:a694fc072e]Als Administrator uitvoeren[/b:a694fc072e].
    [*:a694fc072e]Idien TDSSKiller met een bericht komt over een beschikbare update, dan voer je deze eerst uit.[/list:u:a694fc072e]
    [img:a694fc072e]http://www.imgdumper.nl/uploads4/4dc1d6438f791/4dc1d6438d897-TDSSKiller_2011-05-05_00-26-21.jpg[/img:a694fc072e]

    [list:a694fc072e][*:a694fc072e]Klik vervolgens op de knop [b:a694fc072e]"Start Scan"[/b:a694fc072e] en volg de instructies.
    [*:a694fc072e] Nadat de scan klaar is klik je op de knop [b:a694fc072e]"Report"[/b:a694fc072e].
    [*:a694fc072e]Er opent een kladblokbestand. Post de inhoud van dit bestand.
    [list:a694fc072e][*:a694fc072e][b:a694fc072e]Herstart de pc indien TDSSKiller die optie aangeeft (Reboot now).[/b:a694fc072e]
    [*:a694fc072e]Wanneer het opnieuw opstarten noodzakelijk is, vind je de logfile in [b:a694fc072e]C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt[/b:a694fc072e][/list:u:a694fc072e][/list:u:a694fc072e]


    [b:a694fc072e]Stap •3•[/b:a694fc072e][/color:a694fc072e]
    [b:a694fc072e]Welk programma[/b:a694fc072e]: Malwarebytes MBAM
    [b:a694fc072e]Waarvoor/waarom[/b:a694fc072e]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:a694fc072e]Moeilijkheidsgraad[/b:a694fc072e]: geen.

    [b:a694fc072e]Download Malwarebytes MBAM via één van deze locaties[/b:a694fc072e]:
    [list:a694fc072e][*:a694fc072e][b:a694fc072e]Download.com[/b:a694fc072e]
    [*:a694fc072e][b:a694fc072e]Softpedia.com[/b:a694fc072e][*:a694fc072e][b:a694fc072e]Majorgeeks.com[/b:a694fc072e][/list:u:a694fc072e]
    [b:a694fc072e]Allereerst[/b:a694fc072e]:[list:a694fc072e][*:a694fc072e] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
    [*:a694fc072e] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'!
    [/list:u:a694fc072e]
    [b:a694fc072e]Malwarebytes MBAM opstarten[/b:a694fc072e]:
    Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
    Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
    [list:a694fc072e][*:a694fc072e][b:a694fc072e]Let op:[/b:a694fc072e]
    [list:a694fc072e][*:a694fc072e]Malwarebytes verstrekt nu de volledige versie van MBAM.
    [*:a694fc072e]Bij de eerstse start kijg je de mogelijkheid de volledige versie te gebruiken of de gratis versie.
    [*:a694fc072e]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken.
    [*:a694fc072e]Zodoende zal MBAM als gratis versie verder te gebruiken zijn[/list:u:a694fc072e][/list:u:a694fc072e]
    [img:a694fc072e]http://img30.imageshack.us/img30/3928/mbam2.png[/img:a694fc072e]

    [list:a694fc072e][*:a694fc072e][b:a694fc072e]Doe ook nog het volgende:[/b:a694fc072e]
    [list:a694fc072e][*:a694fc072e]Zodra het programma gestart is, ga dan naar het tabblad "[b:a694fc072e]Instellingen[/b:a694fc072e]".
    [*:a694fc072e]Vink hier aan: "[b:a694fc072e]Sluit Internet Explorer tijdens verwijdering van malware[/b:a694fc072e]".[/list:u:a694fc072e][/list:u:a694fc072e]

    [b:a694fc072e]Scannen[/b:a694fc072e]:
    [list:a694fc072e][*:a694fc072e] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
    [*:a694fc072e]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
    [*:a694fc072e]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:a694fc072e]
    [b:a694fc072e]Infecties gevonden[/b:a694fc072e]:
    [list:a694fc072e][*:a694fc072e]Klik nu eerst op OK om de melding weg te klikken
    [*:a694fc072e]Klik vervolgens rechtsonder op de knop Bekijk resultaten.
    [*:a694fc072e]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
    [*:a694fc072e]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [*:a694fc072e]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
    [*:a694fc072e]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:a694fc072e]
    [b:a694fc072e]MBAM-Log[/b:a694fc072e]:
    [list:a694fc072e][*:a694fc072e] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:a694fc072e]
    [b:a694fc072e]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:a694fc072e]


    [b:a694fc072e]Stap •4•[/b:a694fc072e][/color:a694fc072e]
    [b:a694fc072e]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:a694fc072e]
    [list:a694fc072e][*:a694fc072e] een nieuw Hijackthis-log
    [*:a694fc072e]TDSSKiller-log
    [*:a694fc072e] MBAM scanlog[/list:u:a694fc072e]
  • Ik heb idd Homingbeacon draaien , maar dat is ivm een ftpservertje. Ziggo doet aan DHCP en dan kan ik vanuit de haven mn bestanden niet meer vinden via ftp. Als dat later teruggezet mag worden , graag. ga scans doen in de loop vd ochtend :P Ipadres intern zit gewoon in mijn eigen IP range.
  • Hoi Anjo, ik vind via Google dat de [b:1ee77b72a4]HomingBeacon Client[/b:1ee77b72a4] een IP-veranderander is.
    En indien deze PC achter een router zit aangesloten, lijkt mij dat tool volkomen overbodig!

    [img:1ee77b72a4]http://www.imgdumper.nl/uploads4/4e4cb3c714fcf/4e4cb3c711174-hb-main.jpg[/img:1ee77b72a4]
  • HomingBeacon is geen IP-veranderaar, het is een Dynamic DNS client. Zou niet in de weg mogen zitten.
  • LOGS
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:42:01, on 18-8-2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
    C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe
    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe
    C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe
    C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    C:\Program Files (x86)\Internetbeveiliging\Common\FSM32.EXE
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Internetbeveiliging\NRS\iescript\baselitmus.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Internetbeveiliging\NRS\iescript\baselitmus.dll
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\Internetbeveiliging\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [HomingBeacon Client] "C:\Program Files (x86)\HomingBeacon.NET\hb3gui.exe" /minimized
    O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -agent
    O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -RESTART
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Acronis Remote Agent (AcronisAgent) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\fsgk32st.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\ORSP Client\fsorsp.exe
    O23 - Service: HomingBeacon Dynamic DNS (HomingBeacon) - ChangeIP.com - C:\Program Files (x86)\HomingBeacon.NET\hb3svc.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 10439 bytes



    McAfee(R) Rootkit Detective 1.1 scan report
    On 25-05-2009 at 12:39:32
    OS-Version 5.1.2600
    Service Pack 3.0
    ====================================

    Object-Type: SSDT-hook
    Object-Name: ZwAlertResumeThread
    Object-Path: (NULL)

    Object-Type: SSDT-hook
    Object-Name: ZwAlertThread
    Object-Path: (NULL)

    Object-Type: SSDT-hook
    Object-Name: ZwAllocateVirtualMemory
    Object-Path: (NULL)

    Object-Type: SSDT-hook
    Object-Name: ZwCreateMutant
    Object-Path: (NULL)

    Object-Type: SSDT-hook
    Object-Name: ZwCreateThread
    Object-Path: (NULL)

    Object-Type: SSDT-hook
    Object-Name: ZwDeleteValueKey
    Object-Path: C:\Program Files\Symantec\SYMEVENT.SYS

    Object-Type: SSDT-hook
    Object-Name: ZwFreeVirtualMemory
    Object-Path: (NULL)

    Object-Type: SSDT-hook
    Object-Name: ZwImpersonateAnonymousToken
    Object-Path: (NULL)

    Object-Type: SSDT-hook
    Object-Name: ZwImpersonateThread
    Object-Path: (NULL)

    Object-Type: SSDT-hook
    Object-Name: ZwMapViewOfSection
    Object-Path: (NULL)

    Object-Type: SSDT-hook
    Object-Name: ZwOpenEvent
    Object-Path: (NULL)

    Object-Type: SSDT-hook
    Object-Name: ZwOpenProcessToken
    Object-Path: (NULL)

    Object-Type: SSDT-hook
    Object-Name: ZwOpenThreadToken
    Object-Path: (NULL)

    Object-Type: SSDT-hook
    Object-Name: ZwQueryValueKey
    Object-Path: (NULL)

    Object-Type: SSDT-hook
    Object-Name: ZwResumeThread
    Object-Path: (NULL)

    Object-Type: SSDT-hook
    Object-Name: ZwSetContextThread
    Object-Path: (NULL)

    Object-Type: SSDT-hook
    Object-Name: ZwSetInformationProcess
    Object-Path: (NULL)

    Object-Type: SSDT-hook
    Object-Name: ZwSetInformationThread
    Object-Path: (NULL)

    Object-Type: SSDT-hook
    Object-Name: ZwSetValueKey
    Object-Path: C:\Program Files\Symantec\SYMEVENT.SYS

    Object-Type: SSDT-hook
    Object-Name: ZwSuspendProcess
    Object-Path: (NULL)

    Object-Type: SSDT-hook
    Object-Name: ZwSuspendThread
    Object-Path: (NULL)

    Object-Type: SSDT-hook
    Object-Name: ZwTerminateProcess
    Object-Path: (NULL)

    Object-Type: SSDT-hook
    Object-Name: ZwTerminateThread
    Object-Path: (NULL)

    Object-Type: SSDT-hook
    Object-Name: ZwUnmapViewOfSection
    Object-Path: (NULL)

    Object-Type: SSDT-hook
    Object-Name: ZwWriteVirtualMemory
    Object-Path: (NULL)

    Object-Type: Process
    Object-Name: services.exe
    Pid: 836
    Object-Path: C:\WINDOWS\system32\services.exe
    Status: Visible

    Object-Type: Process
    Object-Name: System Idle Process
    Pid: 0
    Object-Path:
    Status: Visible

    Object-Type: Process
    Object-Name: ctfmon.exe
    Pid: 496
    Object-Path: C:\WINDOWS\system32\ctfmon.exe
    Status: Visible

    Object-Type: Process
    Object-Name: svchost.exe
    Pid: 1148
    Object-Path: C:\WINDOWS\System32\svchost.exe
    Status: Visible

    Object-Type: Process
    Object-Name: ccSetMgr.exe
    Pid: 1304
    Object-Path: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    Status: Visible

    Object-Type: Process
    Object-Name: MOM.exe
    Pid: 312
    Object-Path: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    Status: Visible

    Object-Type: Process
    Object-Name: HPZipm12.exe
    Pid: 2296
    Object-Path: C:\WINDOWS\system32\HPZipm12.exe
    Status: Visible

    Object-Type: Process
    Object-Name: System
    Pid: 4
    Object-Path:
    Status: Visible

    Object-Type: Process
    Object-Name: ccEvtMgr.exe
    Pid: 1492
    Object-Path: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    Status: Visible

    Object-Type: Process
    Object-Name: svchost.exe
    Pid: 1028
    Object-Path: C:\WINDOWS\system32\svchost.exe
    Status: Visible

    Object-Type: Process
    Object-Name: pds.exe
    Pid: 2084
    Object-Path: C:\WINDOWS\system32\CBA\pds.exe
    Status: Visible

    Object-Type: Process
    Object-Name: oodag.exe
    Pid: 2272
    Object-Path: C:\WINDOWS\system32\oodag.exe
    Status: Visible

    Object-Type: Process
    Object-Name: Rootkit_Detecti
    Pid: 164
    Object-Path: G:\Rootkit_Detective.exe
    Status: Visible

    Object-Type: Process
    Object-Name: LUCOMS~1.EXE
    Pid: 2180
    Object-Path: C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    Status: Visible

    Object-Type: Process
    Object-Name: lsass.exe
    Pid: 848
    Object-Path: C:\WINDOWS\system32\lsass.exe
    Status: Visible

    Object-Type: Process
    Object-Name: explorer.exe
    Pid: 1716
    Object-Path: C:\WINDOWS\Explorer.EXE
    Status: Visible

    Object-Type: Process
    Object-Name: svchost.exe
    Pid: 2336
    Object-Path: C:\WINDOWS\system32\svchost.exe
    Status: Visible

    Object-Type: Process
    Object-Name: csrss.exe
    Pid: 756
    Object-Path: C:\WINDOWS\system32\csrss.exe
    Status: Visible

    Object-Type: Process
    Object-Name: msmsgs.exe
    Pid: 508
    Object-Path: C:\Program Files\Messenger\msmsgs.exe
    Status: Visible

    Object-Type: Process
    Object-Name: jqs.exe
    Pid: 2120
    Object-Path: C:\Program Files\Java\jre6\bin\jqs.exe
    Status: Visible

    Object-Type: Process
    Object-Name: mdm.exe
    Pid: 2244
    Object-Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    Status: Visible

    Object-Type: Process
    Object-Name: DefWatch.exe
    Pid: 1904
    Object-Path: C:\Program Files\Symantec AntiVirus\DefWatch.exe
    Status: Visible

    Object-Type: Process
    Object-Name: smss.exe
    Pid: 696
    Object-Path: C:\WINDOWS\System32\smss.exe
    Status: Visible

    Object-Type: Process
    Object-Name: TomTomHOMEServi
    Pid: 2432
    Object-Path: C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    Status: Visible

    Object-Type: Process
    Object-Name: svchost.exe
    Pid: 1100
    Object-Path: C:\WINDOWS\system32\svchost.exe
    Status: Visible

    Object-Type: Process
    Object-Name: ati2evxx.exe
    Pid: 1348
    Object-Path: C:\WINDOWS\system32\Ati2evxx.exe
    Status: Visible

    Object-Type: Process
    Object-Name: spoolsv.exe
    Pid: 1844
    Object-Path: C:\WINDOWS\system32\spoolsv.exe
    Status: Visible

    Object-Type: Process
    Object-Name: CCC.exe
    Pid: 852
    Object-Path: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    Status: Visible

    Object-Type: Process
    Object-Name: Rtvscan.exe
    Pid: 2372
    Object-Path: C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    Status: Visible

    Object-Type: Process
    Object-Name: winlogon.exe
    Pid: 792
    Object-Path: C:\WINDOWS\system32\winlogon.exe
    Status: Visible

    Object-Type: Process
    Object-Name: svchost.exe
    Pid: 1288
    Object-Path: C:\WINDOWS\system32\svchost.exe
    Status: Visible

    Object-Type: Process
    Object-Name: SPBBCSvc.exe
    Pid: 1784
    Object-Path: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    Status: Visible

    Object-Type: Process
    Object-Name: rapimgr.exe
    Pid: 420
    Object-Path: F:\PROGRA~1\MICROS~2\rapimgr.exe
    Status: Visible

    Object-Type: Process
    Object-Name: TomTomHOMERunne
    Pid: 452
    Object-Path: C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    Status: Visible

    Object-Type: Process
    Object-Name: McciCMService.e
    Pid: 2220
    Object-Path: C:\Program Files\Common Files\Motive\McciCMService.exe
    Status: Visible

    Object-Type: Process
    Object-Name: ati2evxx.exe
    Pid: 1012
    Object-Path: C:\WINDOWS\system32\Ati2evxx.exe
    Status: Visible

    Object-Type: Process
    Object-Name: ccApp.exe
    Pid: 268
    Object-Path: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    Status: Visible

    Object-Type: Process
    Object-Name: mbam.exe
    Pid: 488
    Object-Path: F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    Status: Visible

    Object-Type: Process
    Object-Name: wcescomm.exe
    Pid: 552
    Object-Path: F:\Program Files\Microsoft ActiveSync\wcescomm.exe
    Status: Visible

    Object-Type: Process
    Object-Name: alg.exe
    Pid: 3032
    Object-Path: C:\WINDOWS\System32\alg.exe
    Status: Visible

    Object-Type: Process
    Object-Name: svchost.exe
    Pid: 1204
    Object-Path: C:\WINDOWS\system32\svchost.exe
    Status: Visible

    Object-Type: Process
    Object-Name: Thuishelp.exe
    Pid: 336
    Object-Path: C:\Program Files\Thuishelp\Zesko\Thuishelp.exe
    Status: Visible

    Object-Type: Process
    Object-Name: wuauclt.exe
    Pid: 3932
    Object-Path: C:\WINDOWS\system32\wuauclt.exe
    Status: Visible

    Scan complete. No hidden processes/files found.
    Total files scanned: 28581





    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Databaseversie: 7498

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    18-8-2011 8:40:16
    mbam-log-2011-08-18 (08-40-16).txt

    Scantype: Snelle scan
    Objecten gescand: 170905
    Verstreken tijd: 4 minuut/minuten, 43 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 2

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    c:\Users\Anjo\downloads\installer_ratdvd_0_78_1444_dutch.exe (PUP.SmsPay.PGen) -> Quarantined and deleted successfully.
    c:\Users\Anjo\downloads\messenger.exe (Trojan.Dropper) -> Quarantined and deleted successfully.


    Zaak gereboot, dus wacht ik af
  • Aanvulling
    Onderaan due HJT staan een hele zwik 023….file missing.
    In eerdere ( oude) probleemcases had ik die niet staan….

    PC is intussen vanaf andere win7 machines weer benaderbaar, da's rap!!
  • [quote:78fc1db029="Hans60"]HomingBeacon is geen IP-veranderaar, het is een Dynamic DNS client. Zou niet in de weg mogen zitten.[/quote:78fc1db029]

    Je hebt absoluut gelijk, ik ben er even dieper ingedoken.
  • @ Abraham54:
    Mss mijn logs gemist, zal nl wel je antwoord op Homingbeacon, maar niets verder??
  • Hoi Anjo, schijnbaar hebben we elkaar gekruist met posten.

    Waar heb jij dat McAfee tool vandaan?


    Ik wil graag dat je alsnog TDSSKiller gebruikt!

    En die missing files - awel, dat is Hijackthis die nog steeds niet weet dat er behalve een System32 map is, maar ook een Syswow map zit in Win 64-bit.
  • EUHH, via jouw link…
    Dus maar opnieuw gedownload en op buroblad gezet, uitvoering als Admin
    2011/08/18 12:07:11.0627 2920 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
    2011/08/18 12:07:11.0768 2920 ================================================================================
    2011/08/18 12:07:11.0768 2920 SystemInfo:
    2011/08/18 12:07:11.0768 2920
    2011/08/18 12:07:11.0768 2920 OS Version: 6.1.7601 ServicePack: 1.0
    2011/08/18 12:07:11.0768 2920 Product type: Workstation
    2011/08/18 12:07:11.0768 2920 ComputerName: ANJO-PC
    2011/08/18 12:07:11.0768 2920 UserName: Anjo
    2011/08/18 12:07:11.0768 2920 Windows directory: C:\Windows
    2011/08/18 12:07:11.0768 2920 System windows directory: C:\Windows
    2011/08/18 12:07:11.0768 2920 Running under WOW64
    2011/08/18 12:07:11.0768 2920 Processor architecture: Intel x64
    2011/08/18 12:07:11.0768 2920 Number of processors: 2
    2011/08/18 12:07:11.0768 2920 Page size: 0x1000
    2011/08/18 12:07:11.0768 2920 Boot type: Normal boot
    2011/08/18 12:07:11.0768 2920 ================================================================================
    2011/08/18 12:07:13.0174 2920 Initialize success
    2011/08/18 12:07:17.0237 4688 ================================================================================
    2011/08/18 12:07:17.0237 4688 Scan started
    2011/08/18 12:07:17.0237 4688 Mode: Manual;
    2011/08/18 12:07:17.0237 4688 ================================================================================
    2011/08/18 12:07:17.0971 4688 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    2011/08/18 12:07:18.0002 4688 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    2011/08/18 12:07:18.0018 4688 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    2011/08/18 12:07:18.0096 4688 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/08/18 12:07:18.0127 4688 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/08/18 12:07:18.0174 4688 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/08/18 12:07:18.0237 4688 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    2011/08/18 12:07:18.0268 4688 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    2011/08/18 12:07:18.0331 4688 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    2011/08/18 12:07:18.0362 4688 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    2011/08/18 12:07:18.0377 4688 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/08/18 12:07:18.0565 4688 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/08/18 12:07:18.0831 4688 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
    2011/08/18 12:07:18.0877 4688 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/08/18 12:07:18.0909 4688 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    2011/08/18 12:07:18.0956 4688 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/08/18 12:07:18.0987 4688 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    2011/08/18 12:07:19.0096 4688 AmUStor (92a848f962da91c631147d566414bb7e) C:\Windows\system32\drivers\AmUStor.SYS
    2011/08/18 12:07:19.0143 4688 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    2011/08/18 12:07:19.0190 4688 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/08/18 12:07:19.0221 4688 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/08/18 12:07:19.0252 4688 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/08/18 12:07:19.0299 4688 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    2011/08/18 12:07:19.0331 4688 AtiHDAudioService (24a27378cef4a84e1ab56f0c7a18bbb2) C:\Windows\system32\drivers\AtihdW76.sys
    2011/08/18 12:07:19.0377 4688 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/08/18 12:07:19.0409 4688 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/08/18 12:07:19.0440 4688 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/08/18 12:07:19.0471 4688 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/08/18 12:07:19.0518 4688 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    2011/08/18 12:07:19.0549 4688 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/08/18 12:07:19.0565 4688 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/08/18 12:07:19.0612 4688 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/08/18 12:07:19.0643 4688 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/08/18 12:07:19.0659 4688 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/08/18 12:07:19.0674 4688 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/08/18 12:07:19.0706 4688 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/08/18 12:07:19.0737 4688 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/08/18 12:07:19.0768 4688 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    2011/08/18 12:07:19.0784 4688 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/08/18 12:07:19.0846 4688 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/08/18 12:07:19.0893 4688 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/08/18 12:07:19.0924 4688 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    2011/08/18 12:07:19.0971 4688 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    2011/08/18 12:07:19.0987 4688 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/08/18 12:07:20.0034 4688 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    2011/08/18 12:07:20.0081 4688 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/08/18 12:07:20.0127 4688 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    2011/08/18 12:07:20.0174 4688 dc3d (7f61fbe259c18666d8ddf862f13a5eb0) C:\Windows\system32\DRIVERS\dc3d.sys
    2011/08/18 12:07:20.0252 4688 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    2011/08/18 12:07:20.0284 4688 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/08/18 12:07:20.0299 4688 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/08/18 12:07:20.0362 4688 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/08/18 12:07:20.0393 4688 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/08/18 12:07:20.0456 4688 e.dentifier2 (a0d5450b3d4689dce4cbbc8268141c37) C:\Windows\system32\DRIVERS\aabed2.sys
    2011/08/18 12:07:20.0534 4688 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/08/18 12:07:20.0596 4688 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/08/18 12:07:20.0643 4688 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    2011/08/18 12:07:20.0706 4688 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/08/18 12:07:20.0799 4688 F-Secure Filter (d4980588ed87f8bb16be43ddd0fbd5fe) C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\Win2K\FSfilter.sys
    2011/08/18 12:07:20.0846 4688 F-Secure Gatekeeper (b0828e57f64688495b66ee736c36db92) C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys
    2011/08/18 12:07:20.0924 4688 F-Secure HIPS (564af68fbec406cbecd42bfcbe144ef3) C:\Program Files (x86)\Internetbeveiliging\HIPS\drivers\fshs.sys
    2011/08/18 12:07:20.0956 4688 F-Secure Recognizer (6ce1195511533c9359f91a9e63792f5e) C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\Win2K\FSrec.sys
    2011/08/18 12:07:21.0002 4688 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/08/18 12:07:21.0034 4688 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/08/18 12:07:21.0065 4688 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/08/18 12:07:21.0096 4688 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/08/18 12:07:21.0112 4688 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/08/18 12:07:21.0174 4688 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    2011/08/18 12:07:21.0206 4688 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/08/18 12:07:21.0268 4688 FSES (b6925c095782204cc0887c25500a153a) C:\Windows\system32\drivers\fses.sys
    2011/08/18 12:07:21.0284 4688 FSFW (272be8c84686f694e8c4eeaec592ea98) C:\Windows\system32\drivers\fsdfw.sys
    2011/08/18 12:07:21.0331 4688 fsvista (3fcbe4e9c764e05505d4e4b1d6f36786) C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys
    2011/08/18 12:07:21.0346 4688 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/08/18 12:07:21.0377 4688 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/08/18 12:07:21.0409 4688 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/08/18 12:07:21.0424 4688 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/08/18 12:07:21.0487 4688 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    2011/08/18 12:07:21.0534 4688 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    2011/08/18 12:07:21.0565 4688 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/08/18 12:07:21.0581 4688 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/08/18 12:07:21.0612 4688 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/08/18 12:07:21.0643 4688 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/08/18 12:07:21.0690 4688 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    2011/08/18 12:07:21.0752 4688 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    2011/08/18 12:07:21.0815 4688 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    2011/08/18 12:07:21.0846 4688 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    2011/08/18 12:07:21.0893 4688 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    2011/08/18 12:07:21.0940 4688 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/08/18 12:07:21.0971 4688 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    2011/08/18 12:07:21.0987 4688 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/08/18 12:07:22.0034 4688 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/08/18 12:07:22.0065 4688 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    2011/08/18 12:07:22.0096 4688 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/08/18 12:07:22.0112 4688 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/08/18 12:07:22.0143 4688 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    2011/08/18 12:07:22.0190 4688 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    2011/08/18 12:07:22.0206 4688 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/08/18 12:07:22.0221 4688 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/08/18 12:07:22.0252 4688 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    2011/08/18 12:07:22.0299 4688 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/08/18 12:07:22.0315 4688 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/08/18 12:07:22.0362 4688 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/08/18 12:07:22.0409 4688 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/08/18 12:07:22.0424 4688 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/08/18 12:07:22.0456 4688 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/08/18 12:07:22.0487 4688 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/08/18 12:07:22.0518 4688 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/08/18 12:07:22.0534 4688 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
    2011/08/18 12:07:22.0549 4688 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
    2011/08/18 12:07:22.0612 4688 LVRS64 (ef586b959f747e74c76603ff16ae417b) C:\Windows\system32\DRIVERS\lvrs64.sys
    2011/08/18 12:07:22.0690 4688 LVUVC64 (edf73bfa1bd24d74d1d64dc0ed28a7cd) C:\Windows\system32\DRIVERS\lvuvc64.sys
    2011/08/18 12:07:22.0737 4688 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/08/18 12:07:22.0768 4688 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/08/18 12:07:22.0799 4688 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/08/18 12:07:22.0831 4688 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/08/18 12:07:22.0877 4688 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/08/18 12:07:22.0909 4688 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/08/18 12:07:22.0940 4688 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    2011/08/18 12:07:22.0971 4688 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    2011/08/18 12:07:23.0002 4688 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/08/18 12:07:23.0049 4688 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    2011/08/18 12:07:23.0112 4688 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/08/18 12:07:23.0174 4688 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/08/18 12:07:23.0206 4688 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/08/18 12:07:23.0237 4688 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    2011/08/18 12:07:23.0268 4688 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    2011/08/18 12:07:23.0299 4688 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/08/18 12:07:23.0346 4688 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/08/18 12:07:23.0377 4688 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    2011/08/18 12:07:23.0409 4688 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/08/18 12:07:23.0440 4688 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/08/18 12:07:23.0440 4688 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/08/18 12:07:23.0502 4688 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    2011/08/18 12:07:23.0534 4688 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    2011/08/18 12:07:23.0549 4688 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/08/18 12:07:23.0581 4688 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/08/18 12:07:23.0612 4688 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/08/18 12:07:23.0627 4688 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS
    wifi.sys
    2011/08/18 12:07:23.0690 4688 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers
    dis.sys
    2011/08/18 12:07:23.0721 4688 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS
    discap.sys
    2011/08/18 12:07:23.0752 4688 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS
    distapi.sys
    2011/08/18 12:07:23.0799 4688 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS
    disuio.sys
    2011/08/18 12:07:23.0862 4688 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS
    diswan.sys
    2011/08/18 12:07:23.0909 4688 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    2011/08/18 12:07:23.0924 4688 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS
    etbios.sys
    2011/08/18 12:07:23.0956 4688 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS
    etbt.sys
    2011/08/18 12:07:24.0018 4688 netr28x (7ef8750b69d7dd0473009603bef3d841) C:\Windows\system32\DRIVERS
    etr28x.sys
    2011/08/18 12:07:24.0081 4688 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS
    frd960.sys
    2011/08/18 12:07:24.0112 4688 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/08/18 12:07:24.0143 4688 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers
    siproxy.sys
    2011/08/18 12:07:24.0221 4688 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    2011/08/18 12:07:24.0268 4688 NuidFltr (9924bdc1882f8c92335e26483bd1fb24) C:\Windows\system32\DRIVERS\NuidFltr.sys
    2011/08/18 12:07:24.0331 4688 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/08/18 12:07:24.0377 4688 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS
    vm62x64.sys
    2011/08/18 12:07:24.0424 4688 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS
    vmf6264.sys
    2011/08/18 12:07:24.0471 4688 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers
    vraid.sys
    2011/08/18 12:07:24.0518 4688 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers
    vstor.sys
    2011/08/18 12:07:24.0581 4688 nvstor64 (71b6ecd3c56fbf12fb1968da3953b703) C:\Windows\system32\DRIVERS
    vstor64.sys
    2011/08/18 12:07:24.0627 4688 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers
    v_agp.sys
    2011/08/18 12:07:24.0659 4688 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    2011/08/18 12:07:24.0706 4688 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/08/18 12:07:24.0752 4688 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    2011/08/18 12:07:24.0784 4688 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    2011/08/18 12:07:24.0815 4688 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    2011/08/18 12:07:24.0831 4688 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/08/18 12:07:24.0862 4688 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/08/18 12:07:24.0893 4688 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/08/18 12:07:24.0987 4688 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
    2011/08/18 12:07:25.0049 4688 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/08/18 12:07:25.0081 4688 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/08/18 12:07:25.0127 4688 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    2011/08/18 12:07:25.0206 4688 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/08/18 12:07:25.0252 4688 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/08/18 12:07:25.0268 4688 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/08/18 12:07:25.0299 4688 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/08/18 12:07:25.0331 4688 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/08/18 12:07:25.0393 4688 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/08/18 12:07:25.0424 4688 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/08/18 12:07:25.0440 4688 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/08/18 12:07:25.0502 4688 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/08/18 12:07:25.0518 4688 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/08/18 12:07:25.0549 4688 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/08/18 12:07:25.0596 4688 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    2011/08/18 12:07:25.0627 4688 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/08/18 12:07:25.0643 4688 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/08/18 12:07:25.0690 4688 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    2011/08/18 12:07:25.0737 4688 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    2011/08/18 12:07:25.0799 4688 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/08/18 12:07:25.0846 4688 RTHDMIAzAudService (c618475866f6a7129f64a55961c1bb8b) C:\Windows\system32\drivers\RtHDMIVX.sys
    2011/08/18 12:07:25.0909 4688 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    2011/08/18 12:07:25.0940 4688 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    2011/08/18 12:07:25.0987 4688 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/08/18 12:07:26.0034 4688 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/08/18 12:07:26.0049 4688 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/08/18 12:07:26.0081 4688 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/08/18 12:07:26.0096 4688 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/08/18 12:07:26.0143 4688 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    2011/08/18 12:07:26.0159 4688 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/08/18 12:07:26.0190 4688 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    2011/08/18 12:07:26.0221 4688 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/08/18 12:07:26.0268 4688 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/08/18 12:07:26.0284 4688 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/08/18 12:07:26.0315 4688 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/08/18 12:07:26.0362 4688 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/08/18 12:07:26.0424 4688 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    2011/08/18 12:07:26.0471 4688 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    2011/08/18 12:07:26.0518 4688 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/08/18 12:07:26.0596 4688 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/08/18 12:07:26.0612 4688 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    2011/08/18 12:07:26.0643 4688 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    2011/08/18 12:07:26.0674 4688 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    2011/08/18 12:07:26.0768 4688 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
    2011/08/18 12:07:26.0846 4688 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/08/18 12:07:26.0940 4688 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    2011/08/18 12:07:26.0956 4688 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/08/18 12:07:26.0987 4688 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/08/18 12:07:27.0034 4688 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    2011/08/18 12:07:27.0049 4688 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    2011/08/18 12:07:27.0143 4688 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/08/18 12:07:27.0190 4688 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    2011/08/18 12:07:27.0237 4688 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/08/18 12:07:27.0252 4688 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/08/18 12:07:27.0299 4688 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    2011/08/18 12:07:27.0346 4688 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    2011/08/18 12:07:27.0393 4688 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    2011/08/18 12:07:27.0424 4688 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/08/18 12:07:27.0471 4688 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    2011/08/18 12:07:27.0518 4688 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/08/18 12:07:27.0565 4688 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    2011/08/18 12:07:27.0612 4688 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/08/18 12:07:27.0674 4688 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/08/18 12:07:27.0737 4688 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/08/18 12:07:27.0768 4688 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/08/18 12:07:27.0815 4688 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/08/18 12:07:27.0877 4688 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/08/18 12:07:27.0893 4688 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/08/18 12:07:27.0940 4688 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    2011/08/18 12:07:27.0987 4688 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
    2011/08/18 12:07:28.0018 4688 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    2011/08/18 12:07:28.0049 4688 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/08/18 12:07:28.0065 4688 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/08/18 12:07:28.0096 4688 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    2011/08/18 12:07:28.0221 4688 VIAHdAudAddService (0486728d26398fb1d085c293233a8b8b) C:\Windows\system32\drivers\viahduaa.sys
    2011/08/18 12:07:28.0315 4688 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    2011/08/18 12:07:28.0346 4688 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    2011/08/18 12:07:28.0362 4688 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    2011/08/18 12:07:28.0393 4688 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    2011/08/18 12:07:28.0440 4688 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    2011/08/18 12:07:28.0471 4688 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    2011/08/18 12:07:28.0502 4688 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/08/18 12:07:28.0534 4688 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/08/18 12:07:28.0565 4688 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/08/18 12:07:28.0596 4688 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    2011/08/18 12:07:28.0627 4688 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/08/18 12:07:28.0643 4688 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/08/18 12:07:28.0659 4688 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/08/18 12:07:28.0706 4688 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/08/18 12:07:28.0737 4688 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/08/18 12:07:28.0784 4688 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/08/18 12:07:28.0815 4688 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/08/18 12:07:28.0877 4688 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/08/18 12:07:28.0924 4688 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    2011/08/18 12:07:28.0971 4688 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/08/18 12:07:29.0034 4688 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    2011/08/18 12:07:29.0065 4688 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/08/18 12:07:29.0112 4688 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    2011/08/18 12:07:29.0127 4688 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
    2011/08/18 12:07:29.0159 4688 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
    2011/08/18 12:07:29.0174 4688 Boot (0x1200) (b3d0137fac81190788b5e5dd49419020) \Device\Harddisk0\DR0\Partition0
    2011/08/18 12:07:29.0174 4688 Boot (0x1200) (d0ad8c88e18605cda534aa92fc1909d3) \Device\Harddisk1\DR1\Partition0
    2011/08/18 12:07:29.0190 4688 Boot (0x1200) (8b3e2815f1d77c71d4a080a2e8bae56d) \Device\Harddisk2\DR2\Partition0
    2011/08/18 12:07:29.0206 4688 ================================================================================
    2011/08/18 12:07:29.0206 4688 Scan finished
    2011/08/18 12:07:29.0206 4688 ================================================================================
    2011/08/18 12:07:29.0206 6100 Detected object count: 0
    2011/08/18 12:07:29.0206 6100 Actual detected object count: 0
  • Hmmm, ik denk dat we toch een diepere scan moeten doen.

    Overigens: TDSSKiller en dat McAfee tool mag je handmatig verwijderen (ook de logfiles).

    [b:880f2d01e6]Welk programma[/b:880f2d01e6]: ComboFix
    [b:880f2d01e6]Waarvoor/waarom[/b:880f2d01e6]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:880f2d01e6]Moeilijkheidsgraad[/b:880f2d01e6]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:880f2d01e6]Downloadlokatie[/b:880f2d01e6]: Dit programma absoluut naar het bureaublad downloaden!
    [b:880f2d01e6]Download ComboFix via één van deze locaties[/b:880f2d01e6]:
    [list:880f2d01e6][*:880f2d01e6][b:880f2d01e6]Bleepingcomputer[/b:880f2d01e6]
    [*:880f2d01e6][b:880f2d01e6]ForoSpyware[/b:880f2d01e6]
    [*:880f2d01e6][b:880f2d01e6]Geekstogo[/b:880f2d01e6][/list:u:880f2d01e6]
    [b:880f2d01e6]Hier[/b:880f2d01e6] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:880f2d01e6]Hier[/b:880f2d01e6] en [b:880f2d01e6]hier[/b:880f2d01e6] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:880f2d01e6]Voor alle duidelijkheid nogmaals[/b:880f2d01e6]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:880f2d01e6]Opmerkingen[/b:880f2d01e6]:
    [list:880f2d01e6][*:880f2d01e6] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:880f2d01e6]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:880f2d01e6]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:880f2d01e6]
    [b:880f2d01e6]ComboFix is opgestart[/b:880f2d01e6]:
    [list:880f2d01e6][*:880f2d01e6]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:880f2d01e6]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:880f2d01e6]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:880f2d01e6]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:880f2d01e6]Post de inhoud van dit logbestand in je volgende bericht.
    [*:880f2d01e6]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:880f2d01e6]
    [b:880f2d01e6]Belangrijke opmerking[/b:880f2d01e6]:
    [list:880f2d01e6][*:880f2d01e6][b:880f2d01e6]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:880f2d01e6][/b:880f2d01e6]
    [*:880f2d01e6][b:880f2d01e6]Illegal operation attempted on a registery key that has been marked for deletion.[/color:880f2d01e6][/b:880f2d01e6]
    [*:880f2d01e6][b:880f2d01e6]Start dan de computer opnieuw op.[/color:880f2d01e6][/b:880f2d01e6][/list:u:880f2d01e6]
  • Mocht Ff niet eens meeer starten.LOG
    ComboFix 11-08-18.01 - Anjo 18-08-2011 12:41:40.1.2 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.4095.2595 [GMT 2:00]
    Gestart vanuit: c:\users\Anjo\Desktop\ComboFix.exe
    AV: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
    FW: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-07-18 to 2011-08-18 ))))))))))))))))))))))))))))))
    .
    .
    2011-08-18 10:46 . 2011-08-18 10:46 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-08-18 06:29 . 2011-08-18 06:29 ——– d—–w- c:\users\Anjo\AppData\Roaming\Malwarebytes
    2011-08-18 06:29 . 2011-07-06 17:52 41272 —-a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-08-18 06:29 . 2011-08-18 06:29 ——– d—–w- c:\programdata\Malwarebytes
    2011-08-18 06:29 . 2011-08-18 06:29 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-08-18 06:29 . 2011-07-06 17:52 25912 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-17 23:19 . 2011-08-12 04:10 8862544 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{910CC1C8-CBA8-4FF6-B028-7FD40D8B241F}\mpengine.dll
    2011-08-17 20:12 . 2011-08-17 20:12 388096 —-a-r- c:\users\Anjo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-08-17 20:12 . 2011-08-17 20:12 ——– d—–w- c:\program files (x86)\Trend Micro
    2011-08-16 13:49 . 2011-08-16 13:49 ——– d—–w- c:\program files (x86)\NT Registry Optimizer
    2011-08-16 08:38 . 2011-08-16 09:49 ——– d—–w- c:\users\Anjo\AppData\Roaming\Auslogics
    2011-08-16 08:38 . 2011-08-16 09:18 ——– d—–w- c:\program files (x86)\Auslogics
    2011-08-13 21:54 . 2011-07-09 02:46 288768 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-08-13 21:52 . 2011-07-16 02:17 4608 —ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-08-10 10:07 . 2011-08-15 14:54 ——– d—–w- c:\programdata\opencpn
    2011-08-10 10:06 . 2011-08-10 10:07 ——– d—–w- c:\program files (x86)\OpenCPN
    2011-08-10 09:44 . 2011-08-10 09:44 ——– d—–w- c:\windows\system32\appmgmt
    2011-08-08 13:29 . 2011-08-08 13:29 18328 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-07-24 08:23 . 2011-07-24 08:23 ——– d—–w- c:\program files\Realtek
    2011-07-21 11:35 . 2011-07-21 11:35 ——– d—–w- c:\program files (x86)\Acronis
    2011-07-21 11:35 . 2011-07-21 11:35 ——– d—–w- c:\program files (x86)\Common Files\Acronis
    2011-07-21 11:34 . 2011-07-21 11:35 94272 —-a-w- c:\windows\SysWow64\drivers\snapman.sys
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-10 09:16 . 2011-04-18 09:22 3088 –sha-w- c:\programdata\KGyGaAvL.sys
    2011-07-16 04:26 . 2011-08-13 21:53 44032 —-a-w- c:\windows\apppatch\acwow64.dll
    2011-06-23 10:14 . 2011-05-15 12:44 404640 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-06-11 03:07 . 2011-07-13 13:33 3137536 —-a-w- c:\windows\system32\win32k.sys
    2011-05-24 17:14 . 2011-03-24 20:14 270720 ——w- c:\windows\system32\MpSigStub.exe
    2011-05-24 11:42 . 2011-06-29 00:16 404480 —-a-w- c:\windows\system32\umpnpmgr.dll
    2011-05-24 10:40 . 2011-06-29 00:16 44544 —-a-w- c:\windows\SysWow64\devrtl.dll
    2011-05-24 10:40 . 2011-06-29 00:16 64512 —-a-w- c:\windows\SysWow64\devobj.dll
    2011-05-24 10:39 . 2011-06-29 00:16 145920 —-a-w- c:\windows\SysWow64\cfgmgr32.dll
    2011-05-24 10:37 . 2011-06-29 00:16 252928 —-a-w- c:\windows\SysWow64\drvinst.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
    "HomingBeacon Client"="c:\program files (x86)\HomingBeacon.NET\hb3gui.exe" [2008-12-29 1118208]
    "DriverMax"="c:\program files (x86)\Innovative Solutions\DriverMax\devices.exe" [2011-07-07 9245096]
    "DriverMax_RESTART"="c:\program files (x86)\Innovative Solutions\DriverMax\devices.exe" [2011-07-07 9245096]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "F-Secure Manager"="c:\program files (x86)\Internetbeveiliging\Common\FSM32.EXE" [2009-08-05 199264]
    "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-10-18 110592]
    .
    c:\users\Anjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoThumbnailCache"= 1 (0x1)
    "DisableThumbnailsOnNetworkFolders"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [x]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 F-Secure Filter;F-Secure File System Filter;c:\program files (x86)\Internetbeveiliging\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776]
    R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files (x86)\Internetbeveiliging\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184]
    S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Internetbeveiliging\HIPS\drivers\fshs.sys [2009-08-05 57920]
    S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]
    S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [x]
    S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys [2009-08-05 14904]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AcronisAgent;Acronis Remote Agent;c:\program files (x86)\Common Files\Acronis\Agent\agent.exe [2005-10-18 59904]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 HomingBeacon;HomingBeacon Dynamic DNS;c:\program files (x86)\HomingBeacon.NET\hb3svc.exe [2008-12-29 68096]
    S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
    S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
    S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [2011-03-24 194728]
    S3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Internetbeveiliging\ORSP Client\fsorsp.exe [2011-03-24 63992]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
    S3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS
    etr28x.sys [x]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
    2010-02-16 17:02 114688 —-a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"="c:\combofix\CF18477.cfxxe" [X]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: &Verzenden naar OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    LSP: c:\program files (x86)\Internetbeveiliging\FSPS\program\FSLSP.DLL
    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
    FF - ProfilePath - c:\users\Anjo\AppData\Roaming\Mozilla\Firefox\Profiles\kgmos94d.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=
    FF - prefs.js: network.proxy.type - 0
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_USERS\S-1-5-21-1242203046-565960955-3287484902-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (S-1-5-21-1242203046-565960955-3287484902-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="Outlook.File.eml.14"
    .
    [HKEY_USERS\S-1-5-21-1242203046-565960955-3287484902-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (S-1-5-21-1242203046-565960955-3287484902-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="Outlook.File.vcf.14"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    c:\program files (x86)\Internetbeveiliging\Anti-Virus\fsgk32st.exe
    c:\program files (x86)\Internetbeveiliging\Anti-Virus\FSGK32.EXE
    c:\program files (x86)\Internetbeveiliging\Common\FSMA32.EXE
    c:\program files (x86)\Internetbeveiliging\Common\FSHDLL32.EXE
    c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\program files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
    c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
    c:\program files (x86)\Internetbeveiliging\Anti-Virus\fssm32.exe
    c:\program files (x86)\TeamViewer\Version6\tv_w32.exe
    c:\program files (x86)\Internetbeveiliging\Anti-Virus\fsav32.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-08-18 12:52:40 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-08-18 10:52
    .
    Pre-Run: 156.343.652.352 bytes beschikbaar
    Post-Run: 156.216.135.680 bytes beschikbaar
    .
    - - End Of File - - A58E5CA6F45A6D71BB55652E33F2005E
  • Je kon firefox niet meer staten na de Combofixscan?

    Er is volgens het log niets verwijderd; het log zelf ziet er ook goed uit.
  • Er kwam een kreet dat er een registersleutel die in aanmerking kwam voor verwijderen zou worden aangesproken. Kon niets meer starten, dus maar een reboot. vervolgens liep alles weer, dus log geplaatst.
    Mijn outlook doet wel weer wazig, maar dat zal wel een andere oorzaak hebben, ik vraag teveel van dat progsel LOL
  • Je mag het volgende doen:

    download [b:62be521c08]MsnCleaner_eng.zip[/b:62be521c08] naar je bureaublad, pak het bestand alvast uit maar gebruik het nog niet.

    [list:62be521c08][*:62be521c08] Herstart je computer nu naar Veilige modus.
    [*:62be521c08] Klik/Dubbelklik op [b:62be521c08]MsnCleaner_eng.exe[/b:62be521c08] om het tool te starten.[/list:u:62be521c08]

    [list:62be521c08][*:62be521c08] Klik nu onder de knop 'Exit' op 'English' en kies dan voor 'Dutch'.[/list:u:62be521c08]

    [list:62be521c08][*:62be521c08] Klik vervolgens op de knop 'Analyze'.
    [*:62be521c08] Is de analyze gereed, wordt er een rapport gemaakt.[/list:u:62be521c08]

    [list:62be521c08][*:62be521c08] Indien er een infectie is gevonden, klik dan op de knop 'Verwijder".[/list:u:62be521c08]

    [list:62be521c08][*:62be521c08] Hertstart nu de computer naar normale modus.
    [*:62be521c08] Post vervolgens de inhoud van het log dat je vindt in 'C:\MsnCleaner.txt'[/list:u:62be521c08]
  • Schoon, LOL
    - Logbestand MSNCleaner 1.7.5 by www.forospyware.com
    - Aangemaakt logbestand: 18-8-2011 on 16:07:48
    - Besturingssyssteem: Windows 7
    - Boot modus: Veilige modus met netwerk support
    _________________________________________

    Gedetecteerde bestanden: 0
    Verwijderde bestanden: 0
    Niet verwijderde bestanden: 0

    <<<<<<< Geen bestand gevonden >>>>>>>


    Je had wel meegekregen dat ik de PC weer kan benaderen??
  • Ja, dat had ik al gelezen.

    En hoe draait nu deze Windows.
  • Over t algemeen redelijk. Outlook wil bepaalde dingen niet, maar daar heb ik wel een bypass voor.Verder geen bijzonderheden. Ik ben weer tevreden , tenzij jij nog dingen hebt…
  • Jazeker.

    [b:0039af5372]Welk programma[/b:0039af5372]: "aswMBR.exe'
    [b:0039af5372]Waarvoor/waarom[/b:0039af5372]: MBR-Rootkitscanner
    [b:0039af5372]Moeilijkheidsgraad[/b:0039af5372]: geen
    [b:0039af5372]Downloadlokatie[/b:0039af5372]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
    [b:0039af5372]Download[/b:0039af5372] [b:0039af5372]aswMBR.exe[/b:0039af5372] [b:0039af5372]hier[/b:0039af5372].


    [b:0039af5372]aswMBR.exe gebruiken[/b:0039af5372]:
    [list:0039af5372][*:0039af5372]Windows 2000 en Windows XP: start "aswMBR.exe" middels dubbelklik op "aswMBR.exe".
    [*:0039af5372]Windows Vista en Windows 7: start "aswMBR.exe" middels rechtsklik op "aswMBR.exe" en kies jij voor [b:0039af5372]Als Administrator uitvoeren[/b:0039af5372].[/list:u:0039af5372]

    [img:0039af5372]http://www.imgdumper.nl/uploads4/4db3f87694fe9/4db3f87693886-aswmbrscan.gif[/img:0039af5372]
    [list:0039af5372][*:0039af5372] Klik nu in het zwarte scherm op de knop [b:0039af5372]Scan[/b:0039af5372]
    [*:0039af5372] Als de melding "Scan finished successfully" komt, klik dan vervolgens op de knop [b:0039af5372]Save log[/b:0039af5372][/list:u:0039af5372]
    [img:0039af5372]http://www.imgdumper.nl/uploads4/4db3f8e71343a/4db3f8e71288d-aswmbrsavelog.gif[/img:0039af5372]
    [list:0039af5372][*:0039af5372] Het makkelijkst is het, als opslaglokatie voor het log gewoon het bureaublad te kiezen.
    [*:0039af5372] Tevens vindt je nu op het bureaublad ook het bestand [b:0039af5372]MBR.dat[/b:0039af5372]!
    [*:0039af5372] [b:0039af5372]MBR.dat[/b:0039af5372] is een backupbestand, bewaar dat dus voorlopig.
    [*:0039af5372] Ook op het bureaublad staat een kladbloktekst-document genaamd [b:0039af5372]aswMBR.txt[/b:0039af5372]
    [*:0039af5372] Post de inhoud van [b:0039af5372]aswMBR.txt[/b:0039af5372] in jouw volgende bericht.[/list:u:0039af5372]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.