Vraag & Antwoord

Beveiliging & privacy

PC niet meer benaderbaar in eigen netwerk

27 antwoorden
  • Vrienden. Van de week opeens mijn hoofdpc niet meer benaderbaar vanaf mn andere machines. Ik kan m wel pingen en via teamviewer is hij ook te benaderen. Enige wat ik bij mijn weten geinstallerd heb kortgeleden is die Auslogics suite om te kijken of t iets voor me is. MBAM zegt niets, dus svp controle HJT Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:13:10, on 17-8-2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files (x86)\Internetbeveiliging\Common\FSM32.EXE C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://nl.woofi.info R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=17434 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://nl.woofi.info R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.woofi.info R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Internetbeveiliging\NRS\iescript\baselitmus.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Internetbeveiliging\NRS\iescript\baselitmus.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\Internetbeveiliging\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [HomingBeacon Client] "C:\Program Files (x86)\HomingBeacon.NET\hb3gui.exe" /minimized O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -agent O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -RESTART O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Acronis Remote Agent (AcronisAgent) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\fsgk32st.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\ORSP Client\fsorsp.exe O23 - Service: HomingBeacon Dynamic DNS (HomingBeacon) - ChangeIP.com - C:\Program Files (x86)\HomingBeacon.NET\hb3svc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10919 bytes
  • Hallo Anjo, er zit IP-verander-software in jouw Windows, mogelijk dat daardoor de PC niet meer gezien wordt. [b:a694fc072e]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:a694fc072e] [color=Blue:a694fc072e][list:a694fc072e][*:a694fc072e]Lees alle instrukties goed door. [*:a694fc072e]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat serieuze problemen in Windows veroorzaken. [*:a694fc072e]Onthou je van het gebruik van tools cq. updates anders dan die ik jou adviseer te gebruiken. [*:a694fc072e]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken. [*:a694fc072e]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht. [*:a694fc072e]De fix, eenmaal gestart, moet afgewerkt worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:a694fc072e][/color:a694fc072e] [color=#FF0000:a694fc072e][b:a694fc072e]Stap •1•[/b:a694fc072e][/color:a694fc072e] [Sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:a694fc072e]Fix checked[/b:a694fc072e] klikt! Start nu HijackThis middels rechtsklik met Administratorrechten (lukt dat niet ga dan naar de installatielokatie van HijackThis en start "hijackthis.exe" vervolgens met administratorrechten.)en klik op de knop [b:a694fc072e]Do a Scan only, R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://nl.woofi.info R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=17434 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://nl.woofi.info R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.woofi.info[/b:a694fc072e] [list:a694fc072e][*:a694fc072e] zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen [*:a694fc072e] Sluit nu de webbrowser en vervolgens klik je daarna op de knop [b:a694fc072e]Fix checked[/b:a694fc072e] [*:a694fc072e] Klik hierna HijackThis op uit.[/list:u:a694fc072e] [color=#FF0000:a694fc072e][b:a694fc072e]Stap •2•[/b:a694fc072e][/color:a694fc072e] [[b:a694fc072e]Welk programma[/b:a694fc072e]: Kaspersky [b:a694fc072e]TDSSKiller[/b:a694fc072e] [b:a694fc072e]Waarvoor/waarom[/b:a694fc072e]: Rootkitscanner [b:a694fc072e]Moeilijkheidsgraad[/b:a694fc072e]: geen [b:a694fc072e]Downloadlokatie[/b:a694fc072e]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen! [b:a694fc072e]Download[/b:a694fc072e] [b:a694fc072e]TDSSKiller[/b:a694fc072e] [url=http://support.kaspersky.com/downloads/utils/tdsskiller.zip][b:a694fc072e]hier[/b:a694fc072e][/url]. [b:a694fc072e]Installatie[/b:a694fc072e]: [list:a694fc072e][*:a694fc072e] pak het bestand uit op je bureaublad.[/list:u:a694fc072e] [b:a694fc072e]TDSSKiller gebruiken[/b:a694fc072e]: [list:a694fc072e][*:a694fc072e]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe. [*:a694fc072e]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:a694fc072e]Als Administrator uitvoeren[/b:a694fc072e]. [*:a694fc072e]Idien TDSSKiller met een bericht komt over een beschikbare update, dan voer je deze eerst uit.[/list:u:a694fc072e] [img:a694fc072e]http://www.imgdumper.nl/uploads4/4dc1d6438f791/4dc1d6438d897-TDSSKiller_2011-05-05_00-26-21.jpg[/img:a694fc072e] [list:a694fc072e][*:a694fc072e]Klik vervolgens op de knop [b:a694fc072e]"Start Scan"[/b:a694fc072e] en volg de instructies. [*:a694fc072e] Nadat de scan klaar is klik je op de knop [b:a694fc072e]"Report"[/b:a694fc072e]. [*:a694fc072e]Er opent een kladblokbestand. Post de inhoud van dit bestand. [list:a694fc072e][*:a694fc072e][b:a694fc072e]Herstart de pc indien TDSSKiller die optie aangeeft (Reboot now).[/b:a694fc072e] [*:a694fc072e]Wanneer het opnieuw opstarten noodzakelijk is, vind je de logfile in [b:a694fc072e]C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt[/b:a694fc072e][/list:u:a694fc072e][/list:u:a694fc072e] [color=#FF0000:a694fc072e][b:a694fc072e]Stap •3•[/b:a694fc072e][/color:a694fc072e] [b:a694fc072e]Welk programma[/b:a694fc072e]: Malwarebytes MBAM [b:a694fc072e]Waarvoor/waarom[/b:a694fc072e]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware. [b:a694fc072e]Moeilijkheidsgraad[/b:a694fc072e]: geen. [b:a694fc072e]Download Malwarebytes MBAM via één van deze locaties[/b:a694fc072e]: [list:a694fc072e][*:a694fc072e][url=http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?][b:a694fc072e]Download.com[/b:a694fc072e][/url] [*:a694fc072e][url=http://www.softpedia.com/result.php?sid=&pid=1-423&r=Z2V0L0FudGl2aXJ1cy9NYWx3YXJlYnl0ZXMtQW50aS1NYWx3YXJlLnNodG1s][b:a694fc072e]Softpedia.com[/b:a694fc072e][/url][*:a694fc072e][url=http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html][b:a694fc072e]Majorgeeks.com[/b:a694fc072e][/url][/list:u:a694fc072e] [b:a694fc072e]Allereerst[/b:a694fc072e]:[list:a694fc072e][*:a694fc072e] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus. [*:a694fc072e] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'! [/list:u:a694fc072e] [b:a694fc072e]Malwarebytes MBAM opstarten[/b:a694fc072e]: Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling. Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren. [list:a694fc072e][*:a694fc072e][b:a694fc072e]Let op:[/b:a694fc072e] [list:a694fc072e][*:a694fc072e]Malwarebytes verstrekt nu de volledige versie van MBAM. [*:a694fc072e]Bij de eerstse start kijg je de mogelijkheid de volledige versie te gebruiken of de gratis versie. [*:a694fc072e]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken. [*:a694fc072e]Zodoende zal MBAM als gratis versie verder te gebruiken zijn[/list:u:a694fc072e][/list:u:a694fc072e] [img:a694fc072e]http://img30.imageshack.us/img30/3928/mbam2.png[/img:a694fc072e] [list:a694fc072e][*:a694fc072e][b:a694fc072e]Doe ook nog het volgende:[/b:a694fc072e] [list:a694fc072e][*:a694fc072e]Zodra het programma gestart is, ga dan naar het tabblad "[b:a694fc072e]Instellingen[/b:a694fc072e]". [*:a694fc072e]Vink hier aan: "[b:a694fc072e]Sluit Internet Explorer tijdens verwijdering van malware[/b:a694fc072e]".[/list:u:a694fc072e][/list:u:a694fc072e] [b:a694fc072e]Scannen[/b:a694fc072e]: [list:a694fc072e][*:a694fc072e] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'. [*:a694fc072e]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'. [*:a694fc072e]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:a694fc072e] [b:a694fc072e]Infecties gevonden[/b:a694fc072e]: [list:a694fc072e][*:a694fc072e]Klik nu eerst op OK om de melding weg te klikken [*:a694fc072e]Klik vervolgens rechtsonder op de knop Bekijk resultaten. [*:a694fc072e]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde. [*:a694fc072e]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [*:a694fc072e]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken! [*:a694fc072e]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:a694fc072e] [b:a694fc072e]MBAM-Log[/b:a694fc072e]: [list:a694fc072e][*:a694fc072e] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:a694fc072e] [b:a694fc072e]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:a694fc072e] [color=#FF0000:a694fc072e][b:a694fc072e]Stap •4•[/b:a694fc072e][/color:a694fc072e] [b:a694fc072e]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:a694fc072e] [list:a694fc072e][*:a694fc072e] een nieuw Hijackthis-log [*:a694fc072e]TDSSKiller-log [*:a694fc072e] MBAM scanlog[/list:u:a694fc072e]
  • Ik heb idd Homingbeacon draaien , maar dat is ivm een ftpservertje. Ziggo doet aan DHCP en dan kan ik vanuit de haven mn bestanden niet meer vinden via ftp. Als dat later teruggezet mag worden , graag. ga scans doen in de loop vd ochtend :P Ipadres intern zit gewoon in mijn eigen IP range.
  • Hoi Anjo, ik vind via Google dat de [b:1ee77b72a4]HomingBeacon Client[/b:1ee77b72a4] een IP-veranderander is. En indien deze PC achter een router zit aangesloten, lijkt mij dat tool volkomen overbodig! [img:1ee77b72a4]http://www.imgdumper.nl/uploads4/4e4cb3c714fcf/4e4cb3c711174-hb-main.jpg[/img:1ee77b72a4]
  • HomingBeacon is geen IP-veranderaar, het is een Dynamic DNS client. Zou niet in de weg mogen zitten.
  • LOGS Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:42:01, on 18-8-2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files (x86)\Internetbeveiliging\Common\FSM32.EXE C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Internetbeveiliging\NRS\iescript\baselitmus.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Internetbeveiliging\NRS\iescript\baselitmus.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\Internetbeveiliging\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [HomingBeacon Client] "C:\Program Files (x86)\HomingBeacon.NET\hb3gui.exe" /minimized O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -agent O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -RESTART O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Acronis Remote Agent (AcronisAgent) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\fsgk32st.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\ORSP Client\fsorsp.exe O23 - Service: HomingBeacon Dynamic DNS (HomingBeacon) - ChangeIP.com - C:\Program Files (x86)\HomingBeacon.NET\hb3svc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10439 bytes McAfee(R) Rootkit Detective 1.1 scan report On 25-05-2009 at 12:39:32 OS-Version 5.1.2600 Service Pack 3.0 ==================================== Object-Type: SSDT-hook Object-Name: ZwAlertResumeThread Object-Path: (NULL) Object-Type: SSDT-hook Object-Name: ZwAlertThread Object-Path: (NULL) Object-Type: SSDT-hook Object-Name: ZwAllocateVirtualMemory Object-Path: (NULL) Object-Type: SSDT-hook Object-Name: ZwCreateMutant Object-Path: (NULL) Object-Type: SSDT-hook Object-Name: ZwCreateThread Object-Path: (NULL) Object-Type: SSDT-hook Object-Name: ZwDeleteValueKey Object-Path: C:\Program Files\Symantec\SYMEVENT.SYS Object-Type: SSDT-hook Object-Name: ZwFreeVirtualMemory Object-Path: (NULL) Object-Type: SSDT-hook Object-Name: ZwImpersonateAnonymousToken Object-Path: (NULL) Object-Type: SSDT-hook Object-Name: ZwImpersonateThread Object-Path: (NULL) Object-Type: SSDT-hook Object-Name: ZwMapViewOfSection Object-Path: (NULL) Object-Type: SSDT-hook Object-Name: ZwOpenEvent Object-Path: (NULL) Object-Type: SSDT-hook Object-Name: ZwOpenProcessToken Object-Path: (NULL) Object-Type: SSDT-hook Object-Name: ZwOpenThreadToken Object-Path: (NULL) Object-Type: SSDT-hook Object-Name: ZwQueryValueKey Object-Path: (NULL) Object-Type: SSDT-hook Object-Name: ZwResumeThread Object-Path: (NULL) Object-Type: SSDT-hook Object-Name: ZwSetContextThread Object-Path: (NULL) Object-Type: SSDT-hook Object-Name: ZwSetInformationProcess Object-Path: (NULL) Object-Type: SSDT-hook Object-Name: ZwSetInformationThread Object-Path: (NULL) Object-Type: SSDT-hook Object-Name: ZwSetValueKey Object-Path: C:\Program Files\Symantec\SYMEVENT.SYS Object-Type: SSDT-hook Object-Name: ZwSuspendProcess Object-Path: (NULL) Object-Type: SSDT-hook Object-Name: ZwSuspendThread Object-Path: (NULL) Object-Type: SSDT-hook Object-Name: ZwTerminateProcess Object-Path: (NULL) Object-Type: SSDT-hook Object-Name: ZwTerminateThread Object-Path: (NULL) Object-Type: SSDT-hook Object-Name: ZwUnmapViewOfSection Object-Path: (NULL) Object-Type: SSDT-hook Object-Name: ZwWriteVirtualMemory Object-Path: (NULL) Object-Type: Process Object-Name: services.exe Pid: 836 Object-Path: C:\WINDOWS\system32\services.exe Status: Visible Object-Type: Process Object-Name: System Idle Process Pid: 0 Object-Path: Status: Visible Object-Type: Process Object-Name: ctfmon.exe Pid: 496 Object-Path: C:\WINDOWS\system32\ctfmon.exe Status: Visible Object-Type: Process Object-Name: svchost.exe Pid: 1148 Object-Path: C:\WINDOWS\System32\svchost.exe Status: Visible Object-Type: Process Object-Name: ccSetMgr.exe Pid: 1304 Object-Path: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe Status: Visible Object-Type: Process Object-Name: MOM.exe Pid: 312 Object-Path: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE Status: Visible Object-Type: Process Object-Name: HPZipm12.exe Pid: 2296 Object-Path: C:\WINDOWS\system32\HPZipm12.exe Status: Visible Object-Type: Process Object-Name: System Pid: 4 Object-Path: Status: Visible Object-Type: Process Object-Name: ccEvtMgr.exe Pid: 1492 Object-Path: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe Status: Visible Object-Type: Process Object-Name: svchost.exe Pid: 1028 Object-Path: C:\WINDOWS\system32\svchost.exe Status: Visible Object-Type: Process Object-Name: pds.exe Pid: 2084 Object-Path: C:\WINDOWS\system32\CBA\pds.exe Status: Visible Object-Type: Process Object-Name: oodag.exe Pid: 2272 Object-Path: C:\WINDOWS\system32\oodag.exe Status: Visible Object-Type: Process Object-Name: Rootkit_Detecti Pid: 164 Object-Path: G:\Rootkit_Detective.exe Status: Visible Object-Type: Process Object-Name: LUCOMS~1.EXE Pid: 2180 Object-Path: C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE Status: Visible Object-Type: Process Object-Name: lsass.exe Pid: 848 Object-Path: C:\WINDOWS\system32\lsass.exe Status: Visible Object-Type: Process Object-Name: explorer.exe Pid: 1716 Object-Path: C:\WINDOWS\Explorer.EXE Status: Visible Object-Type: Process Object-Name: svchost.exe Pid: 2336 Object-Path: C:\WINDOWS\system32\svchost.exe Status: Visible Object-Type: Process Object-Name: csrss.exe Pid: 756 Object-Path: C:\WINDOWS\system32\csrss.exe Status: Visible Object-Type: Process Object-Name: msmsgs.exe Pid: 508 Object-Path: C:\Program Files\Messenger\msmsgs.exe Status: Visible Object-Type: Process Object-Name: jqs.exe Pid: 2120 Object-Path: C:\Program Files\Java\jre6\bin\jqs.exe Status: Visible Object-Type: Process Object-Name: mdm.exe Pid: 2244 Object-Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe Status: Visible Object-Type: Process Object-Name: DefWatch.exe Pid: 1904 Object-Path: C:\Program Files\Symantec AntiVirus\DefWatch.exe Status: Visible Object-Type: Process Object-Name: smss.exe Pid: 696 Object-Path: C:\WINDOWS\System32\smss.exe Status: Visible Object-Type: Process Object-Name: TomTomHOMEServi Pid: 2432 Object-Path: C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe Status: Visible Object-Type: Process Object-Name: svchost.exe Pid: 1100 Object-Path: C:\WINDOWS\system32\svchost.exe Status: Visible Object-Type: Process Object-Name: ati2evxx.exe Pid: 1348 Object-Path: C:\WINDOWS\system32\Ati2evxx.exe Status: Visible Object-Type: Process Object-Name: spoolsv.exe Pid: 1844 Object-Path: C:\WINDOWS\system32\spoolsv.exe Status: Visible Object-Type: Process Object-Name: CCC.exe Pid: 852 Object-Path: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe Status: Visible Object-Type: Process Object-Name: Rtvscan.exe Pid: 2372 Object-Path: C:\Program Files\Symantec AntiVirus\Rtvscan.exe Status: Visible Object-Type: Process Object-Name: winlogon.exe Pid: 792 Object-Path: C:\WINDOWS\system32\winlogon.exe Status: Visible Object-Type: Process Object-Name: svchost.exe Pid: 1288 Object-Path: C:\WINDOWS\system32\svchost.exe Status: Visible Object-Type: Process Object-Name: SPBBCSvc.exe Pid: 1784 Object-Path: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe Status: Visible Object-Type: Process Object-Name: rapimgr.exe Pid: 420 Object-Path: F:\PROGRA~1\MICROS~2\rapimgr.exe Status: Visible Object-Type: Process Object-Name: TomTomHOMERunne Pid: 452 Object-Path: C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe Status: Visible Object-Type: Process Object-Name: McciCMService.e Pid: 2220 Object-Path: C:\Program Files\Common Files\Motive\McciCMService.exe Status: Visible Object-Type: Process Object-Name: ati2evxx.exe Pid: 1012 Object-Path: C:\WINDOWS\system32\Ati2evxx.exe Status: Visible Object-Type: Process Object-Name: ccApp.exe Pid: 268 Object-Path: C:\Program Files\Common Files\Symantec Shared\ccApp.exe Status: Visible Object-Type: Process Object-Name: mbam.exe Pid: 488 Object-Path: F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Status: Visible Object-Type: Process Object-Name: wcescomm.exe Pid: 552 Object-Path: F:\Program Files\Microsoft ActiveSync\wcescomm.exe Status: Visible Object-Type: Process Object-Name: alg.exe Pid: 3032 Object-Path: C:\WINDOWS\System32\alg.exe Status: Visible Object-Type: Process Object-Name: svchost.exe Pid: 1204 Object-Path: C:\WINDOWS\system32\svchost.exe Status: Visible Object-Type: Process Object-Name: Thuishelp.exe Pid: 336 Object-Path: C:\Program Files\Thuishelp\Zesko\Thuishelp.exe Status: Visible Object-Type: Process Object-Name: wuauclt.exe Pid: 3932 Object-Path: C:\WINDOWS\system32\wuauclt.exe Status: Visible Scan complete. No hidden processes/files found. Total files scanned: 28581 Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Databaseversie: 7498 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 18-8-2011 8:40:16 mbam-log-2011-08-18 (08-40-16).txt Scantype: Snelle scan Objecten gescand: 170905 Verstreken tijd: 4 minuut/minuten, 43 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 2 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: c:\Users\Anjo\downloads\installer_ratdvd_0_78_1444_dutch.exe (PUP.SmsPay.PGen) -> Quarantined and deleted successfully. c:\Users\Anjo\downloads\messenger.exe (Trojan.Dropper) -> Quarantined and deleted successfully. Zaak gereboot, dus wacht ik af
  • Aanvulling Onderaan due HJT staan een hele zwik 023....file missing. In eerdere ( oude) probleemcases had ik die niet staan.... PC is intussen vanaf andere win7 machines weer benaderbaar, da's rap!!
  • [quote:78fc1db029="Hans60"]HomingBeacon is geen IP-veranderaar, het is een Dynamic DNS client. Zou niet in de weg mogen zitten.[/quote:78fc1db029] Je hebt absoluut gelijk, ik ben er even dieper ingedoken.
  • @ Abraham54: Mss mijn logs gemist, zal nl wel je antwoord op Homingbeacon, maar niets verder??
  • Hoi Anjo, schijnbaar hebben we elkaar gekruist met posten. Waar heb jij dat McAfee tool vandaan? Ik wil graag dat je alsnog TDSSKiller gebruikt! En die missing files - awel, dat is Hijackthis die nog steeds niet weet dat er behalve een System32 map is, maar ook een Syswow map zit in Win 64-bit.
  • EUHH, via jouw link... Dus maar opnieuw gedownload en op buroblad gezet, uitvoering als Admin 2011/08/18 12:07:11.0627 2920 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13 2011/08/18 12:07:11.0768 2920 ================================================================================ 2011/08/18 12:07:11.0768 2920 SystemInfo: 2011/08/18 12:07:11.0768 2920 2011/08/18 12:07:11.0768 2920 OS Version: 6.1.7601 ServicePack: 1.0 2011/08/18 12:07:11.0768 2920 Product type: Workstation 2011/08/18 12:07:11.0768 2920 ComputerName: ANJO-PC 2011/08/18 12:07:11.0768 2920 UserName: Anjo 2011/08/18 12:07:11.0768 2920 Windows directory: C:\Windows 2011/08/18 12:07:11.0768 2920 System windows directory: C:\Windows 2011/08/18 12:07:11.0768 2920 Running under WOW64 2011/08/18 12:07:11.0768 2920 Processor architecture: Intel x64 2011/08/18 12:07:11.0768 2920 Number of processors: 2 2011/08/18 12:07:11.0768 2920 Page size: 0x1000 2011/08/18 12:07:11.0768 2920 Boot type: Normal boot 2011/08/18 12:07:11.0768 2920 ================================================================================ 2011/08/18 12:07:13.0174 2920 Initialize success 2011/08/18 12:07:17.0237 4688 ================================================================================ 2011/08/18 12:07:17.0237 4688 Scan started 2011/08/18 12:07:17.0237 4688 Mode: Manual; 2011/08/18 12:07:17.0237 4688 ================================================================================ 2011/08/18 12:07:17.0971 4688 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 2011/08/18 12:07:18.0002 4688 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 2011/08/18 12:07:18.0018 4688 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 2011/08/18 12:07:18.0096 4688 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/08/18 12:07:18.0127 4688 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2011/08/18 12:07:18.0174 4688 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2011/08/18 12:07:18.0237 4688 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 2011/08/18 12:07:18.0268 4688 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 2011/08/18 12:07:18.0331 4688 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 2011/08/18 12:07:18.0362 4688 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 2011/08/18 12:07:18.0377 4688 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2011/08/18 12:07:18.0565 4688 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/08/18 12:07:18.0831 4688 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys 2011/08/18 12:07:18.0877 4688 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2011/08/18 12:07:18.0909 4688 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 2011/08/18 12:07:18.0956 4688 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/08/18 12:07:18.0987 4688 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 2011/08/18 12:07:19.0096 4688 AmUStor (92a848f962da91c631147d566414bb7e) C:\Windows\system32\drivers\AmUStor.SYS 2011/08/18 12:07:19.0143 4688 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 2011/08/18 12:07:19.0190 4688 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2011/08/18 12:07:19.0221 4688 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2011/08/18 12:07:19.0252 4688 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/08/18 12:07:19.0299 4688 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 2011/08/18 12:07:19.0331 4688 AtiHDAudioService (24a27378cef4a84e1ab56f0c7a18bbb2) C:\Windows\system32\drivers\AtihdW76.sys 2011/08/18 12:07:19.0377 4688 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2011/08/18 12:07:19.0409 4688 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2011/08/18 12:07:19.0440 4688 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2011/08/18 12:07:19.0471 4688 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/08/18 12:07:19.0518 4688 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 2011/08/18 12:07:19.0549 4688 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/08/18 12:07:19.0565 4688 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/08/18 12:07:19.0612 4688 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2011/08/18 12:07:19.0643 4688 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/08/18 12:07:19.0659 4688 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/08/18 12:07:19.0674 4688 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/08/18 12:07:19.0706 4688 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/08/18 12:07:19.0737 4688 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/08/18 12:07:19.0768 4688 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 2011/08/18 12:07:19.0784 4688 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2011/08/18 12:07:19.0846 4688 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2011/08/18 12:07:19.0893 4688 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/08/18 12:07:19.0924 4688 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 2011/08/18 12:07:19.0971 4688 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys 2011/08/18 12:07:19.0987 4688 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2011/08/18 12:07:20.0034 4688 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 2011/08/18 12:07:20.0081 4688 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/08/18 12:07:20.0127 4688 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 2011/08/18 12:07:20.0174 4688 dc3d (7f61fbe259c18666d8ddf862f13a5eb0) C:\Windows\system32\DRIVERS\dc3d.sys 2011/08/18 12:07:20.0252 4688 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 2011/08/18 12:07:20.0284 4688 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2011/08/18 12:07:20.0299 4688 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2011/08/18 12:07:20.0362 4688 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2011/08/18 12:07:20.0393 4688 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 2011/08/18 12:07:20.0456 4688 e.dentifier2 (a0d5450b3d4689dce4cbbc8268141c37) C:\Windows\system32\DRIVERS\aabed2.sys 2011/08/18 12:07:20.0534 4688 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2011/08/18 12:07:20.0596 4688 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2011/08/18 12:07:20.0643 4688 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 2011/08/18 12:07:20.0706 4688 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2011/08/18 12:07:20.0799 4688 F-Secure Filter (d4980588ed87f8bb16be43ddd0fbd5fe) C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\Win2K\FSfilter.sys 2011/08/18 12:07:20.0846 4688 F-Secure Gatekeeper (b0828e57f64688495b66ee736c36db92) C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys 2011/08/18 12:07:20.0924 4688 F-Secure HIPS (564af68fbec406cbecd42bfcbe144ef3) C:\Program Files (x86)\Internetbeveiliging\HIPS\drivers\fshs.sys 2011/08/18 12:07:20.0956 4688 F-Secure Recognizer (6ce1195511533c9359f91a9e63792f5e) C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\Win2K\FSrec.sys 2011/08/18 12:07:21.0002 4688 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2011/08/18 12:07:21.0034 4688 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2011/08/18 12:07:21.0065 4688 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2011/08/18 12:07:21.0096 4688 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2011/08/18 12:07:21.0112 4688 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/08/18 12:07:21.0174 4688 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 2011/08/18 12:07:21.0206 4688 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2011/08/18 12:07:21.0268 4688 FSES (b6925c095782204cc0887c25500a153a) C:\Windows\system32\drivers\fses.sys 2011/08/18 12:07:21.0284 4688 FSFW (272be8c84686f694e8c4eeaec592ea98) C:\Windows\system32\drivers\fsdfw.sys 2011/08/18 12:07:21.0331 4688 fsvista (3fcbe4e9c764e05505d4e4b1d6f36786) C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys 2011/08/18 12:07:21.0346 4688 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2011/08/18 12:07:21.0377 4688 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 2011/08/18 12:07:21.0409 4688 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/08/18 12:07:21.0424 4688 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2011/08/18 12:07:21.0487 4688 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 2011/08/18 12:07:21.0534 4688 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 2011/08/18 12:07:21.0565 4688 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/08/18 12:07:21.0581 4688 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2011/08/18 12:07:21.0612 4688 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2011/08/18 12:07:21.0643 4688 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 2011/08/18 12:07:21.0690 4688 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 2011/08/18 12:07:21.0752 4688 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 2011/08/18 12:07:21.0815 4688 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 2011/08/18 12:07:21.0846 4688 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 2011/08/18 12:07:21.0893 4688 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 2011/08/18 12:07:21.0940 4688 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2011/08/18 12:07:21.0971 4688 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 2011/08/18 12:07:21.0987 4688 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2011/08/18 12:07:22.0034 4688 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/08/18 12:07:22.0065 4688 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 2011/08/18 12:07:22.0096 4688 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2011/08/18 12:07:22.0112 4688 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2011/08/18 12:07:22.0143 4688 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 2011/08/18 12:07:22.0190 4688 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 2011/08/18 12:07:22.0206 4688 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/08/18 12:07:22.0221 4688 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/08/18 12:07:22.0252 4688 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys 2011/08/18 12:07:22.0299 4688 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys 2011/08/18 12:07:22.0315 4688 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2011/08/18 12:07:22.0362 4688 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2011/08/18 12:07:22.0409 4688 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/08/18 12:07:22.0424 4688 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/08/18 12:07:22.0456 4688 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/08/18 12:07:22.0487 4688 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/08/18 12:07:22.0518 4688 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2011/08/18 12:07:22.0534 4688 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys 2011/08/18 12:07:22.0549 4688 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys 2011/08/18 12:07:22.0612 4688 LVRS64 (ef586b959f747e74c76603ff16ae417b) C:\Windows\system32\DRIVERS\lvrs64.sys 2011/08/18 12:07:22.0690 4688 LVUVC64 (edf73bfa1bd24d74d1d64dc0ed28a7cd) C:\Windows\system32\DRIVERS\lvuvc64.sys 2011/08/18 12:07:22.0737 4688 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2011/08/18 12:07:22.0768 4688 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/08/18 12:07:22.0799 4688 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2011/08/18 12:07:22.0831 4688 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2011/08/18 12:07:22.0877 4688 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 2011/08/18 12:07:22.0909 4688 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2011/08/18 12:07:22.0940 4688 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 2011/08/18 12:07:22.0971 4688 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 2011/08/18 12:07:23.0002 4688 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2011/08/18 12:07:23.0049 4688 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 2011/08/18 12:07:23.0112 4688 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/08/18 12:07:23.0174 4688 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/08/18 12:07:23.0206 4688 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/08/18 12:07:23.0237 4688 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 2011/08/18 12:07:23.0268 4688 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 2011/08/18 12:07:23.0299 4688 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2011/08/18 12:07:23.0346 4688 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2011/08/18 12:07:23.0377 4688 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 2011/08/18 12:07:23.0409 4688 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2011/08/18 12:07:23.0440 4688 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/08/18 12:07:23.0440 4688 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2011/08/18 12:07:23.0502 4688 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 2011/08/18 12:07:23.0534 4688 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 2011/08/18 12:07:23.0549 4688 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2011/08/18 12:07:23.0581 4688 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/08/18 12:07:23.0612 4688 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2011/08/18 12:07:23.0627 4688 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2011/08/18 12:07:23.0690 4688 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 2011/08/18 12:07:23.0721 4688 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/08/18 12:07:23.0752 4688 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/08/18 12:07:23.0799 4688 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/08/18 12:07:23.0862 4688 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/08/18 12:07:23.0909 4688 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 2011/08/18 12:07:23.0924 4688 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2011/08/18 12:07:23.0956 4688 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 2011/08/18 12:07:24.0018 4688 netr28x (7ef8750b69d7dd0473009603bef3d841) C:\Windows\system32\DRIVERS\netr28x.sys 2011/08/18 12:07:24.0081 4688 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/08/18 12:07:24.0112 4688 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2011/08/18 12:07:24.0143 4688 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2011/08/18 12:07:24.0221 4688 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 2011/08/18 12:07:24.0268 4688 NuidFltr (9924bdc1882f8c92335e26483bd1fb24) C:\Windows\system32\DRIVERS\NuidFltr.sys 2011/08/18 12:07:24.0331 4688 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2011/08/18 12:07:24.0377 4688 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys 2011/08/18 12:07:24.0424 4688 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys 2011/08/18 12:07:24.0471 4688 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 2011/08/18 12:07:24.0518 4688 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 2011/08/18 12:07:24.0581 4688 nvstor64 (71b6ecd3c56fbf12fb1968da3953b703) C:\Windows\system32\DRIVERS\nvstor64.sys 2011/08/18 12:07:24.0627 4688 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 2011/08/18 12:07:24.0659 4688 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 2011/08/18 12:07:24.0706 4688 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2011/08/18 12:07:24.0752 4688 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 2011/08/18 12:07:24.0784 4688 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 2011/08/18 12:07:24.0815 4688 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 2011/08/18 12:07:24.0831 4688 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/08/18 12:07:24.0862 4688 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2011/08/18 12:07:24.0893 4688 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2011/08/18 12:07:24.0987 4688 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys 2011/08/18 12:07:25.0049 4688 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 2011/08/18 12:07:25.0081 4688 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2011/08/18 12:07:25.0127 4688 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 2011/08/18 12:07:25.0206 4688 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2011/08/18 12:07:25.0252 4688 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/08/18 12:07:25.0268 4688 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2011/08/18 12:07:25.0299 4688 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2011/08/18 12:07:25.0331 4688 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/08/18 12:07:25.0393 4688 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/08/18 12:07:25.0424 4688 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/08/18 12:07:25.0440 4688 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2011/08/18 12:07:25.0502 4688 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 2011/08/18 12:07:25.0518 4688 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/08/18 12:07:25.0549 4688 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/08/18 12:07:25.0596 4688 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 2011/08/18 12:07:25.0627 4688 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2011/08/18 12:07:25.0643 4688 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2011/08/18 12:07:25.0690 4688 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 2011/08/18 12:07:25.0737 4688 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 2011/08/18 12:07:25.0799 4688 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2011/08/18 12:07:25.0846 4688 RTHDMIAzAudService (c618475866f6a7129f64a55961c1bb8b) C:\Windows\system32\drivers\RtHDMIVX.sys 2011/08/18 12:07:25.0909 4688 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 2011/08/18 12:07:25.0940 4688 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 2011/08/18 12:07:25.0987 4688 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 2011/08/18 12:07:26.0034 4688 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/08/18 12:07:26.0049 4688 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2011/08/18 12:07:26.0081 4688 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2011/08/18 12:07:26.0096 4688 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2011/08/18 12:07:26.0143 4688 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 2011/08/18 12:07:26.0159 4688 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 2011/08/18 12:07:26.0190 4688 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 2011/08/18 12:07:26.0221 4688 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/08/18 12:07:26.0268 4688 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/08/18 12:07:26.0284 4688 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/08/18 12:07:26.0315 4688 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2011/08/18 12:07:26.0362 4688 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2011/08/18 12:07:26.0424 4688 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 2011/08/18 12:07:26.0471 4688 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 2011/08/18 12:07:26.0518 4688 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 2011/08/18 12:07:26.0596 4688 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2011/08/18 12:07:26.0612 4688 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 2011/08/18 12:07:26.0643 4688 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 2011/08/18 12:07:26.0674 4688 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 2011/08/18 12:07:26.0768 4688 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys 2011/08/18 12:07:26.0846 4688 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys 2011/08/18 12:07:26.0940 4688 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 2011/08/18 12:07:26.0956 4688 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2011/08/18 12:07:26.0987 4688 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2011/08/18 12:07:27.0034 4688 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 2011/08/18 12:07:27.0049 4688 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 2011/08/18 12:07:27.0143 4688 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/08/18 12:07:27.0190 4688 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 2011/08/18 12:07:27.0237 4688 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 2011/08/18 12:07:27.0252 4688 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2011/08/18 12:07:27.0299 4688 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 2011/08/18 12:07:27.0346 4688 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 2011/08/18 12:07:27.0393 4688 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 2011/08/18 12:07:27.0424 4688 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2011/08/18 12:07:27.0471 4688 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 2011/08/18 12:07:27.0518 4688 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/08/18 12:07:27.0565 4688 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 2011/08/18 12:07:27.0612 4688 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/08/18 12:07:27.0674 4688 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 2011/08/18 12:07:27.0737 4688 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 2011/08/18 12:07:27.0768 4688 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2011/08/18 12:07:27.0815 4688 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 2011/08/18 12:07:27.0877 4688 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/08/18 12:07:27.0893 4688 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/08/18 12:07:27.0940 4688 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 2011/08/18 12:07:27.0987 4688 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys 2011/08/18 12:07:28.0018 4688 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 2011/08/18 12:07:28.0049 4688 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/08/18 12:07:28.0065 4688 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2011/08/18 12:07:28.0096 4688 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 2011/08/18 12:07:28.0221 4688 VIAHdAudAddService (0486728d26398fb1d085c293233a8b8b) C:\Windows\system32\drivers\viahduaa.sys 2011/08/18 12:07:28.0315 4688 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 2011/08/18 12:07:28.0346 4688 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 2011/08/18 12:07:28.0362 4688 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 2011/08/18 12:07:28.0393 4688 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 2011/08/18 12:07:28.0440 4688 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 2011/08/18 12:07:28.0471 4688 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 2011/08/18 12:07:28.0502 4688 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/08/18 12:07:28.0534 4688 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 2011/08/18 12:07:28.0565 4688 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/08/18 12:07:28.0596 4688 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 2011/08/18 12:07:28.0627 4688 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2011/08/18 12:07:28.0643 4688 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 2011/08/18 12:07:28.0659 4688 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 2011/08/18 12:07:28.0706 4688 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2011/08/18 12:07:28.0737 4688 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2011/08/18 12:07:28.0784 4688 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/08/18 12:07:28.0815 4688 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2011/08/18 12:07:28.0877 4688 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/08/18 12:07:28.0924 4688 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 2011/08/18 12:07:28.0971 4688 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2011/08/18 12:07:29.0034 4688 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 2011/08/18 12:07:29.0065 4688 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/08/18 12:07:29.0112 4688 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 2011/08/18 12:07:29.0127 4688 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1 2011/08/18 12:07:29.0159 4688 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2 2011/08/18 12:07:29.0174 4688 Boot (0x1200) (b3d0137fac81190788b5e5dd49419020) \Device\Harddisk0\DR0\Partition0 2011/08/18 12:07:29.0174 4688 Boot (0x1200) (d0ad8c88e18605cda534aa92fc1909d3) \Device\Harddisk1\DR1\Partition0 2011/08/18 12:07:29.0190 4688 Boot (0x1200) (8b3e2815f1d77c71d4a080a2e8bae56d) \Device\Harddisk2\DR2\Partition0 2011/08/18 12:07:29.0206 4688 ================================================================================ 2011/08/18 12:07:29.0206 4688 Scan finished 2011/08/18 12:07:29.0206 4688 ================================================================================ 2011/08/18 12:07:29.0206 6100 Detected object count: 0 2011/08/18 12:07:29.0206 6100 Actual detected object count: 0
  • Hmmm, ik denk dat we toch een diepere scan moeten doen. Overigens: TDSSKiller en dat McAfee tool mag je handmatig verwijderen (ook de logfiles). [b:880f2d01e6]Welk programma[/b:880f2d01e6]: ComboFix [b:880f2d01e6]Waarvoor/waarom[/b:880f2d01e6]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:880f2d01e6]Moeilijkheidsgraad[/b:880f2d01e6]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:880f2d01e6]Downloadlokatie[/b:880f2d01e6]: Dit programma absoluut naar het bureaublad downloaden! [b:880f2d01e6]Download ComboFix via één van deze locaties[/b:880f2d01e6]: [list:880f2d01e6][*:880f2d01e6][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:880f2d01e6]Bleepingcomputer[/b:880f2d01e6][/url] [*:880f2d01e6][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:880f2d01e6]ForoSpyware[/b:880f2d01e6][/url] [*:880f2d01e6][url=http://subs.geekstogo.com/ComboFix.exe][b:880f2d01e6]Geekstogo[/b:880f2d01e6][/url][/list:u:880f2d01e6] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:880f2d01e6]Hier[/b:880f2d01e6][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:880f2d01e6]Hier[/b:880f2d01e6][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:880f2d01e6]hier[/b:880f2d01e6][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:880f2d01e6]Voor alle duidelijkheid nogmaals[/b:880f2d01e6]: ComboFix dient vanaf het bureaublad gestart te worden. [b:880f2d01e6]Opmerkingen[/b:880f2d01e6]: [list:880f2d01e6][*:880f2d01e6] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:880f2d01e6]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:880f2d01e6]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:880f2d01e6] [b:880f2d01e6]ComboFix is opgestart[/b:880f2d01e6]: [list:880f2d01e6][*:880f2d01e6]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:880f2d01e6]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:880f2d01e6]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:880f2d01e6]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:880f2d01e6]Post de inhoud van dit logbestand in je volgende bericht. [*:880f2d01e6]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:880f2d01e6] [b:880f2d01e6]Belangrijke opmerking[/b:880f2d01e6]: [list:880f2d01e6][*:880f2d01e6][b:880f2d01e6][color=Red:880f2d01e6]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:880f2d01e6][/b:880f2d01e6] [*:880f2d01e6][b:880f2d01e6][color=blue:880f2d01e6]Illegal operation attempted on a registery key that has been marked for deletion.[/color:880f2d01e6][/b:880f2d01e6] [*:880f2d01e6][b:880f2d01e6][color=Red:880f2d01e6]Start dan de computer opnieuw op.[/color:880f2d01e6][/b:880f2d01e6][/list:u:880f2d01e6]
  • Mocht Ff niet eens meeer starten.LOG ComboFix 11-08-18.01 - Anjo 18-08-2011 12:41:40.1.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.4095.2595 [GMT 2:00] Gestart vanuit: c:\users\Anjo\Desktop\ComboFix.exe AV: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} FW: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-07-18 to 2011-08-18 )))))))))))))))))))))))))))))) . . 2011-08-18 10:46 . 2011-08-18 10:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-18 06:29 . 2011-08-18 06:29 -------- d-----w- c:\users\Anjo\AppData\Roaming\Malwarebytes 2011-08-18 06:29 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-08-18 06:29 . 2011-08-18 06:29 -------- d-----w- c:\programdata\Malwarebytes 2011-08-18 06:29 . 2011-08-18 06:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-08-18 06:29 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-17 23:19 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{910CC1C8-CBA8-4FF6-B028-7FD40D8B241F}\mpengine.dll 2011-08-17 20:12 . 2011-08-17 20:12 388096 ----a-r- c:\users\Anjo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-08-17 20:12 . 2011-08-17 20:12 -------- d-----w- c:\program files (x86)\Trend Micro 2011-08-16 13:49 . 2011-08-16 13:49 -------- d-----w- c:\program files (x86)\NT Registry Optimizer 2011-08-16 08:38 . 2011-08-16 09:49 -------- d-----w- c:\users\Anjo\AppData\Roaming\Auslogics 2011-08-16 08:38 . 2011-08-16 09:18 -------- d-----w- c:\program files (x86)\Auslogics 2011-08-13 21:54 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-08-13 21:52 . 2011-07-16 02:17 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-08-10 10:07 . 2011-08-15 14:54 -------- d-----w- c:\programdata\opencpn 2011-08-10 10:06 . 2011-08-10 10:07 -------- d-----w- c:\program files (x86)\OpenCPN 2011-08-10 09:44 . 2011-08-10 09:44 -------- d-----w- c:\windows\system32\appmgmt 2011-08-08 13:29 . 2011-08-08 13:29 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-07-24 08:23 . 2011-07-24 08:23 -------- d-----w- c:\program files\Realtek 2011-07-21 11:35 . 2011-07-21 11:35 -------- d-----w- c:\program files (x86)\Acronis 2011-07-21 11:35 . 2011-07-21 11:35 -------- d-----w- c:\program files (x86)\Common Files\Acronis 2011-07-21 11:34 . 2011-07-21 11:35 94272 ----a-w- c:\windows\SysWow64\drivers\snapman.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-10 09:16 . 2011-04-18 09:22 3088 --sha-w- c:\programdata\KGyGaAvL.sys 2011-07-16 04:26 . 2011-08-13 21:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-06-23 10:14 . 2011-05-15 12:44 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-06-11 03:07 . 2011-07-13 13:33 3137536 ----a-w- c:\windows\system32\win32k.sys 2011-05-24 17:14 . 2011-03-24 20:14 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-05-24 11:42 . 2011-06-29 00:16 404480 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-05-24 10:40 . 2011-06-29 00:16 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2011-05-24 10:40 . 2011-06-29 00:16 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2011-05-24 10:39 . 2011-06-29 00:16 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2011-05-24 10:37 . 2011-06-29 00:16 252928 ----a-w- c:\windows\SysWow64\drvinst.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256] "HomingBeacon Client"="c:\program files (x86)\HomingBeacon.NET\hb3gui.exe" [2008-12-29 1118208] "DriverMax"="c:\program files (x86)\Innovative Solutions\DriverMax\devices.exe" [2011-07-07 9245096] "DriverMax_RESTART"="c:\program files (x86)\Innovative Solutions\DriverMax\devices.exe" [2011-07-07 9245096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "F-Secure Manager"="c:\program files (x86)\Internetbeveiliging\Common\FSM32.EXE" [2009-08-05 199264] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-10-18 110592] . c:\users\Anjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoThumbnailCache"= 1 (0x1) "DisableThumbnailsOnNetworkFolders"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [x] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 F-Secure Filter;F-Secure File System Filter;c:\program files (x86)\Internetbeveiliging\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776] R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files (x86)\Internetbeveiliging\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184] S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Internetbeveiliging\HIPS\drivers\fshs.sys [2009-08-05 57920] S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x] S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [x] S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys [2009-08-05 14904] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AcronisAgent;Acronis Remote Agent;c:\program files (x86)\Common Files\Acronis\Agent\agent.exe [2005-10-18 59904] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 HomingBeacon;HomingBeacon Dynamic DNS;c:\program files (x86)\HomingBeacon.NET\hb3svc.exe [2008-12-29 68096] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640] S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [2011-03-24 194728] S3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Internetbeveiliging\ORSP Client\fsorsp.exe [2011-03-24 63992] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}] 2010-02-16 17:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "combofix"="c:\combofix\CF18477.cfxxe" [X] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: &Verzenden naar OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 LSP: c:\program files (x86)\Internetbeveiliging\FSPS\program\FSLSP.DLL TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 FF - ProfilePath - c:\users\Anjo\AppData\Roaming\Mozilla\Firefox\Profiles\kgmos94d.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q= FF - prefs.js: network.proxy.type - 0 . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1242203046-565960955-3287484902-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-1242203046-565960955-3287484902-1001) @Denied: (2) (LocalSystem) "Progid"="Outlook.File.eml.14" . [HKEY_USERS\S-1-5-21-1242203046-565960955-3287484902-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (S-1-5-21-1242203046-565960955-3287484902-1001) @Denied: (2) (LocalSystem) "Progid"="Outlook.File.vcf.14" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\Acronis\Schedule2\schedul2.exe c:\program files (x86)\Internetbeveiliging\Anti-Virus\fsgk32st.exe c:\program files (x86)\Internetbeveiliging\Anti-Virus\FSGK32.EXE c:\program files (x86)\Internetbeveiliging\Common\FSMA32.EXE c:\program files (x86)\Internetbeveiliging\Common\FSHDLL32.EXE c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe c:\program files (x86)\Internetbeveiliging\Anti-Virus\fssm32.exe c:\program files (x86)\TeamViewer\Version6\tv_w32.exe c:\program files (x86)\Internetbeveiliging\Anti-Virus\fsav32.exe . ************************************************************************** . Voltooingstijd: 2011-08-18 12:52:40 - machine werd herstart ComboFix-quarantined-files.txt 2011-08-18 10:52 . Pre-Run: 156.343.652.352 bytes beschikbaar Post-Run: 156.216.135.680 bytes beschikbaar . - - End Of File - - A58E5CA6F45A6D71BB55652E33F2005E
  • Je kon firefox niet meer staten na de Combofixscan? Er is volgens het log niets verwijderd; het log zelf ziet er ook goed uit.
  • Er kwam een kreet dat er een registersleutel die in aanmerking kwam voor verwijderen zou worden aangesproken. Kon niets meer starten, dus maar een reboot. vervolgens liep alles weer, dus log geplaatst. Mijn outlook doet wel weer wazig, maar dat zal wel een andere oorzaak hebben, ik vraag teveel van dat progsel LOL
  • Je mag het volgende doen: download [url=http://www.infospyware.com/antimalware/msncleaner/][b:62be521c08]MsnCleaner_eng.zip[/b:62be521c08][/url] naar je bureaublad, pak het bestand alvast uit maar gebruik het nog niet. [list:62be521c08][*:62be521c08] Herstart je computer nu naar Veilige modus. [*:62be521c08] Klik/Dubbelklik op [b:62be521c08]MsnCleaner_eng.exe[/b:62be521c08] om het tool te starten.[/list:u:62be521c08] [list:62be521c08][*:62be521c08] Klik nu onder de knop 'Exit' op 'English' en kies dan voor 'Dutch'.[/list:u:62be521c08] [list:62be521c08][*:62be521c08] Klik vervolgens op de knop 'Analyze'. [*:62be521c08] Is de analyze gereed, wordt er een rapport gemaakt.[/list:u:62be521c08] [list:62be521c08][*:62be521c08] Indien er een infectie is gevonden, klik dan op de knop 'Verwijder".[/list:u:62be521c08] [list:62be521c08][*:62be521c08] Hertstart nu de computer naar normale modus. [*:62be521c08] Post vervolgens de inhoud van het log dat je vindt in 'C:\MsnCleaner.txt'[/list:u:62be521c08]
  • Schoon, LOL - Logbestand MSNCleaner 1.7.5 by www.forospyware.com - Aangemaakt logbestand: 18-8-2011 on 16:07:48 - Besturingssyssteem: Windows 7 - Boot modus: Veilige modus met netwerk support _________________________________________ Gedetecteerde bestanden: 0 Verwijderde bestanden: 0 Niet verwijderde bestanden: 0 <<<<<<< Geen bestand gevonden >>>>>>> Je had wel meegekregen dat ik de PC weer kan benaderen??
  • Ja, dat had ik al gelezen. En hoe draait nu deze Windows.
  • Over t algemeen redelijk. Outlook wil bepaalde dingen niet, maar daar heb ik wel een bypass voor.Verder geen bijzonderheden. Ik ben weer tevreden , tenzij jij nog dingen hebt...
  • Jazeker. [b:0039af5372]Welk programma[/b:0039af5372]: "aswMBR.exe' [b:0039af5372]Waarvoor/waarom[/b:0039af5372]: MBR-Rootkitscanner [b:0039af5372]Moeilijkheidsgraad[/b:0039af5372]: geen [b:0039af5372]Downloadlokatie[/b:0039af5372]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen! [b:0039af5372]Download[/b:0039af5372] [b:0039af5372]aswMBR.exe[/b:0039af5372] [url=http://public.avast.com/~gmerek/aswMBR.exe][b:0039af5372]hier[/b:0039af5372][/url]. [b:0039af5372]aswMBR.exe gebruiken[/b:0039af5372]: [list:0039af5372][*:0039af5372]Windows 2000 en Windows XP: start "aswMBR.exe" middels dubbelklik op "aswMBR.exe". [*:0039af5372]Windows Vista en Windows 7: start "aswMBR.exe" middels rechtsklik op "aswMBR.exe" en kies jij voor [b:0039af5372]Als Administrator uitvoeren[/b:0039af5372].[/list:u:0039af5372] [img:0039af5372]http://www.imgdumper.nl/uploads4/4db3f87694fe9/4db3f87693886-aswmbrscan.gif[/img:0039af5372] [list:0039af5372][*:0039af5372] Klik nu in het zwarte scherm op de knop [b:0039af5372]Scan[/b:0039af5372] [*:0039af5372] Als de melding "Scan finished successfully" komt, klik dan vervolgens op de knop [b:0039af5372]Save log[/b:0039af5372][/list:u:0039af5372] [img:0039af5372]http://www.imgdumper.nl/uploads4/4db3f8e71343a/4db3f8e71288d-aswmbrsavelog.gif[/img:0039af5372] [list:0039af5372][*:0039af5372] Het makkelijkst is het, als opslaglokatie voor het log gewoon het bureaublad te kiezen. [*:0039af5372] Tevens vindt je nu op het bureaublad ook het bestand [b:0039af5372]MBR.dat[/b:0039af5372]! [*:0039af5372] [b:0039af5372]MBR.dat[/b:0039af5372] is een backupbestand, bewaar dat dus voorlopig. [*:0039af5372] Ook op het bureaublad staat een kladbloktekst-document genaamd [b:0039af5372]aswMBR.txt[/b:0039af5372] [*:0039af5372] Post de inhoud van [b:0039af5372]aswMBR.txt[/b:0039af5372] in jouw volgende bericht.[/list:u:0039af5372]

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.