Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Systeembeheerder error

Abraham54
13 antwoorden
  • Hallo,

    Sinds een aantal dagen krijg ik de volgende error, o.a. bij het openen van m'n configuratiescherm: '
    "De bewerking is geannuleerd vanwege op uw systeem geldende beperkingen. Neem contact op met de systeembeheerder "

    Het gekke is dat ik de enige gebruiker van m'n pc ben en ik dus ook de administrator ben.

    Zou iemand me hiermee kunnen helpen??

    Alvast bedankt!

    Niels

    P.S. HiJackThis log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 13:03:12, on 10-9-2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\NVIDIA Corporation\Display
    vtray.exe
    C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe
    C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform
    mctxth.exe
    C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
    C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\real\realplayer\Update\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Steam\steam.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe
    C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl&source=iglk
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\ThreeShipsIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
    uncleanupscript
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform
    mctxth.exe"
    O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1043
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
    O4 - HKLM\..\Run: [Acronis Scheduler2Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-1422231524-2496150049-3347242632-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Startup: Registratie van FIFA 11.lnk = C:\Program Files\EA Sports\FIFA 11\Support\EAregister.exe
    O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} (sIKN Speler) - http://www.kerkomroep.nl/ocx/sIKNPlayer.cab
    O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/68.16/uploader2.cab
    O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3
    esources/VistaMSNPUplden-us.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E7637F18-B2C8-43E4-BCFE-BC3437DF469F} - https://server.userzoom.com/s/UserZoom.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Acronis Nonstop Backup-service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform
    msrvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
    vvsvc.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe


    End of file - 12318 bytes
  • Hoi Niellus, je log ziet er gewoon goed uit.
    Ook de beveiliging is dik in orde.

    [b:c99f119943]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:c99f119943]
    [list:c99f119943][*:c99f119943]Lees alle instrukties goed door.
    [*:c99f119943]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat serieuze problemen in Windows veroorzaken.
    [*:c99f119943]Onthou je van het gebruik van tools cq. updates anders dan die ik jou adviseer te gebruiken.
    [*:c99f119943]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken.
    [*:c99f119943]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht.
    [*:c99f119943]De fix, eenmaal gestart, moet afgewerkt worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:c99f119943][/color:c99f119943]


    [b:c99f119943]Stap •1•[/b:c99f119943][/color:c99f119943]
    [b:c99f119943]Welk programma[/b:c99f119943]: Microsoft Safety Scanner
    [b:c99f119943]Waarvoor/waarom[/b:c99f119943]: specialistische scanner van Microsoft om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:c99f119943]Moeilijkheidsgraad[/b:c99f119943]: geen.
    [quote:c99f119943]Opmerking: Microsoft Safety Scanner verloopt 10 dagen nadat het is gedownload.
    Als u opnieuw een scan wilt uitvoeren met de nieuwste definities ter voorkoming van schadelijke software,
    downloadt u Microsoft Safety Scanner opnieuw en voert u het opnieuw uit.[/quote:c99f119943]
    Dowload de [b:c99f119943]Microsoft Safety Scanner [/b:c99f119943]hier.

    Windows 2000 en Windows XP: start Microsoft's Safety Scanner middels dubbelklik op de snelkoppeling.
    Windows Vista en Windows 7: start Microsoft's Safety Scanner middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
    Zet vervolgens een vinkje bij "Ik accepteer de voorwaarden van de bovenstaande gebruiksovereenkomst".

    [b:c99f119943]Scannen[/b:c99f119943]:
    [list:c99f119943][*:c99f119943] Bij het starten van 'Microsoft's Safety Scanner', klik op de knop "Volgende", vervolgens kies je voor 'Snelle Scan'.
    [*:c99f119943]Het scannen duurt wel even, dus wees geduldig.[/list:u:c99f119943]

    [b:c99f119943]Stap •2•[/b:c99f119943][/color:c99f119943]
    [b:c99f119943]Welk programma[/b:c99f119943]: Malwarebytes MBAM
    [b:c99f119943]Waarvoor/waarom[/b:c99f119943]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:c99f119943]Moeilijkheidsgraad[/b:c99f119943]: geen.

    [b:c99f119943]Download Malwarebytes MBAM via één van deze locaties[/b:c99f119943]:
    [list:c99f119943][*:c99f119943][b:c99f119943]Download.com[/b:c99f119943]
    [*:c99f119943][b:c99f119943]Softpedia.com[/b:c99f119943][*:c99f119943][b:c99f119943]Majorgeeks.com[/b:c99f119943][/list:u:c99f119943]
    [b:c99f119943]Allereerst[/b:c99f119943]:[list:c99f119943][*:c99f119943] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
    [*:c99f119943] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'!
    [/list:u:c99f119943]
    [b:c99f119943]Malwarebytes MBAM opstarten[/b:c99f119943]:
    Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
    Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
    [list:c99f119943][*:c99f119943][b:c99f119943]Let op:[/b:c99f119943]
    [list:c99f119943][*:c99f119943]Malwarebytes verstrekt nu de volledige versie van MBAM.
    [*:c99f119943]Bij de eerstse start kijg je de mogelijkheid de volledige versie te gebruiken of de gratis versie.
    [*:c99f119943]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken.
    [*:c99f119943]Zodoende zal MBAM als gratis versie verder te gebruiken zijn[/list:u:c99f119943][/list:u:c99f119943]
    [img:c99f119943]http://img30.imageshack.us/img30/3928/mbam2.png[/img:c99f119943]

    [list:c99f119943][*:c99f119943][b:c99f119943]Doe ook nog het volgende:[/b:c99f119943]
    [list:c99f119943][*:c99f119943]Zodra het programma gestart is, ga dan naar het tabblad "[b:c99f119943]Instellingen[/b:c99f119943]".
    [*:c99f119943]Vink hier aan: "[b:c99f119943]Sluit Internet Explorer tijdens verwijdering van malware[/b:c99f119943]".[/list:u:c99f119943][/list:u:c99f119943]

    [b:c99f119943]Scannen[/b:c99f119943]:
    [list:c99f119943][*:c99f119943] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
    [*:c99f119943]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
    [*:c99f119943]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:c99f119943]
    [b:c99f119943]Infecties gevonden[/b:c99f119943]:
    [list:c99f119943][*:c99f119943]Klik nu eerst op OK om de melding weg te klikken
    [*:c99f119943]Klik vervolgens rechtsonder op de knop Bekijk resultaten.
    [*:c99f119943]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
    [*:c99f119943]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [*:c99f119943]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
    [*:c99f119943]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:c99f119943]
    [b:c99f119943]MBAM-Log[/b:c99f119943]:
    [list:c99f119943][*:c99f119943] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:c99f119943]
    [b:c99f119943]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:c99f119943]


    [b:c99f119943]Stap •4•[/b:c99f119943][/color:c99f119943]
    [b:c99f119943]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:c99f119943]
    [list:c99f119943][*:c99f119943] MBAM scanlog[/list:u:c99f119943]
  • Hallo,

    Bedankt voor je antwoord! Ik heb beide scans uitgevoerd en ze hebben allebei niks gevonden. Hier is de MBAM log:

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Databaseversie: 7694

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    11-9-2011 12:49:58
    mbam-log-2011-09-11 (12-49-58).txt

    Scantype: Snelle scan
    Objecten gescand: 205886
    Verstreken tijd: 12 minuut/minuten, 43 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)
  • Dan gaan we naar de volgende stappen:

    [b:ce0eb78748]Stap •1•[/b:ce0eb78748][/color:ce0eb78748]
    [[b:ce0eb78748]Welk programma[/b:ce0eb78748]: Kaspersky [b:ce0eb78748]TDSSKiller[/b:ce0eb78748]
    [b:ce0eb78748]Waarvoor/waarom[/b:ce0eb78748]: Rootkitscanner
    [b:ce0eb78748]Moeilijkheidsgraad[/b:ce0eb78748]: geen
    [b:ce0eb78748]Downloadlokatie[/b:ce0eb78748]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
    [b:ce0eb78748]Download[/b:ce0eb78748] [b:ce0eb78748]TDSSKiller[/b:ce0eb78748] [b:ce0eb78748]hier[/b:ce0eb78748].

    [b:ce0eb78748]Installatie[/b:ce0eb78748]:
    [list:ce0eb78748][*:ce0eb78748] pak het bestand uit op je bureaublad.[/list:u:ce0eb78748]

    [b:ce0eb78748]TDSSKiller gebruiken[/b:ce0eb78748]:
    [list:ce0eb78748][*:ce0eb78748]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe.
    [*:ce0eb78748]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:ce0eb78748]Als Administrator uitvoeren[/b:ce0eb78748].
    [*:ce0eb78748]Idien TDSSKiller met een bericht komt over een beschikbare update, dan voer je deze eerst uit.[/list:u:ce0eb78748]
    [img:ce0eb78748]http://www.imgdumper.nl/uploads4/4dc1d6438f791/4dc1d6438d897-TDSSKiller_2011-05-05_00-26-21.jpg[/img:ce0eb78748]

    [list:ce0eb78748][*:ce0eb78748]Klik vervolgens op de knop [b:ce0eb78748]"Start Scan"[/b:ce0eb78748] en volg de instructies.
    [*:ce0eb78748] Nadat de scan klaar is klik je op de knop [b:ce0eb78748]"Report"[/b:ce0eb78748].
    [*:ce0eb78748]Er opent een kladblokbestand. Post de inhoud van dit bestand.
    [list:ce0eb78748][*:ce0eb78748][b:ce0eb78748]Herstart de pc indien TDSSKiller die optie aangeeft (Reboot now).[/b:ce0eb78748]
    [*:ce0eb78748]Wanneer het opnieuw opstarten noodzakelijk is, vind je de logfile in [b:ce0eb78748]C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt[/b:ce0eb78748][/list:u:ce0eb78748][/list:u:ce0eb78748]


    [b:ce0eb78748]Stap •2•[/b:ce0eb78748][/color:ce0eb78748]
    [b:ce0eb78748]Welk programma[/b:ce0eb78748]: "aswMBR.exe'
    [b:ce0eb78748]Waarvoor/waarom[/b:ce0eb78748]: MBR-Rootkitscanner
    [b:ce0eb78748]Moeilijkheidsgraad[/b:ce0eb78748]: geen
    [b:ce0eb78748]Downloadlokatie[/b:ce0eb78748]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
    [b:ce0eb78748]Download[/b:ce0eb78748] [b:ce0eb78748]aswMBR.exe[/b:ce0eb78748] [b:ce0eb78748]hier[/b:ce0eb78748].


    [b:ce0eb78748]aswMBR.exe gebruiken[/b:ce0eb78748]:
    [list:ce0eb78748][*:ce0eb78748]Windows 2000 en Windows XP: start "aswMBR.exe" middels dubbelklik op "aswMBR.exe".
    [*:ce0eb78748]Windows Vista en Windows 7: start "aswMBR.exe" middels rechtsklik op "aswMBR.exe" en kies jij voor [b:ce0eb78748]Als Administrator uitvoeren[/b:ce0eb78748].[/list:u:ce0eb78748]

    [img:ce0eb78748]http://www.imgdumper.nl/uploads4/4db3f87694fe9/4db3f87693886-aswmbrscan.gif[/img:ce0eb78748]
    [list:ce0eb78748][*:ce0eb78748] Klik nu in het zwarte scherm op de knop [b:ce0eb78748]Scan[/b:ce0eb78748]
    [*:ce0eb78748] Als de melding "Scan finished successfully" komt, klik dan vervolgens op de knop [b:ce0eb78748]Save log[/b:ce0eb78748][/list:u:ce0eb78748]
    [img:ce0eb78748]http://www.imgdumper.nl/uploads4/4db3f8e71343a/4db3f8e71288d-aswmbrsavelog.gif[/img:ce0eb78748]
    [list:ce0eb78748][*:ce0eb78748] Het makkelijkst is het, als opslaglokatie voor het log gewoon het bureaublad te kiezen.
    [*:ce0eb78748] Tevens vindt je nu op het bureaublad ook het bestand [b:ce0eb78748]MBR.dat[/b:ce0eb78748]!
    [*:ce0eb78748] [b:ce0eb78748]MBR.dat[/b:ce0eb78748] is een backupbestand, bewaar dat dus voorlopig.
    [*:ce0eb78748] Ook op het bureaublad staat een kladbloktekst-document genaamd [b:ce0eb78748]aswMBR.txt[/b:ce0eb78748]
    [*:ce0eb78748] Post de inhoud van [b:ce0eb78748]aswMBR.txt[/b:ce0eb78748] in jouw volgende bericht.[/list:u:ce0eb78748]

    [b:ce0eb78748]Stap •3•[/b:ce0eb78748][/color:ce0eb78748]
    [b:ce0eb78748]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:ce0eb78748]
    [list:ce0eb78748][*:ce0eb78748] TDSSKiller-log
    [*:ce0eb78748] aswMBR.txt-log
    [/list:u:ce0eb78748]
  • Hier is de TDSS log:

    2011/09/11 13:48:09.0080 5676 TDSS rootkit removing tool 2.5.21.0 Sep 10 2011 21:07:05
    2011/09/11 13:48:11.0124 5676 ================================================================================
    2011/09/11 13:48:11.0124 5676 SystemInfo:
    2011/09/11 13:48:11.0124 5676
    2011/09/11 13:48:11.0124 5676 OS Version: 6.0.6002 ServicePack: 2.0
    2011/09/11 13:48:11.0124 5676 Product type: Workstation
    2011/09/11 13:48:11.0124 5676 ComputerName: PC_VAN_NIELS
    2011/09/11 13:48:11.0124 5676 UserName: Niels
    2011/09/11 13:48:11.0124 5676 Windows directory: C:\Windows
    2011/09/11 13:48:11.0124 5676 System windows directory: C:\Windows
    2011/09/11 13:48:11.0124 5676 Processor architecture: Intel x86
    2011/09/11 13:48:11.0124 5676 Number of processors: 4
    2011/09/11 13:48:11.0124 5676 Page size: 0x1000
    2011/09/11 13:48:11.0124 5676 Boot type: Normal boot
    2011/09/11 13:48:11.0124 5676 ================================================================================
    2011/09/11 13:48:12.0762 5676 Initialize success
    2011/09/11 13:48:21.0842 5216 ================================================================================
    2011/09/11 13:48:21.0842 5216 Scan started
    2011/09/11 13:48:21.0842 5216 Mode: Manual;
    2011/09/11 13:48:21.0842 5216 ================================================================================
    2011/09/11 13:48:23.0137 5216 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2011/09/11 13:48:23.0200 5216 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    2011/09/11 13:48:23.0246 5216 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    2011/09/11 13:48:23.0278 5216 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    2011/09/11 13:48:23.0293 5216 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    2011/09/11 13:48:23.0356 5216 afcdp (53696ad8ffc5fac51949a525ff65a689) C:\Windows\system32\DRIVERS\afcdp.sys
    2011/09/11 13:48:23.0418 5216 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    2011/09/11 13:48:23.0465 5216 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    2011/09/11 13:48:23.0512 5216 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/09/11 13:48:23.0527 5216 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    2011/09/11 13:48:23.0543 5216 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    2011/09/11 13:48:23.0621 5216 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    2011/09/11 13:48:23.0636 5216 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    2011/09/11 13:48:23.0683 5216 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    2011/09/11 13:48:23.0714 5216 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    2011/09/11 13:48:23.0746 5216 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    2011/09/11 13:48:23.0792 5216 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/09/11 13:48:23.0824 5216 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2011/09/11 13:48:23.0855 5216 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/09/11 13:48:24.0058 5216 BHDrvx86 (378a5e067c170dc6046226ba61ff205f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110901.001\BHDrvx86.sys
    2011/09/11 13:48:24.0104 5216 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    2011/09/11 13:48:24.0151 5216 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    2011/09/11 13:48:24.0182 5216 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/09/11 13:48:24.0214 5216 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/09/11 13:48:24.0245 5216 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/09/11 13:48:24.0276 5216 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/09/11 13:48:24.0292 5216 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/09/11 13:48:24.0307 5216 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/09/11 13:48:24.0370 5216 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
    2011/09/11 13:48:24.0401 5216 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/09/11 13:48:24.0448 5216 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/09/11 13:48:24.0510 5216 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
    2011/09/11 13:48:24.0573 5216 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
    2011/09/11 13:48:24.0651 5216 Bulk (55ab75750f162b5c05de7e71d970c1c7) C:\Windows\system32\Drivers\HDJBulk.sys
    2011/09/11 13:48:24.0713 5216 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/09/11 13:48:24.0853 5216 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/09/11 13:48:24.0885 5216 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    2011/09/11 13:48:24.0947 5216 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\Windows\system32\DRIVERS\cledx.sys
    2011/09/11 13:48:24.0978 5216 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2011/09/11 13:48:25.0025 5216 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    2011/09/11 13:48:25.0041 5216 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
    2011/09/11 13:48:25.0056 5216 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    2011/09/11 13:48:25.0087 5216 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    2011/09/11 13:48:25.0197 5216 CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder\SysInfo.sys
    2011/09/11 13:48:25.0243 5216 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    2011/09/11 13:48:25.0368 5216 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2011/09/11 13:48:25.0415 5216 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
    2011/09/11 13:48:25.0431 5216 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    2011/09/11 13:48:25.0462 5216 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
    2011/09/11 13:48:25.0509 5216 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/09/11 13:48:25.0571 5216 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/09/11 13:48:25.0680 5216 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/09/11 13:48:25.0727 5216 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2011/09/11 13:48:25.0821 5216 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    2011/09/11 13:48:25.0867 5216 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    2011/09/11 13:48:25.0945 5216 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2011/09/11 13:48:25.0977 5216 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    2011/09/11 13:48:26.0039 5216 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2011/09/11 13:48:26.0070 5216 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2011/09/11 13:48:26.0086 5216 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/09/11 13:48:26.0133 5216 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/09/11 13:48:26.0148 5216 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/09/11 13:48:26.0180 5216 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/09/11 13:48:26.0211 5216 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2011/09/11 13:48:26.0242 5216 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/09/11 13:48:26.0273 5216 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/09/11 13:48:26.0304 5216 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/09/11 13:48:26.0367 5216 hamachi (85f4e4617dbd603c2202354cedfdf249) C:\Windows\system32\DRIVERS\hamachi.sys
    2011/09/11 13:48:26.0445 5216 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
    2011/09/11 13:48:26.0741 5216 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/09/11 13:48:26.0788 5216 HDJAsioK (54711b0e2150c1e2ce5ab308fb2d0724) C:\Windows\system32\Drivers\HDJAsioK.sys
    2011/09/11 13:48:26.0819 5216 HDJMidi (cb935a642afe4db1a43a7b3bf943447e) C:\Windows\system32\DRIVERS\HDJMidi.sys
    2011/09/11 13:48:26.0975 5216 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/09/11 13:48:27.0006 5216 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/09/11 13:48:27.0053 5216 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/09/11 13:48:27.0100 5216 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    2011/09/11 13:48:27.0162 5216 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2011/09/11 13:48:27.0194 5216 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    2011/09/11 13:48:27.0225 5216 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/09/11 13:48:27.0240 5216 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    2011/09/11 13:48:27.0412 5216 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110909.030\IDSvix86.sys
    2011/09/11 13:48:27.0443 5216 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/09/11 13:48:27.0490 5216 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2011/09/11 13:48:27.0506 5216 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/09/11 13:48:27.0537 5216 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/09/11 13:48:27.0584 5216 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    2011/09/11 13:48:27.0599 5216 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/09/11 13:48:27.0662 5216 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/09/11 13:48:27.0677 5216 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    2011/09/11 13:48:27.0724 5216 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/09/11 13:48:27.0740 5216 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/09/11 13:48:27.0755 5216 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/09/11 13:48:27.0771 5216 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/09/11 13:48:27.0802 5216 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/09/11 13:48:27.0849 5216 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2011/09/11 13:48:27.0911 5216 L1E (24abddeb766c8459f9d562eb083b6cb8) C:\Windows\system32\DRIVERS\L1E60x86.sys
    2011/09/11 13:48:27.0942 5216 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/09/11 13:48:27.0974 5216 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    2011/09/11 13:48:27.0989 5216 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    2011/09/11 13:48:28.0021 5216 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/09/11 13:48:28.0036 5216 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/09/11 13:48:28.0099 5216 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
    2011/09/11 13:48:28.0255 5216 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    2011/09/11 13:48:28.0301 5216 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    2011/09/11 13:48:28.0348 5216 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
    2011/09/11 13:48:28.0395 5216 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
    2011/09/11 13:48:28.0411 5216 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/09/11 13:48:28.0442 5216 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/09/11 13:48:28.0442 5216 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/09/11 13:48:28.0473 5216 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/09/11 13:48:28.0489 5216 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/09/11 13:48:28.0520 5216 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    2011/09/11 13:48:28.0551 5216 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/09/11 13:48:28.0567 5216 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/09/11 13:48:28.0613 5216 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2011/09/11 13:48:28.0660 5216 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/09/11 13:48:28.0754 5216 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/09/11 13:48:28.0769 5216 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/09/11 13:48:28.0785 5216 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
    2011/09/11 13:48:28.0816 5216 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    2011/09/11 13:48:28.0847 5216 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/09/11 13:48:28.0879 5216 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/09/11 13:48:28.0957 5216 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/09/11 13:48:28.0972 5216 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/09/11 13:48:28.0988 5216 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/09/11 13:48:29.0050 5216 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2011/09/11 13:48:29.0081 5216 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/09/11 13:48:29.0097 5216 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/09/11 13:48:29.0144 5216 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
    2011/09/11 13:48:29.0175 5216 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2011/09/11 13:48:29.0222 5216 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS
    wifi.sys
    2011/09/11 13:48:29.0315 5216 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110910.002\NAVENG.SYS
    2011/09/11 13:48:29.0378 5216 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110910.002\NAVEX15.SYS
    2011/09/11 13:48:29.0471 5216 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers
    dis.sys
    2011/09/11 13:48:29.0487 5216 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS
    distapi.sys
    2011/09/11 13:48:29.0518 5216 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS
    disuio.sys
    2011/09/11 13:48:29.0565 5216 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS
    diswan.sys
    2011/09/11 13:48:29.0581 5216 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/09/11 13:48:29.0627 5216 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS
    etbios.sys
    2011/09/11 13:48:29.0705 5216 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS
    etbt.sys
    2011/09/11 13:48:29.0783 5216 netr28u (af14f279bf4ac27560c6bcc82cb09d24) C:\Windows\system32\DRIVERS
    etr28u.sys
    2011/09/11 13:48:29.0830 5216 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers
    frd960.sys
    2011/09/11 13:48:29.0877 5216 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2011/09/11 13:48:29.0908 5216 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers
    siproxy.sys
    2011/09/11 13:48:29.0986 5216 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2011/09/11 13:48:30.0002 5216 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers
    trigdigi.sys
    2011/09/11 13:48:30.0033 5216 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/09/11 13:48:30.0298 5216 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS
    vlddmkm.sys
    2011/09/11 13:48:30.0579 5216 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers
    vraid.sys
    2011/09/11 13:48:30.0595 5216 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers
    vstor.sys
    2011/09/11 13:48:30.0626 5216 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers
    v_agp.sys
    2011/09/11 13:48:30.0751 5216 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/09/11 13:48:30.0813 5216 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/09/11 13:48:30.0860 5216 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2011/09/11 13:48:30.0876 5216 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/09/11 13:48:30.0907 5216 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2011/09/11 13:48:30.0938 5216 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
    2011/09/11 13:48:30.0954 5216 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/09/11 13:48:31.0000 5216 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/09/11 13:48:31.0094 5216 pnarp (63200893c9d5934a7504d20f68276cc7) C:\Windows\system32\DRIVERS\pnarp.sys
    2011/09/11 13:48:31.0125 5216 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/09/11 13:48:31.0141 5216 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    2011/09/11 13:48:31.0188 5216 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2011/09/11 13:48:31.0219 5216 purendis (748bcab4eff5959ed347c05a1c1a0af8) C:\Windows\system32\DRIVERS\purendis.sys
    2011/09/11 13:48:31.0266 5216 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/09/11 13:48:31.0328 5216 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    2011/09/11 13:48:31.0375 5216 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/09/11 13:48:31.0406 5216 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/09/11 13:48:31.0422 5216 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/09/11 13:48:31.0437 5216 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/09/11 13:48:31.0484 5216 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/09/11 13:48:31.0500 5216 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/09/11 13:48:31.0546 5216 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/09/11 13:48:31.0578 5216 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/09/11 13:48:31.0656 5216 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    2011/09/11 13:48:31.0749 5216 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/09/11 13:48:31.0781 5216 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2011/09/11 13:48:31.0827 5216 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/09/11 13:48:31.0859 5216 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/09/11 13:48:31.0952 5216 RVIEG01 (93f66faea8bf047d4242ac85aada403d) C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys
    2011/09/11 13:48:32.0015 5216 RVIEGVST (3c74d9fdb1d9831ec932e89f3d874f00) C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys
    2011/09/11 13:48:32.0077 5216 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    2011/09/11 13:48:32.0108 5216 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    2011/09/11 13:48:32.0186 5216 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/09/11 13:48:32.0264 5216 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/09/11 13:48:32.0311 5216 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
    2011/09/11 13:48:32.0358 5216 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
    2011/09/11 13:48:32.0389 5216 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/09/11 13:48:32.0436 5216 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    2011/09/11 13:48:32.0451 5216 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/09/11 13:48:32.0467 5216 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    2011/09/11 13:48:32.0483 5216 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/09/11 13:48:32.0545 5216 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    2011/09/11 13:48:32.0561 5216 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    2011/09/11 13:48:32.0592 5216 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    2011/09/11 13:48:32.0654 5216 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2011/09/11 13:48:32.0732 5216 snapman (eb49860e776ce860dc3cfb9edb1ba517) C:\Windows\system32\DRIVERS\snapman.sys
    2011/09/11 13:48:32.0795 5216 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/09/11 13:48:32.0841 5216 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\Windows\system32\Drivers\sptd.sys
    2011/09/11 13:48:32.0841 5216 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e
    2011/09/11 13:48:32.0857 5216 sptd - detected LockedFile.Multi.Generic (1)
    2011/09/11 13:48:32.0919 5216 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS
    2011/09/11 13:48:32.0951 5216 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
    2011/09/11 13:48:32.0982 5216 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    2011/09/11 13:48:33.0029 5216 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    2011/09/11 13:48:33.0044 5216 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/09/11 13:48:33.0075 5216 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/09/11 13:48:33.0107 5216 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/09/11 13:48:33.0138 5216 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS
    2011/09/11 13:48:33.0185 5216 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS
    2011/09/11 13:48:33.0231 5216 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
    2011/09/11 13:48:33.0278 5216 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS
    2011/09/11 13:48:33.0309 5216 SYMTDIv (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS
    2011/09/11 13:48:33.0341 5216 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/09/11 13:48:33.0372 5216 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/09/11 13:48:33.0419 5216 SynasUSB (85557234b421d99c87d46e57248793f0) C:\Windows\system32\drivers\SynasUSB.sys
    2011/09/11 13:48:33.0528 5216 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
    2011/09/11 13:48:33.0575 5216 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/09/11 13:48:33.0606 5216 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2011/09/11 13:48:33.0622 5216 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/09/11 13:48:33.0684 5216 tdrpman273 (431801fcc97034e04a6eff81136578d7) C:\Windows\system32\DRIVERS\tdrpm273.sys
    2011/09/11 13:48:33.0762 5216 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/09/11 13:48:33.0793 5216 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2011/09/11 13:48:33.0856 5216 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2011/09/11 13:48:33.0918 5216 timounter (a34d7024bb7140ec785c86bc065d4f60) C:\Windows\system32\DRIVERS\timntr.sys
    2011/09/11 13:48:33.0980 5216 TotRec7 (2bfe28bbf9b5d7e68bf6e0abe9b44248) C:\Windows\system32\drivers\TotRec7.sys
    2011/09/11 13:48:34.0027 5216 TotRec8 (6d7eb4aab1a31ad47957e97abd849dc8) C:\Windows\system32\drivers\TotRec8.sys
    2011/09/11 13:48:34.0058 5216 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/09/11 13:48:34.0152 5216 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/09/11 13:48:34.0230 5216 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/09/11 13:48:34.0292 5216 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    2011/09/11 13:48:34.0339 5216 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2011/09/11 13:48:34.0386 5216 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    2011/09/11 13:48:34.0433 5216 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    2011/09/11 13:48:34.0464 5216 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/09/11 13:48:34.0480 5216 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/09/11 13:48:34.0511 5216 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/09/11 13:48:34.0573 5216 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    2011/09/11 13:48:34.0667 5216 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    2011/09/11 13:48:34.0792 5216 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/09/11 13:48:34.0901 5216 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/09/11 13:48:34.0979 5216 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/09/11 13:48:35.0026 5216 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/09/11 13:48:35.0057 5216 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/09/11 13:48:35.0119 5216 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/09/11 13:48:35.0213 5216 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/09/11 13:48:35.0228 5216 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/09/11 13:48:35.0369 5216 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/09/11 13:48:35.0525 5216 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/09/11 13:48:35.0541 5216 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/09/11 13:48:35.0556 5216 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    2011/09/11 13:48:35.0572 5216 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    2011/09/11 13:48:35.0587 5216 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    2011/09/11 13:48:35.0619 5216 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/09/11 13:48:35.0681 5216 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2011/09/11 13:48:35.0712 5216 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2011/09/11 13:48:35.0775 5216 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    2011/09/11 13:48:35.0821 5216 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/09/11 13:48:35.0837 5216 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/11 13:48:35.0853 5216 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/11 13:48:35.0884 5216 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    2011/09/11 13:48:35.0899 5216 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2011/09/11 13:48:35.0993 5216 WinDriver6 (0a597f84bc8af4229b529f655bb2ba14) C:\Windows\system32\drivers\windrvr6.sys
    2011/09/11 13:48:36.0040 5216 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
    2011/09/11 13:48:36.0102 5216 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/09/11 13:48:36.0180 5216 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/09/11 13:48:36.0211 5216 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/09/11 13:48:36.0274 5216 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    2011/09/11 13:48:36.0289 5216 Boot (0x1200) (deaedb85d1c3d9dc8c6f5fdb3d902c65) \Device\Harddisk0\DR0\Partition0
    2011/09/11 13:48:36.0289 5216 ================================================================================
    2011/09/11 13:48:36.0289 5216 Scan finished
    2011/09/11 13:48:36.0289 5216 ================================================================================
    2011/09/11 13:48:36.0305 4520 Detected object count: 1
    2011/09/11 13:48:36.0305 4520 Actual detected object count: 1
    2011/09/11 13:48:47.0944 4520 LockedFile.Multi.Generic(sptd) - User select action: Skip


    Hier is de andere log:

    aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
    Run date: 2011-09-11 13:52:06
    —————————–
    13:52:06.660 OS Version: Windows 6.0.6002 Service Pack 2
    13:52:06.660 Number of processors: 4 586 0xF0B
    13:52:06.660 ComputerName: PC_VAN_NIELS UserName: Niels
    13:52:07.518 Initialize success
    13:52:10.877 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    13:52:10.877 Disk 0 Vendor: SAMSUNG_HD322HJ 1AC01113 Size: 305245MB BusType: 3
    13:52:12.921 Disk 0 MBR read successfully
    13:52:12.921 Disk 0 MBR scan
    13:52:12.921 Disk 0 Windows VISTA default MBR code
    13:52:12.921 Disk 0 scanning sectors +625139712
    13:52:12.983 Disk 0 scanning C:\Windows\system32\drivers
    13:52:19.551 Service scanning
    13:52:20.472 Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
    13:52:20.550 Service NTACCESS E:\NTACCESS.sys **LOCKED** 21
    13:52:20.597 Service SetupNTGLM7X E:\NTGLM7X.sys **LOCKED** 21
    13:52:20.612 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    13:52:21.189 Modules scanning
    13:52:38.944 Disk 0 trace - called modules:
    13:52:38.960 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x859041f8]<<
    13:52:38.960 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c052b8]
    13:52:38.975 3 CLASSPNP.SYS[8913b8b3] -> nt!IofCallDriver -> [0x85a20918]
    13:52:38.975 5 acpi.sys[807c06bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x859feb98]
    13:52:38.975 \Driver\atapi[0x859de7d8] -> IRP_MJ_CREATE -> 0x859041f8
    13:52:38.991 Scan finished successfully
    13:52:46.761 Disk 0 MBR has been saved successfully to "C:\Users\Niels\Desktop\MBR.dat"
    13:52:46.776 The log file has been saved successfully to "C:\Users\Niels\Desktop\aswMBR.txt"
  • Hoi Niellus, prima en goed gedaan.
    De HD heeft een gezonde MBR.

    Je mag beide tools naarde prullenbak doen, de log enz. ook (C:\TDSSKiller ook).

    [b:4bd3a23ab0]Welk programma[/b:4bd3a23ab0]: ComboFix
    [b:4bd3a23ab0]Waarvoor/waarom[/b:4bd3a23ab0]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:4bd3a23ab0]Moeilijkheidsgraad[/b:4bd3a23ab0]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:4bd3a23ab0]Downloadlokatie[/b:4bd3a23ab0]: Dit programma absoluut naar het bureaublad downloaden!
    [b:4bd3a23ab0]Download ComboFix via één van deze locaties[/b:4bd3a23ab0]:
    [list:4bd3a23ab0][*:4bd3a23ab0][b:4bd3a23ab0]Bleepingcomputer[/b:4bd3a23ab0]
    [*:4bd3a23ab0][b:4bd3a23ab0]ForoSpyware[/b:4bd3a23ab0]
    [*:4bd3a23ab0][b:4bd3a23ab0]Geekstogo[/b:4bd3a23ab0][/list:u:4bd3a23ab0]
    [b:4bd3a23ab0]Hier[/b:4bd3a23ab0] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:4bd3a23ab0]Hier[/b:4bd3a23ab0] en [b:4bd3a23ab0]hier[/b:4bd3a23ab0] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:4bd3a23ab0]Voor alle duidelijkheid nogmaals[/b:4bd3a23ab0]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:4bd3a23ab0]Opmerkingen[/b:4bd3a23ab0]:
    [list:4bd3a23ab0][*:4bd3a23ab0] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:4bd3a23ab0]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:4bd3a23ab0]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:4bd3a23ab0]
    [b:4bd3a23ab0]ComboFix is opgestart[/b:4bd3a23ab0]:
    [list:4bd3a23ab0][*:4bd3a23ab0]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:4bd3a23ab0]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:4bd3a23ab0]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:4bd3a23ab0]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:4bd3a23ab0]Post de inhoud van dit logbestand in je volgende bericht.
    [*:4bd3a23ab0]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:4bd3a23ab0]
    [b:4bd3a23ab0]Belangrijke opmerking[/b:4bd3a23ab0]:
    [list:4bd3a23ab0][*:4bd3a23ab0][b:4bd3a23ab0]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:4bd3a23ab0][/b:4bd3a23ab0]
    [*:4bd3a23ab0][b:4bd3a23ab0]Illegal operation attempted on a registery key that has been marked for deletion.[/color:4bd3a23ab0][/b:4bd3a23ab0]
    [*:4bd3a23ab0][b:4bd3a23ab0]Start dan de computer opnieuw op.[/color:4bd3a23ab0][/b:4bd3a23ab0][/list:u:4bd3a23ab0]
  • Hier is de inhoud van het logbestand:

    ComboFix 11-09-11.02 - Niels 11-09-2011 19:15:51.1.4 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2046.809 [GMT 2:00]
    Gestart vanuit: c:\users\Niels\Desktop\ComboFix.exe
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Niels\AppData\Local\Windows Server
    c:\users\Niels\AppData\Local\Windows Server\uses32.dat
    c:\users\Niels\AppData\Roaming\inst.exe
    c:\users\Niels\AppData\Roaming\Nielslog.dat
    c:\users\Niels\AppData\Roaming\pcouffin.sys
    c:\users\Niels\AppData\Roaming\Secure-Soft Bot
    c:\users\Niels\AppData\Roaming\Secure-Soft Bot\Server - kopie (2).exe
    c:\users\Niels\AppData\Roaming\Secure-Soft Bot\Server - kopie.exe
    c:\windows\system32
    vdispco3220150.dll
    c:\windows\system32\winservice.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-08-11 to 2011-09-11 ))))))))))))))))))))))))))))))
    .
    .
    2011-09-11 17:41 . 2011-09-11 17:42 ——– d—–w- c:\users\Niels\AppData\Local\temp
    2011-09-11 17:41 . 2011-09-11 17:41 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
    2011-09-11 17:41 . 2011-09-11 17:41 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-09-10 18:38 . 2011-07-06 17:52 41272 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-09-10 18:38 . 2011-09-10 18:38 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-10 18:38 . 2011-07-06 17:52 22712 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-10 10:59 . 2011-09-10 10:59 388096 —-a-r- c:\users\Niels\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-08-28 10:25 . 2011-08-28 10:25 ——– d—–w- c:\program files\iPod
    2011-08-28 10:25 . 2011-08-28 10:26 ——– d—–w- c:\program files\iTunes
    2011-08-28 10:22 . 2011-08-28 10:22 159744 —-a-w- c:\program files\Internet Explorer\Plugins
    pqtplugin7.dll
    2011-08-28 10:22 . 2011-08-28 10:22 159744 —-a-w- c:\program files\Internet Explorer\Plugins
    pqtplugin6.dll
    2011-08-28 10:22 . 2011-08-28 10:22 159744 —-a-w- c:\program files\Internet Explorer\Plugins
    pqtplugin5.dll
    2011-08-28 10:22 . 2011-08-28 10:22 159744 —-a-w- c:\program files\Internet Explorer\Plugins
    pqtplugin4.dll
    2011-08-28 10:22 . 2011-08-28 10:22 159744 —-a-w- c:\program files\Internet Explorer\Plugins
    pqtplugin3.dll
    2011-08-28 10:22 . 2011-08-28 10:22 159744 —-a-w- c:\program files\Internet Explorer\Plugins
    pqtplugin2.dll
    2011-08-28 10:22 . 2011-08-28 10:22 159744 —-a-w- c:\program files\Internet Explorer\Plugins
    pqtplugin.dll
    2011-08-28 10:22 . 2011-08-28 10:22 ——– d—–w- c:\program files\QuickTime
    2011-08-28 10:18 . 2011-08-28 10:18 ——– d—–w- c:\program files\Bonjour
    2011-08-27 14:08 . 2011-08-27 14:08 ——– d—–w- c:\windows\system32\systemk32
    2011-08-26 08:30 . 2011-08-27 07:25 ——– d—–w- c:\users\Niels\AppData\Roaming\Vso
    2011-08-26 08:28 . 2011-08-28 15:59 ——– d—–w- c:\users\Niels\AppData\Roaming\systemk32
    2011-08-24 12:12 . 2011-07-11 13:25 2048 —-a-w- c:\windows\system32\tzres.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-17 11:50 . 2011-05-24 18:26 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-28 09:25 . 2008-01-21 02:23 348160 —-a-w- c:\windows\system32\msvcr71.dll
    2011-07-28 09:25 . 2003-03-18 21:14 499712 —-a-w- c:\windows\system32\msvcp71.dll
    2011-07-22 02:54 . 2011-08-10 22:56 1797632 —-a-w- c:\windows\system32\jscript9.dll
    2011-07-22 02:48 . 2011-08-10 22:56 1126912 —-a-w- c:\windows\system32\wininet.dll
    2011-07-22 02:44 . 2011-08-10 22:56 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-07-20 14:22 . 2009-01-10 12:38 722416 —-a-w- c:\windows\system32\drivers\sptd.sys
    2011-07-12 09:20 . 2011-07-12 09:20 83816 —-a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 09:20 . 2011-07-12 09:20 73064 —-a-w- c:\windows\system32\dnssd.dll
    2011-07-12 09:20 . 2011-07-12 09:20 50536 —-a-w- c:\windows\system32\jdns_sd.dll
    2011-07-12 09:20 . 2011-07-12 09:20 178536 —-a-w- c:\windows\system32\dnssdX.dll
    2011-07-07 11:34 . 2008-11-23 18:31 138184 —-a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2011-07-07 11:34 . 2008-11-23 18:26 183112 —-a-w- c:\windows\system32\PnkBstrB.exe
    2011-07-06 15:31 . 2011-08-10 11:00 214016 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-07-05 16:37 . 2011-07-05 16:37 94208 —-a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-07-05 16:37 . 2011-07-05 16:37 69632 —-a-w- c:\windows\system32\QuickTime.qts
    2011-07-01 17:23 . 2008-11-23 18:26 66872 —-a-w- c:\windows\system32\PnkBstrA.exe
    2011-06-29 11:50 . 2011-06-29 11:50 167968 —-a-w- c:\windows\system32\drivers\afcdp.sys
    2011-06-29 11:50 . 2011-06-29 11:50 752128 —-a-w- c:\windows\system32\drivers\tdrpm273.sys
    2011-06-29 11:50 . 2011-06-29 11:50 600928 —-a-w- c:\windows\system32\drivers\timntr.sys
    2011-06-29 11:50 . 2011-06-29 11:50 170528 —-a-w- c:\windows\system32\drivers\snapman.sys
    2011-06-20 08:54 . 2011-08-10 11:00 3602832 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2011-06-20 08:54 . 2011-08-10 11:00 3550096 —-a-w- c:\windows\system32
    toskrnl.exe
    2011-06-18 08:00 . 2010-03-01 17:00 416 —-a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
    2011-06-17 20:13 . 2011-08-10 11:00 905104 —-a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-17 16:03 . 2011-08-10 11:00 375808 —-a-w- c:\windows\system32\winsrv.dll
    2009-07-16 09:44 . 2009-07-16 09:44 573624 —-a-w- c:\program files\ThreeShipsIEHelper.dll
    2003-03-18 20:14 . 2003-03-18 20:14 499712 —-a-w- c:\program files\msvcp71.dll
    2003-02-21 04:42 . 2003-02-21 04:42 348160 —-a-w- c:\program files\msvcr71.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "Steam"="c:\program files\steam\steam.exe" [2011-08-02 1242448]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-09-18 205976]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
    "CONNECTScheduler"="c:\program files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" [2005-11-15 69632]
    "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform
    mctxth.exe" [2008-12-12 642856]
    "Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-15 1358384]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-16 2536752]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-20 5571928]
    "Acronis Scheduler2Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-20 390512]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-28 273544]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
    .
    c:\users\Niels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Registratie van FIFA 11.lnk - c:\program files\EA Sports\FIFA 11\Support\EAregister.exe [N/A]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    CONNECTAUTrayApp.lnk - c:\program files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe [2005-11-15 114688]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux5"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2008-06-04 60928]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
    R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [2008-07-11 131584]
    R3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2008-06-04 95744]
    R3 hitmanpro3;Hitman Pro 3 Support Driver;c:\windows\system32\drivers\hitmanpro3.sys [x]
    R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [x]
    R3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [x]
    R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2002-11-25 16896]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-07-20 722416]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568]
    S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-06-29 752128]
    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110901.001\BHDrvx86.sys [2011-09-02 815736]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110909.030\IDSvix86.sys [2011-08-18 368248]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS [2011-03-22 331384]
    S2 afcdpsrv;Acronis Nonstop Backup-service ;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-06-29 3246040]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
    S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
    S2 RVIEGVST;VSC VST Engine;c:\program files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [2001-04-13 188276]
    S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-06-29 167968]
    S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 105592]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
    S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS
    etr28u.sys [2008-12-05 655872]
    S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2009-10-20 131152]
    S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2009-10-20 90192]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    yzjblqaf
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/ig?hl=nl&amp;source=iglk
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 172.19.3.1
    DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} - hxxp://www.kerkomroep.nl/ocx/sIKNPlayer.cab
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    SafeBoot-klmdb.sys
    AddRemove-Aangifte inkomstenbelasting 2009 - c:\users\Niels\Desktop\aangifte carlos2009\ib2009u.exe
    AddRemove-Aangifte inkomstenbelasting 2010 - f:\2010\ib2010u.exe
    AddRemove-USB_ANT_SIUSBXP_3_1&1004&0FCF - c:\windows\system32\Silabs\DriverUninstaller.exe USBXpress\USB_ANT_SIUSBXP_3_1&1004&0FCF
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-11 19:42
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_USERS\S-1-5-21-1422231524-2496150049-3347242632-1000\Software\SecuROM\License information*]
    "datasecu"=hex:fd,2d,56,ca,45,55,3e,51,b2,31,28,d1,91,4c,98,37,a3,ad,34,de,7a,
    2f,19,52,f5,06,90,a4,9c,ae,c6,d0,9d,22,e2,70,4a,29,74,f3,2b,e3,06,75,b3,2c,\
    "rkeysecu"=hex:74,43,62,8f,dc,2b,8b,b4,ca,85,4c,3f,01,9a,21,ca
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Voltooingstijd: 2011-09-11 19:46:42
    ComboFix-quarantined-files.txt 2011-09-11 17:46
    .
    Pre-Run: 148.946.038.784 bytes beschikbaar
    Post-Run: 150.760.046.592 bytes beschikbaar
    .
    - - End Of File - - 6933D049C3D03D09AD659F2A81C93EEE
  • Hoi Niels, krijg je nog steeds de foutmeldingen?

    En hoe draait jouw Windows inmiddels?
  • Nee, ik zie net dat de foutmelding verdwenen is en m'n Windows draait weer perfect!

    Hartelijk dank voor je tijd en hulp!
  • Hoi Niels = ik laat je nog niet gaan.
    Want zo mogelijk wil ik erachter komen, waarom jiij die bot-server in jouw Windows had!

    Internetbankier jij ook met deze PC?

    Dus: doe nu het volgende:

    [b:fe5aa4846f]Doe de ESET online scan (Klik).[/b:fe5aa4846f]
    [list:fe5aa4846f]
    [*:fe5aa4846f]Klik op de knop [b:fe5aa4846f]ESET Online Scanner[/b:fe5aa4846f]
    [*:fe5aa4846f]Zet een vinkje bij [b:fe5aa4846f]YES, I accept the Terms of Use[/b:fe5aa4846f]
    [*:fe5aa4846f]Klik op [b:fe5aa4846f]Start[/b:fe5aa4846f]
    [*:fe5aa4846f]Sta het ActiveX control toe om te installeren.
    [*:fe5aa4846f]Zet een vinkje bij de volgende opties:
    [list:fe5aa4846f][*:fe5aa4846f][b:fe5aa4846f]Remove found threats[/b:fe5aa4846f]
    [*:fe5aa4846f][b:fe5aa4846f]Scan archives[/b:fe5aa4846f][/list:u:fe5aa4846f]
    [*:fe5aa4846f]Klik vervolgens op [b:fe5aa4846f]"Advanced Settings"[/b:fe5aa4846f]
    [list:fe5aa4846f][*:fe5aa4846f][b:fe5aa4846f]Scan for potentially unwanted applications[/b:fe5aa4846f]
    [*:fe5aa4846f][b:fe5aa4846f]Scan for potentially unsafe applications[/b:fe5aa4846f]
    [*:fe5aa4846f][b:fe5aa4846f]Enable Anti-Stealth technology [/b:fe5aa4846f][/list:u:fe5aa4846f]
    [*:fe5aa4846f]Klik op [b:fe5aa4846f]Start[/b:fe5aa4846f]
    [*:fe5aa4846f]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
    [*:fe5aa4846f]is de scan klaar, klik dan op [b:fe5aa4846f]> List of found threats[/b:fe5aa4846f]
    [*:fe5aa4846f]Klik vervolgens op [b:fe5aa4846f]> Export to text file….[/b:fe5aa4846f]
    [*:fe5aa4846f]Als opslaglokatie Bureaublad en geef het kladblokbestand een duidelijke titel.
    [*:fe5aa4846f]Daarna mag jij het venster sluiten omdat de scan klaar is.
    [*:fe5aa4846f]Open vervolgens het log dat op je bureaublad staat.
    [*:fe5aa4846f]En kopieer en plak dan de inhoud van dit log in je volgende bericht.[/list:u:fe5aa4846f]
    N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller!
  • Dit is de log:

    C:\Program Files\Microsoft Office\Office12\AccessWeb\CLNTWRAP.HTM HTML/Iframe.B.Gen virus deleted - quarantined
    C:\Program Files\SopCast\adv\default\index.html HTML/Iframe.B.Gen virus deleted - quarantined
    C:\Users\Niels\AppData\Local\VirtualStore\Program Files\SopCast\adv\clips\54AA7341-FB3F-2750-C038-4906A1C923AA\index.html HTML/Iframe.B.Gen virus deleted - quarantined
    C:\Users\Niels\AppData\Roaming\7FB3E763D9EAF6E6320244D3273B444D\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
    C:\Users\Niels\Documents\Bladmuziek\Bladmuziek Robbert\hitmanpro30.exe Win32/Packed.Autoit.B.Gen application deleted - quarantined
    C:\Users\Niels\Documents\Setups\hitmanpro30.exe Win32/Packed.Autoit.B.Gen application deleted - quarantined
    C:\Users\Niels\Documents\Setups\MediaCoder-0.7.3.4685.exe Win32/OpenCandy application deleted - quarantined
    C:\Users\Niels\Downloads\Alcohol 120 70 Full version with serial\Alcohol 120 7 + serial -TrT\Alcohol 120 7 Setup.EXE Win32/Boberog.AZ worm deleted - quarantined
    C:\Users\Niels\Downloads\Norton Internet Security 2011 1850125 NL\Norton Internet Security 2011 18.5.0.125 NL\Crack\Crack.iso Win32/Packed.Autoit.E.Gen application deleted - quarantined
  • Hoi Niels:

    wat is dit: C:\Users\Niels\Downloads\Norton Internet Security 2011 1850125 NL\Norton Internet Security 2011 18.5.0.125 NL\Crack\Crack.iso

    Jij gebruikt Norton met een crack dus.
    Schijnveiligheid creëer je daardoor.

    Bovendien, raar maar waar - niet alles in Norton werkt zoals het zou moeten!

    Mijn advies verwijderen en overgaan op Avast en de PCTools firewall.

    Zie ook: http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=214466

    Norton removal: https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?docid=20081008062515NL&lg=dutch&ct=netherlands&product=home&version=1&pvid=f-home&entsrc=redirect_pubweb
  • Ok, zal ik doen!

    Hartelijk dank voor je tijd en hulp!!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.