Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

pandadomainadvisor

None
26 antwoorden
  • Sinds een paar dagen worden bijna alle links doorgelinkt naar www.pandadomainadvisor.com. Zelfs de startpagina wordt overgenomen,en
    daarvandaan kom je niet verder.
    Ik heb al diverse spyware en malware scans gedaan maar dat heeft niet geholpen.
    Wie heeft er een idee???
  • Hoi radlab, het volgende:

    [b:1668fe7b85]ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:1668fe7b85]
    [list:1668fe7b85][*:1668fe7b85]Lees alle instrukties goed door.
    [*:1668fe7b85]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat serieuze problemen in Windows veroorzaken.
    [*:1668fe7b85]Onthou je van het gebruik van tools cq. updates anders dan die ik jou adviseer te gebruiken.
    [*:1668fe7b85]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken.
    [*:1668fe7b85]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht.
    [*:1668fe7b85]De fix, eenmaal gestart, moet afgewerkt worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:1668fe7b85][/color:1668fe7b85]

    [b:1668fe7b85]Stap •1•[/b:1668fe7b85][/color:1668fe7b85]
    [b:1668fe7b85]Welk programma[/b:1668fe7b85]: Trend Micro [b:1668fe7b85]Hijack This Versie 2.0.4[/b:1668fe7b85]
    [b:1668fe7b85]Waarvoor/waarom[/b:1668fe7b85]: maakt een duidelijk overzicht van Windows door middel van een scan.
    [b:1668fe7b85]Moeilijkheidsgraad[/b:1668fe7b85]: geen, enkel Vista- en Win 7 gebruikers dienen even extra aandacht te geven.

    [b:1668fe7b85]Download[/b:1668fe7b85] de [b:1668fe7b85]HijackThis Installer[/b:1668fe7b85]

    [b:1668fe7b85]Installatie[/b:1668fe7b85]:
    [list:1668fe7b85][*:1668fe7b85]Installeer HijackThis op de aangegeven lokatie - daarmee wordt voorkomen dat eventuele back-ups niet terugvindbaar zijn![/list:u:1668fe7b85]
    Gebruikers van [b:1668fe7b85]Windows Vista[/b:1668fe7b85] en [b:1668fe7b85]Windows 7[/b:1668fe7b85] gaan daarna naar de installatielokatie van HijackThis.
    [list:1668fe7b85][*:1668fe7b85]Vervolgens met rechts "hijackthis.exe" aanklikken en dan "Eigenschappen" kiezen.
    [*:1668fe7b85]Klik nu op de tab "Comptabiliteit" en zet dan een vinkje bij "Als Administrator uitvoeren".
    [*:1668fe7b85]Als laatste wordt dan nog op [b:1668fe7b85]Toepassen[/b:1668fe7b85] en [b:1668fe7b85]OK[/b:1668fe7b85] geklikt[/list:u:1668fe7b85]

    [b:1668fe7b85]Hijack This gebruiken[/b:1668fe7b85]:
    [list:1668fe7b85][*:1668fe7b85]Sluit eerst alle openstaande programma's en de webbrowsers.
    [*:1668fe7b85]Start nu 'Hijack This' en klik vervolgens op de knop 'Do a system scan and save a logfile'
    [list:1668fe7b85][*:1668fe7b85]Start HijackThis op met het scanvenster, klik dan eerst op de knop 'Main Menu'[/list:u:1668fe7b85]
    [*:1668fe7b85]Sluit nu alle openstaande vensters en start vervolgens 'HijackThis' en kies voor 'Do a system scan and save a logfile'.
    [*:1668fe7b85]Kopieer en plak de inhoud van het Hijack This-logfile in je aansluitende bericht.
    [*:1668fe7b85]Hierna mag je Hijack This weer sluiten[/list:u:1668fe7b85]
    [b:1668fe7b85]Stap •2•[/b:1668fe7b85][/color:1668fe7b85]
    [b:1668fe7b85]Welk programma[/b:1668fe7b85]: Microsoft Safety Scanner
    [b:1668fe7b85]Waarvoor/waarom[/b:1668fe7b85]: specialistische scanner van Microsoft om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:1668fe7b85]Moeilijkheidsgraad[/b:1668fe7b85]: geen.
    [quote:1668fe7b85][b:1668fe7b85]Opmerking: Microsoft Safety Scanner verloopt 10 dagen nadat het is gedownload.
    Als u opnieuw een scan wilt uitvoeren met de nieuwste definities ter voorkoming van schadelijke software,
    downloadt u Microsoft Safety Scanner opnieuw en voert u het opnieuw uit.[/color:1668fe7b85][/b:1668fe7b85][/quote:1668fe7b85]
    Dowload de [b:1668fe7b85]Microsoft Safety Scanner [/b:1668fe7b85]hier.

    Windows 2000 en Windows XP: start Microsoft's Safety Scanner middels dubbelklik op de snelkoppeling.
    Windows Vista en Windows 7: start Microsoft's Safety Scanner middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
    Zet vervolgens een vinkje bij "Ik accepteer de voorwaarden van de bovenstaande gebruiksovereenkomst".

    [b:1668fe7b85]Scannen[/b:1668fe7b85]:
    [list:1668fe7b85][*:1668fe7b85] Bij het starten van 'Microsoft's Safety Scanner', klik op de knop "Volgende", vervolgens kies je voor 'Snelle Scan'.
    [*:1668fe7b85]Het scannen duurt wel even, dus wees geduldig.[/list:u:1668fe7b85]

    [b:1668fe7b85]Stap •3•[/b:1668fe7b85][/color:1668fe7b85]
    [b:1668fe7b85]Welk programma[/b:1668fe7b85]: Malwarebytes MBAM
    [b:1668fe7b85]Waarvoor/waarom[/b:1668fe7b85]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:1668fe7b85]Moeilijkheidsgraad[/b:1668fe7b85]: geen.

    [b:1668fe7b85]Download Malwarebytes MBAM via één van deze locaties[/b:1668fe7b85]:
    [list:1668fe7b85][*:1668fe7b85][b:1668fe7b85]Download.com[/b:1668fe7b85]
    [*:1668fe7b85][b:1668fe7b85]Softpedia.com[/b:1668fe7b85][*:1668fe7b85][b:1668fe7b85]Majorgeeks.com[/b:1668fe7b85][/list:u:1668fe7b85]
    [b:1668fe7b85]Allereerst[/b:1668fe7b85]:[list:1668fe7b85][*:1668fe7b85] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
    [*:1668fe7b85] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'!
    [/list:u:1668fe7b85]
    [b:1668fe7b85]Malwarebytes MBAM opstarten[/b:1668fe7b85]:
    Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
    Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
    [list:1668fe7b85][*:1668fe7b85][b:1668fe7b85]Let op:[/b:1668fe7b85]
    [list:1668fe7b85][*:1668fe7b85]Malwarebytes verstrekt nu de volledige versie van MBAM.
    [*:1668fe7b85]Bij de eerstse start kijg je de mogelijkheid de volledige versie te gebruiken of de gratis versie.
    [*:1668fe7b85]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken.
    [*:1668fe7b85]Zodoende zal MBAM als gratis versie verder te gebruiken zijn[/list:u:1668fe7b85][/list:u:1668fe7b85]
    [img:1668fe7b85]http://img30.imageshack.us/img30/3928/mbam2.png[/img:1668fe7b85]

    [list:1668fe7b85][*:1668fe7b85][b:1668fe7b85]Doe ook nog het volgende:[/b:1668fe7b85]
    [list:1668fe7b85][*:1668fe7b85]Zodra het programma gestart is, ga dan naar het tabblad "[b:1668fe7b85]Instellingen[/b:1668fe7b85]".
    [*:1668fe7b85]Vink hier aan: "[b:1668fe7b85]Sluit Internet Explorer tijdens verwijdering van malware[/b:1668fe7b85]".[/list:u:1668fe7b85][/list:u:1668fe7b85]

    [b:1668fe7b85]Scannen[/b:1668fe7b85]:
    [list:1668fe7b85][*:1668fe7b85] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
    [*:1668fe7b85]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
    [*:1668fe7b85]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:1668fe7b85]
    [b:1668fe7b85]Infecties gevonden[/b:1668fe7b85]:
    [list:1668fe7b85][*:1668fe7b85]Klik nu eerst op OK om de melding weg te klikken
    [*:1668fe7b85]Klik vervolgens rechtsonder op de knop Bekijk resultaten.
    [*:1668fe7b85]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
    [*:1668fe7b85]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [*:1668fe7b85]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
    [*:1668fe7b85]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:1668fe7b85]
    [b:1668fe7b85]MBAM-Log[/b:1668fe7b85]:
    [list:1668fe7b85][*:1668fe7b85] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:1668fe7b85]
    [b:1668fe7b85]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:1668fe7b85]


    [b:1668fe7b85]Stap •4•[/b:1668fe7b85][/color:1668fe7b85]
    [b:1668fe7b85]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:1668fe7b85]
    [list:1668fe7b85][*:1668fe7b85] een nieuw Hijackthis-log
    [*:1668fe7b85] MBAM scanlog[/list:u:1668fe7b85]
  • Hallo Abraham

    Alvast dank voor je aandacht in deze


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 22:42:21, on 21-9-2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Windows\System32\rundll32.exe
    C:\ProgramData\Panda Security Toolbar Antiphishing\panda2_0dn.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\windows defender\MSASCui.exe
    C:\Windows\explorer.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Internet Explorer\IELowutil.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Gacela2 - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\GfK Internet Monitor\Gacela2.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: WakoopaBHOClass Class - {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} - C:\Users\Martin\AppData\Local\Wakoopa Shared\WakoopaBHO.dll
    O3 - Toolbar: (no name) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - (no file)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Panda Security Toolbar Antiphishing] "C:\ProgramData\Panda Security Toolbar Antiphishing\panda2_0dn.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\GfK Internet Monitor\Gacela2.dll
    O9 - Extra 'Tools' menuitem: Informatie over GfK Internet Monitor - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\GfK Internet Monitor\Gacela2.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\gfklspservice.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\gfklspservice.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\gfklspservice.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\gfklspservice.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\gfklspservice.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GfK-Reporting-Service - Unknown owner - C:\Program Files\GfK Internet Monitor\GfK-Reporting.exe
    O23 - Service: GfK-Update-Service - Unknown owner - C:\Program Files\GfK Internet Monitor\GfK-Updater.exe
    O23 - Service: GfkLSPService - GfK - C:\Program Files\GfKLSPService\GfKLSPService.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
    O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
    vvsvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: webcamXP Service (wxpSvc) - Unknown owner - C:\Program Files\wLite\wService.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


    End of file - 9658 bytes

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Databaseversie: 7765

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    21-9-2011 23:40:24
    mbam-log-2011-09-21 (23-40-24).txt

    Scantype: Snelle scan
    Objecten gescand: 276018
    Verstreken tijd: 28 minuut/minuten, 51 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 1

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    c:\Users\Jarno\downloads\com izumi old offender 3.apk.exe (PUP.FileHunter) -> Quarantined and deleted successfully.


    Hopelijk kun je hier iets mee

    Radlab
  • We gaan nu de MBR van de HD controleren!

    [b:6e02b80c44]Stap •1•[/b:6e02b80c44][/color:6e02b80c44]
    [[b:6e02b80c44]Welk programma[/b:6e02b80c44]: Kaspersky [b:6e02b80c44]TDSSKiller[/b:6e02b80c44]
    [b:6e02b80c44]Waarvoor/waarom[/b:6e02b80c44]: Rootkitscanner
    [b:6e02b80c44]Moeilijkheidsgraad[/b:6e02b80c44]: geen
    [b:6e02b80c44]Downloadlokatie[/b:6e02b80c44]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
    [b:6e02b80c44]Download[/b:6e02b80c44] [b:6e02b80c44]TDSSKiller[/b:6e02b80c44] [b:6e02b80c44]hier[/b:6e02b80c44].

    [b:6e02b80c44]Installatie[/b:6e02b80c44]:
    [list:6e02b80c44][*:6e02b80c44] pak het bestand uit op je bureaublad.[/list:u:6e02b80c44]

    [b:6e02b80c44]TDSSKiller gebruiken[/b:6e02b80c44]:
    [list:6e02b80c44][*:6e02b80c44]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe.
    [*:6e02b80c44]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:6e02b80c44]Als Administrator uitvoeren[/b:6e02b80c44].
    [*:6e02b80c44]Idien TDSSKiller met een bericht komt over een beschikbare update, dan voer je deze eerst uit.[/list:u:6e02b80c44]
    [img:6e02b80c44]http://www.imgdumper.nl/uploads4/4dc1d6438f791/4dc1d6438d897-TDSSKiller_2011-05-05_00-26-21.jpg[/img:6e02b80c44]

    [list:6e02b80c44][*:6e02b80c44]Klik vervolgens op de knop [b:6e02b80c44]"Start Scan"[/b:6e02b80c44] en volg de instructies.
    [*:6e02b80c44] Nadat de scan klaar is klik je op de knop [b:6e02b80c44]"Report"[/b:6e02b80c44].
    [*:6e02b80c44]Er opent een kladblokbestand. Post de inhoud van dit bestand.
    [list:6e02b80c44][*:6e02b80c44][b:6e02b80c44]Herstart de pc indien TDSSKiller die optie aangeeft (Reboot now).[/b:6e02b80c44]
    [*:6e02b80c44]Wanneer het opnieuw opstarten noodzakelijk is, vind je de logfile in [b:6e02b80c44]C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt[/b:6e02b80c44][/list:u:6e02b80c44][/list:u:6e02b80c44]


    [b:6e02b80c44]Stap •2•[/b:6e02b80c44][/color:6e02b80c44]
    [b:6e02b80c44]Welk programma[/b:6e02b80c44]: "aswMBR.exe'
    [b:6e02b80c44]Waarvoor/waarom[/b:6e02b80c44]: MBR-Rootkitscanner
    [b:6e02b80c44]Moeilijkheidsgraad[/b:6e02b80c44]: geen
    [b:6e02b80c44]Downloadlokatie[/b:6e02b80c44]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
    [b:6e02b80c44]Download[/b:6e02b80c44] [b:6e02b80c44]aswMBR.exe[/b:6e02b80c44] [b:6e02b80c44]hier[/b:6e02b80c44].


    [b:6e02b80c44]aswMBR.exe gebruiken[/b:6e02b80c44]:
    [list:6e02b80c44][*:6e02b80c44]Windows 2000 en Windows XP: start "aswMBR.exe" middels dubbelklik op "aswMBR.exe".
    [*:6e02b80c44]Windows Vista en Windows 7: start "aswMBR.exe" middels rechtsklik op "aswMBR.exe" en kies jij voor [b:6e02b80c44]Als Administrator uitvoeren[/b:6e02b80c44].[/list:u:6e02b80c44]

    [img:6e02b80c44]http://www.imgdumper.nl/uploads4/4db3f87694fe9/4db3f87693886-aswmbrscan.gif[/img:6e02b80c44]
    [list:6e02b80c44][*:6e02b80c44] Klik nu in het zwarte scherm op de knop [b:6e02b80c44]Scan[/b:6e02b80c44]
    [*:6e02b80c44] Als de melding "Scan finished successfully" komt, klik dan vervolgens op de knop [b:6e02b80c44]Save log[/b:6e02b80c44][/list:u:6e02b80c44]
    [img:6e02b80c44]http://www.imgdumper.nl/uploads4/4db3f8e71343a/4db3f8e71288d-aswmbrsavelog.gif[/img:6e02b80c44]
    [list:6e02b80c44][*:6e02b80c44] Het makkelijkst is het, als opslaglokatie voor het log gewoon het bureaublad te kiezen.
    [*:6e02b80c44] Tevens vindt je nu op het bureaublad ook het bestand [b:6e02b80c44]MBR.dat[/b:6e02b80c44]!
    [*:6e02b80c44] [b:6e02b80c44]MBR.dat[/b:6e02b80c44] is een backupbestand, bewaar dat dus voorlopig.
    [*:6e02b80c44] Ook op het bureaublad staat een kladbloktekst-document genaamd [b:6e02b80c44]aswMBR.txt[/b:6e02b80c44]
    [*:6e02b80c44] Post de inhoud van [b:6e02b80c44]aswMBR.txt[/b:6e02b80c44] in jouw volgende bericht.[/list:u:6e02b80c44]

    [b:6e02b80c44]Stap •3•[/b:6e02b80c44][/color:6e02b80c44]
    [b:6e02b80c44]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:6e02b80c44]
    [list:6e02b80c44][*:6e02b80c44] TDSSKiller-log
    [*:6e02b80c44] aswMBR.txt-log
    [/list:u:6e02b80c44]
  • Hallo Abraham

    Hierbij de gevraagde logs:

    2011/09/22 20:17:43.0425 2976 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
    2011/09/22 20:17:43.0810 2976 ================================================================================
    2011/09/22 20:17:43.0810 2976 SystemInfo:
    2011/09/22 20:17:43.0810 2976
    2011/09/22 20:17:43.0811 2976 OS Version: 6.0.6002 ServicePack: 2.0
    2011/09/22 20:17:43.0811 2976 Product type: Workstation
    2011/09/22 20:17:43.0811 2976 ComputerName: PC_VAN_MARTIN
    2011/09/22 20:17:43.0811 2976 UserName: Martin
    2011/09/22 20:17:43.0811 2976 Windows directory: C:\Windows
    2011/09/22 20:17:43.0811 2976 System windows directory: C:\Windows
    2011/09/22 20:17:43.0811 2976 Processor architecture: Intel x86
    2011/09/22 20:17:43.0811 2976 Number of processors: 2
    2011/09/22 20:17:43.0811 2976 Page size: 0x1000
    2011/09/22 20:17:43.0811 2976 Boot type: Normal boot
    2011/09/22 20:17:43.0811 2976 ================================================================================
    2011/09/22 20:17:45.0622 2976 Initialize success
    2011/09/22 20:17:54.0496 6448 ================================================================================
    2011/09/22 20:17:54.0496 6448 Scan started
    2011/09/22 20:17:54.0496 6448 Mode: Manual;
    2011/09/22 20:17:54.0496 6448 ================================================================================
    2011/09/22 20:17:57.0305 6448 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2011/09/22 20:17:57.0455 6448 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2011/09/22 20:17:57.0524 6448 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2011/09/22 20:17:57.0741 6448 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2011/09/22 20:17:57.0809 6448 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2011/09/22 20:17:57.0986 6448 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    2011/09/22 20:17:58.0073 6448 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    2011/09/22 20:17:58.0122 6448 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/09/22 20:17:58.0195 6448 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    2011/09/22 20:17:58.0240 6448 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2011/09/22 20:17:58.0291 6448 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    2011/09/22 20:17:58.0333 6448 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2011/09/22 20:17:58.0402 6448 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/09/22 20:17:58.0490 6448 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2011/09/22 20:17:58.0571 6448 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2011/09/22 20:17:58.0699 6448 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\Windows\system32\drivers\aswFsBlk.sys
    2011/09/22 20:17:58.0816 6448 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\Windows\system32\drivers\aswMonFlt.sys
    2011/09/22 20:17:58.0885 6448 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\Windows\system32\drivers\aswRdr.sys
    2011/09/22 20:17:59.0010 6448 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\Windows\system32\drivers\aswSnx.sys
    2011/09/22 20:17:59.0137 6448 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\Windows\system32\drivers\aswSP.sys
    2011/09/22 20:17:59.0241 6448 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\Windows\system32\drivers\aswTdi.sys
    2011/09/22 20:17:59.0435 6448 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/09/22 20:17:59.0538 6448 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2011/09/22 20:17:59.0747 6448 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
    2011/09/22 20:17:59.0848 6448 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
    2011/09/22 20:18:00.0021 6448 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/09/22 20:18:00.0156 6448 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    2011/09/22 20:18:00.0271 6448 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/09/22 20:18:00.0344 6448 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/09/22 20:18:00.0419 6448 Bridge (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
    2011/09/22 20:18:00.0462 6448 BridgeMP (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
    2011/09/22 20:18:00.0513 6448 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/09/22 20:18:00.0551 6448 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/09/22 20:18:00.0592 6448 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/09/22 20:18:00.0622 6448 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/09/22 20:18:00.0667 6448 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/09/22 20:18:00.0764 6448 BVRPMPR5 (da2dc84e2d14ec6dac1132caa286118d) C:\Windows\system32\drivers\BVRPMPR5.SYS
    2011/09/22 20:18:00.0830 6448 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/09/22 20:18:00.0893 6448 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers\cdrbsdrv.sys
    2011/09/22 20:18:00.0963 6448 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/09/22 20:18:01.0021 6448 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2011/09/22 20:18:01.0120 6448 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2011/09/22 20:18:01.0234 6448 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/09/22 20:18:01.0284 6448 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    2011/09/22 20:18:01.0375 6448 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
    2011/09/22 20:18:01.0465 6448 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/09/22 20:18:01.0509 6448 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2011/09/22 20:18:01.0568 6448 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2011/09/22 20:18:01.0708 6448 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    2011/09/22 20:18:01.0832 6448 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2011/09/22 20:18:01.0941 6448 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/09/22 20:18:02.0014 6448 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/09/22 20:18:02.0100 6448 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
    2011/09/22 20:18:02.0172 6448 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/09/22 20:18:02.0273 6448 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
    2011/09/22 20:18:02.0368 6448 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2011/09/22 20:18:02.0530 6448 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2011/09/22 20:18:02.0726 6448 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2011/09/22 20:18:02.0975 6448 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2011/09/22 20:18:03.0050 6448 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/09/22 20:18:03.0170 6448 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/09/22 20:18:03.0261 6448 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/09/22 20:18:03.0360 6448 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/09/22 20:18:03.0476 6448 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2011/09/22 20:18:03.0559 6448 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
    2011/09/22 20:18:03.0634 6448 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/09/22 20:18:03.0676 6448 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/09/22 20:18:03.0837 6448 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
    2011/09/22 20:18:03.0891 6448 HdAudAddService (5ab09c8b9da9e5dae0090eb62a9d035a) C:\Windows\system32\drivers\CHDART.sys
    2011/09/22 20:18:03.0961 6448 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/09/22 20:18:04.0034 6448 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/09/22 20:18:04.0072 6448 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/09/22 20:18:04.0137 6448 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/09/22 20:18:04.0217 6448 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2011/09/22 20:18:04.0285 6448 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    2011/09/22 20:18:04.0370 6448 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    2011/09/22 20:18:04.0465 6448 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    2011/09/22 20:18:04.0538 6448 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2011/09/22 20:18:04.0595 6448 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2011/09/22 20:18:04.0687 6448 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/09/22 20:18:04.0764 6448 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2011/09/22 20:18:04.0853 6448 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2011/09/22 20:18:04.0923 6448 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/09/22 20:18:04.0986 6448 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
    2011/09/22 20:18:05.0045 6448 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/09/22 20:18:05.0101 6448 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/09/22 20:18:05.0195 6448 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2011/09/22 20:18:05.0259 6448 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/09/22 20:18:05.0316 6448 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/09/22 20:18:05.0361 6448 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2011/09/22 20:18:05.0430 6448 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/09/22 20:18:05.0475 6448 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/09/22 20:18:05.0511 6448 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/09/22 20:18:05.0570 6448 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/09/22 20:18:05.0616 6448 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/09/22 20:18:05.0697 6448 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2011/09/22 20:18:05.0810 6448 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
    2011/09/22 20:18:05.0897 6448 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
    2011/09/22 20:18:05.0975 6448 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/09/22 20:18:06.0060 6448 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2011/09/22 20:18:06.0108 6448 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2011/09/22 20:18:06.0174 6448 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/09/22 20:18:06.0255 6448 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/09/22 20:18:06.0381 6448 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2011/09/22 20:18:06.0443 6448 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2011/09/22 20:18:06.0519 6448 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/09/22 20:18:06.0579 6448 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/09/22 20:18:06.0626 6448 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/09/22 20:18:06.0663 6448 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/09/22 20:18:06.0717 6448 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/09/22 20:18:06.0757 6448 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2011/09/22 20:18:06.0804 6448 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/09/22 20:18:06.0870 6448 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/09/22 20:18:06.0930 6448 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2011/09/22 20:18:07.0014 6448 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/09/22 20:18:07.0082 6448 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/09/22 20:18:07.0126 6448 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/09/22 20:18:07.0178 6448 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    2011/09/22 20:18:07.0249 6448 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2011/09/22 20:18:07.0334 6448 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/09/22 20:18:07.0408 6448 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/09/22 20:18:07.0481 6448 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/09/22 20:18:07.0537 6448 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/09/22 20:18:07.0588 6448 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/09/22 20:18:07.0646 6448 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2011/09/22 20:18:07.0688 6448 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/09/22 20:18:07.0730 6448 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/09/22 20:18:07.0773 6448 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2011/09/22 20:18:07.0852 6448 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS
    wifi.sys
    2011/09/22 20:18:07.0939 6448 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers
    dis.sys
    2011/09/22 20:18:08.0106 6448 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS
    distapi.sys
    2011/09/22 20:18:08.0212 6448 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS
    disuio.sys
    2011/09/22 20:18:08.0291 6448 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS
    diswan.sys
    2011/09/22 20:18:08.0366 6448 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/09/22 20:18:08.0422 6448 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS
    etbios.sys
    2011/09/22 20:18:08.0497 6448 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS
    etbt.sys
    2011/09/22 20:18:08.0604 6448 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers
    frd960.sys
    2011/09/22 20:18:08.0679 6448 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2011/09/22 20:18:08.0742 6448 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers
    siproxy.sys
    2011/09/22 20:18:08.0874 6448 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2011/09/22 20:18:08.0958 6448 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers
    trigdigi.sys
    2011/09/22 20:18:09.0033 6448 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/09/22 20:18:09.0123 6448 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS
    vmfdx32.sys
    2011/09/22 20:18:09.0458 6448 nvlddmkm (d65bc32c1795191b7f2b028351ab4fe2) C:\Windows\system32\DRIVERS
    vlddmkm.sys
    2011/09/22 20:18:09.0716 6448 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers
    vraid.sys
    2011/09/22 20:18:09.0781 6448 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS
    vsmu.sys
    2011/09/22 20:18:09.0821 6448 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers
    vstor.sys
    2011/09/22 20:18:09.0876 6448 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers
    v_agp.sys
    2011/09/22 20:18:10.0003 6448 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/09/22 20:18:10.0059 6448 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/09/22 20:18:10.0122 6448 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2011/09/22 20:18:10.0167 6448 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/09/22 20:18:10.0267 6448 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2011/09/22 20:18:10.0326 6448 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
    2011/09/22 20:18:10.0372 6448 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/09/22 20:18:10.0446 6448 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/09/22 20:18:10.0624 6448 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/09/22 20:18:10.0663 6448 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2011/09/22 20:18:10.0745 6448 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2011/09/22 20:18:10.0800 6448 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/09/22 20:18:10.0870 6448 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2011/09/22 20:18:10.0954 6448 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/09/22 20:18:11.0024 6448 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/09/22 20:18:11.0108 6448 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/09/22 20:18:11.0207 6448 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/09/22 20:18:11.0296 6448 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/09/22 20:18:11.0348 6448 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/09/22 20:18:11.0412 6448 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/09/22 20:18:11.0461 6448 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/09/22 20:18:11.0515 6448 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    2011/09/22 20:18:11.0547 6448 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/09/22 20:18:11.0604 6448 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2011/09/22 20:18:11.0672 6448 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
    2011/09/22 20:18:11.0731 6448 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
    2011/09/22 20:18:11.0763 6448 rismxdp (c663af77e2f4eabf8eb08b388d2f1f36) C:\Windows\system32\DRIVERS\rixdptsk.sys
    2011/09/22 20:18:11.0841 6448 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/09/22 20:18:11.0898 6448 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/09/22 20:18:12.0003 6448 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/09/22 20:18:12.0058 6448 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/09/22 20:18:12.0116 6448 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2011/09/22 20:18:12.0167 6448 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/09/22 20:18:12.0232 6448 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/09/22 20:18:12.0330 6448 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/09/22 20:18:12.0368 6448 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/09/22 20:18:12.0428 6448 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/09/22 20:18:12.0475 6448 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/09/22 20:18:12.0536 6448 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    2011/09/22 20:18:12.0572 6448 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2011/09/22 20:18:12.0610 6448 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2011/09/22 20:18:12.0687 6448 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2011/09/22 20:18:12.0777 6448 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/09/22 20:18:12.0865 6448 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    2011/09/22 20:18:12.0866 6448 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    2011/09/22 20:18:12.0876 6448 sptd - detected LockedFile.Multi.Generic (1)
    2011/09/22 20:18:12.0936 6448 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    2011/09/22 20:18:13.0024 6448 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    2011/09/22 20:18:13.0117 6448 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/09/22 20:18:13.0203 6448 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/09/22 20:18:13.0265 6448 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/09/22 20:18:13.0305 6448 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/09/22 20:18:13.0347 6448 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/09/22 20:18:13.0414 6448 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/09/22 20:18:13.0547 6448 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
    2011/09/22 20:18:13.0629 6448 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/09/22 20:18:13.0692 6448 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2011/09/22 20:18:13.0741 6448 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/09/22 20:18:13.0785 6448 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/09/22 20:18:13.0849 6448 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2011/09/22 20:18:13.0905 6448 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2011/09/22 20:18:14.0013 6448 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/09/22 20:18:14.0086 6448 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/09/22 20:18:14.0158 6448 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/09/22 20:18:14.0233 6448 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2011/09/22 20:18:14.0294 6448 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2011/09/22 20:18:14.0368 6448 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2011/09/22 20:18:14.0421 6448 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2011/09/22 20:18:14.0474 6448 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/09/22 20:18:14.0515 6448 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/09/22 20:18:14.0574 6448 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/09/22 20:18:14.0653 6448 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/09/22 20:18:14.0695 6448 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/09/22 20:18:14.0771 6448 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/09/22 20:18:14.0825 6448 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/09/22 20:18:14.0885 6448 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/09/22 20:18:14.0945 6448 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/09/22 20:18:15.0028 6448 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/09/22 20:18:15.0070 6448 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/09/22 20:18:15.0126 6448 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/09/22 20:18:15.0200 6448 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    2011/09/22 20:18:15.0264 6448 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/09/22 20:18:15.0323 6448 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/09/22 20:18:15.0368 6448 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2011/09/22 20:18:15.0412 6448 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2011/09/22 20:18:15.0456 6448 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    2011/09/22 20:18:15.0525 6448 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/09/22 20:18:15.0590 6448 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2011/09/22 20:18:15.0660 6448 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2011/09/22 20:18:15.0738 6448 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2011/09/22 20:18:15.0815 6448 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/09/22 20:18:15.0880 6448 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/22 20:18:15.0903 6448 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/22 20:18:15.0962 6448 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2011/09/22 20:18:16.0037 6448 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/09/22 20:18:16.0174 6448 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    2011/09/22 20:18:16.0356 6448 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/09/22 20:18:16.0456 6448 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/09/22 20:18:16.0524 6448 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/09/22 20:18:16.0628 6448 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/09/22 20:18:16.0697 6448 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys
    2011/09/22 20:18:16.0764 6448 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
    2011/09/22 20:18:16.0808 6448 Boot (0x1200) (13ca94daba5d84038b10bb12a2a62b12) \Device\Harddisk0\DR0\Partition0
    2011/09/22 20:18:16.0832 6448 Boot (0x1200) (0144fd598dfedd81c16573576150abdc) \Device\Harddisk0\DR0\Partition1
    2011/09/22 20:18:16.0848 6448 ================================================================================
    2011/09/22 20:18:16.0848 6448 Scan finished
    2011/09/22 20:18:16.0848 6448 ================================================================================
    2011/09/22 20:18:16.0870 3896 Detected object count: 1
    2011/09/22 20:18:16.0870 3896 Actual detected object count: 1
    2011/09/22 20:20:10.0996 3896 LockedFile.Multi.Generic(sptd) - User select action: Skip
    2011/09/22 20:20:22.0927 4184 ================================================================================
    2011/09/22 20:20:22.0927 4184 Scan started
    2011/09/22 20:20:22.0927 4184 Mode: Manual;
    2011/09/22 20:20:22.0927 4184 ================================================================================
    2011/09/22 20:20:23.0587 4184 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2011/09/22 20:20:23.0660 4184 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2011/09/22 20:20:23.0716 4184 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2011/09/22 20:20:23.0755 4184 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2011/09/22 20:20:23.0790 4184 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2011/09/22 20:20:23.0878 4184 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    2011/09/22 20:20:23.0921 4184 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    2011/09/22 20:20:23.0958 4184 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/09/22 20:20:23.0998 4184 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    2011/09/22 20:20:24.0032 4184 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2011/09/22 20:20:24.0072 4184 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    2011/09/22 20:20:24.0113 4184 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2011/09/22 20:20:24.0161 4184 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/09/22 20:20:24.0215 4184 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2011/09/22 20:20:24.0263 4184 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2011/09/22 20:20:24.0313 4184 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\Windows\system32\drivers\aswFsBlk.sys
    2011/09/22 20:20:24.0364 4184 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\Windows\system32\drivers\aswMonFlt.sys
    2011/09/22 20:20:24.0398 4184 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\Windows\system32\drivers\aswRdr.sys
    2011/09/22 20:20:24.0446 4184 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\Windows\system32\drivers\aswSnx.sys
    2011/09/22 20:20:24.0506 4184 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\Windows\system32\drivers\aswSP.sys
    2011/09/22 20:20:24.0555 4184 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\Windows\system32\drivers\aswTdi.sys
    2011/09/22 20:20:24.0604 4184 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/09/22 20:20:24.0651 4184 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2011/09/22 20:20:24.0749 4184 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
    2011/09/22 20:20:24.0793 4184 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
    2011/09/22 20:20:24.0857 4184 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/09/22 20:20:24.0958 4184 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    2011/09/22 20:20:25.0006 4184 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/09/22 20:20:25.0045 4184 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/09/22 20:20:25.0099 4184 Bridge (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
    2011/09/22 20:20:25.0121 4184 BridgeMP (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
    2011/09/22 20:20:25.0181 4184 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/09/22 20:20:25.0220 4184 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/09/22 20:20:25.0260 4184 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/09/22 20:20:25.0288 4184 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/09/22 20:20:25.0335 4184 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/09/22 20:20:25.0410 4184 BVRPMPR5 (da2dc84e2d14ec6dac1132caa286118d) C:\Windows\system32\drivers\BVRPMPR5.SYS
    2011/09/22 20:20:25.0465 4184 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/09/22 20:20:25.0517 4184 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers\cdrbsdrv.sys
    2011/09/22 20:20:25.0575 4184 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/09/22 20:20:25.0622 4184 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2011/09/22 20:20:25.0688 4184 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2011/09/22 20:20:25.0769 4184 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/09/22 20:20:25.0819 4184 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    2011/09/22 20:20:25.0865 4184 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
    2011/09/22 20:20:25.0932 4184 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/09/22 20:20:25.0969 4184 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2011/09/22 20:20:26.0013 4184 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2011/09/22 20:20:26.0120 4184 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    2011/09/22 20:20:26.0188 4184 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2011/09/22 20:20:26.0264 4184 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/09/22 20:20:26.0337 4184 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/09/22 20:20:26.0379 4184 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
    2011/09/22 20:20:26.0417 4184 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/09/22 20:20:26.0463 4184 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
    2011/09/22 20:20:26.0536 4184 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2011/09/22 20:20:26.0606 4184 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2011/09/22 20:20:26.0685 4184 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2011/09/22 20:20:26.0742 4184 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2011/09/22 20:20:26.0784 4184 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/09/22 20:20:26.0859 4184 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/09/22 20:20:26.0906 4184 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/09/22 20:20:26.0960 4184 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/09/22 20:20:27.0020 4184 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2011/09/22 20:20:27.0092 4184 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
    2011/09/22 20:20:27.0145 4184 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/09/22 20:20:27.0186 4184 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/09/22 20:20:27.0304 4184 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
    2011/09/22 20:20:27.0357 4184 HdAudAddService (5ab09c8b9da9e5dae0090eb62a9d035a) C:\Windows\system32\drivers\CHDART.sys
    2011/09/22 20:20:27.0428 4184 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/09/22 20:20:27.0478 4184 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/09/22 20:20:27.0516 4184 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/09/22 20:20:27.0570 4184 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/09/22 20:20:27.0628 4184 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2011/09/22 20:20:27.0707 4184 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    2011/09/22 20:20:27.0849 4184 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    2011/09/22 20:20:27.0977 4184 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    2011/09/22 20:20:28.0038 4184 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2011/09/22 20:20:28.0095 4184 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2011/09/22 20:20:28.0154 4184 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/09/22 20:20:28.0244 4184 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2011/09/22 20:20:28.0297 4184 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2011/09/22 20:20:28.0365 4184 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/09/22 20:20:28.0430 4184 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
    2011/09/22 20:20:28.0467 4184 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/09/22 20:20:28.0534 4184 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/09/22 20:20:28.0617 4184 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2011/09/22 20:20:28.0670 4184 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/09/22 20:20:28.0716 4184 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/09/22 20:20:28.0761 4184 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2011/09/22 20:20:28.0819 4184 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/09/22 20:20:28.0863 4184 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/09/22 20:20:28.0899 4184 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/09/22 20:20:28.0959 4184 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/09/22 20:20:29.0004 4184 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/09/22 20:20:29.0086 4184 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2011/09/22 20:20:29.0210 4184 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
    2011/09/22 20:20:29.0263 4184 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
    2011/09/22 20:20:29.0341 4184 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/09/22 20:20:29.0460 4184 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2011/09/22 20:20:29.0507 4184 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2011/09/22 20:20:29.0551 4184 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/09/22 20:20:29.0611 4184 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/09/22 20:20:29.0725 4184 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2011/09/22 20:20:29.0765 4184 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2011/09/22 20:20:29.0841 4184 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/09/22 20:20:29.0890 4184 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/09/22 20:20:29.0937 4184 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/09/22 20:20:29.0973 4184 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/09/22 20:20:30.0039 4184 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/09/22 20:20:30.0078 4184 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2011/09/22 20:20:30.0114 4184 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/09/22 20:20:30.0170 4184 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/09/22 20:20:30.0218 4184 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2011/09/22 20:20:30.0302 4184 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/09/22 20:20:30.0370 4184 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/09/22 20:20:30.0404 4184 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/09/22 20:20:30.0444 4184 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    2011/09/22 20:20:30.0493 4184 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2011/09/22 20:20:30.0578 4184 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/09/22 20:20:30.0630 4184 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/09/22 20:20:30.0692 4184 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/09/22 20:20:30.0747 4184 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/09/22 20:20:30.0798 4184 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/09/22 20:20:30.0857 4184 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2011/09/22 20:20:30.0898 4184 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/09/22 20:20:30.0941 4184 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/09/22 20:20:30.0983 4184 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2011/09/22 20:20:31.0045 4184 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS
    wifi.sys
    2011/09/22 20:20:31.0116 4184 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers
    dis.sys
    2011/09/22 20:20:31.0183 4184 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS
    distapi.sys
    2011/09/22 20:20:31.0241 4184 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS
    disuio.sys
    2011/09/22 20:20:31.0301 4184 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS
    diswan.sys
    2011/09/22 20:20:31.0354 4184 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/09/22 20:20:31.0391 4184 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS
    etbios.sys
    2011/09/22 20:20:31.0451 4184 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS
    etbt.sys
    2011/09/22 20:20:31.0559 4184 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers
    frd960.sys
    2011/09/22 20:20:31.0622 4184 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2011/09/22 20:20:31.0696 4184 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers
    siproxy.sys
    2011/09/22 20:20:31.0784 4184 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2011/09/22 20:20:31.0834 4184 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers
    trigdigi.sys
    2011/09/22 20:20:31.0888 4184 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/09/22 20:20:31.0967 4184 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS
    vmfdx32.sys
    2011/09/22 20:20:32.0429 4184 nvlddmkm (d65bc32c1795191b7f2b028351ab4fe2) C:\Windows\system32\DRIVERS
    vlddmkm.sys
    2011/09/22 20:20:32.0559 4184 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers
    vraid.sys
    2011/09/22 20:20:32.0607 4184 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS
    vsmu.sys
    2011/09/22 20:20:32.0653 4184 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers
    vstor.sys
    2011/09/22 20:20:32.0708 4184 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers
    v_agp.sys
    2011/09/22 20:20:32.0824 4184 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/09/22 20:20:32.0881 4184 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/09/22 20:20:32.0932 4184 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2011/09/22 20:20:32.0977 4184 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/09/22 20:20:33.0077 4184 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2011/09/22 20:20:33.0113 4184 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
    2011/09/22 20:20:33.0159 4184 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/09/22 20:20:33.0223 4184 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/09/22 20:20:33.0367 4184 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/09/22 20:20:33.0406 4184 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2011/09/22 20:20:33.0476 4184 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2011/09/22 20:20:33.0532 4184 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/09/22 20:20:33.0590 4184 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2011/09/22 20:20:33.0641 4184 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/09/22 20:20:33.0711 4184 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/09/22 20:20:33.0762 4184 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/09/22 20:20:33.0827 4184 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/09/22 20:20:33.0883 4184 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/09/22 20:20:33.0935 4184 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/09/22 20:20:34.0000 4184 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/09/22 20:20:34.0060 4184 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/09/22 20:20:34.0113 4184 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    2011/09/22 20:20:34.0141 4184 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/09/22 20:20:34.0191 4184 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2011/09/22 20:20:34.0260 4184 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
    2011/09/22 20:20:34.0304 4184 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
    2011/09/22 20:20:34.0335 4184 rismxdp (c663af77e2f4eabf8eb08b388d2f1f36) C:\Windows\system32\DRIVERS\rixdptsk.sys
    2011/09/22 20:20:34.0406 4184 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/09/22 20:20:34.0463 4184 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/09/22 20:20:34.0546 4184 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/09/22 20:20:34.0601 4184 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/09/22 20:20:34.0670 4184 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2011/09/22 20:20:34.0710 4184 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/09/22 20:20:34.0763 4184 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/09/22 20:20:34.0861 4184 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/09/22 20:20:34.0900 4184 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/09/22 20:20:34.0960 4184 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/09/22 20:20:34.0995 4184 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/09/22 20:20:35.0068 4184 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    2011/09/22 20:20:35.0114 4184 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2011/09/22 20:20:35.0164 4184 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2011/09/22 20:20:35.0230 4184 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2011/09/22 20:20:35.0320 4184 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/09/22 20:20:35.0397 4184 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    2011/09/22 20:20:35.0397 4184 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    2011/09/22 20:20:35.0406 4184 sptd - detected LockedFile.Multi.Generic (1)
    2011/09/22 20:20:35.0468 4184 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    2011/09/22 20:20:35.0544 4184 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    2011/09/22 20:20:35.0615 4184 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/09/22 20:20:35.0701 4184 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/09/22 20:20:35.0763 4184 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/09/22 20:20:35.0802 4184 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/09/22 20:20:35.0845 4184 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/09/22 20:20:35.0913 4184 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/09/22 20:20:36.0046 4184 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
    2011/09/22 20:20:36.0111 4184 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/09/22 20:20:36.0168 4184 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2011/09/22 20:20:36.0217 4184 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/09/22 20:20:36.0261 4184 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/09/22 20:20:36.0326 4184 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2011/09/22 20:20:36.0381 4184 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2011/09/22 20:20:36.0478 4184 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/09/22 20:20:36.0540 4184 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/09/22 20:20:36.0601 4184 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/09/22 20:20:36.0676 4184 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2011/09/22 20:20:36.0737 4184 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2011/09/22 20:20:36.0811 4184 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2011/09/22 20:20:36.0863 4184 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2011/09/22 20:20:36.0917 4184 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/09/22 20:20:36.0958 4184 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/09/22 20:20:37.0017 4184 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/09/22 20:20:37.0107 4184 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/09/22 20:20:37.0160 4184 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/09/22 20:20:37.0269 4184 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/09/22 20:20:37.0390 4184 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/09/22 20:20:37.0450 4184 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/09/22 20:20:37.0499 4184 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/09/22 20:20:37.0560 4184 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/09/22 20:20:37.0602 4184 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/09/22 20:20:37.0646 4184 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/09/22 20:20:37.0698 4184 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    2011/09/22 20:20:37.0751 4184 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/09/22 20:20:37.0810 4184 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/09/22 20:20:37.0856 4184 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2011/09/22 20:20:37.0899 4184 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2011/09/22 20:20:37.0943 4184 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    2011/09/22 20:20:38.0001 4184 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/09/22 20:20:38.0068 4184 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2011/09/22 20:20:38.0136 4184 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2011/09/22 20:20:38.0181 4184 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2011/09/22 20:20:38.0246 4184 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/09/22 20:20:38.0311 4184 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/22 20:20:38.0332 4184 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/22 20:20:38.0393 4184 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2011/09/22 20:20:38.0458 4184 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/09/22 20:20:38.0571 4184 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    2011/09/22 20:20:38.0732 4184 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/09/22 20:20:38.0832 4184 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/09/22 20:20:38.0900 4184 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/09/22 20:20:38.0993 4184 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/09/22 20:20:39.0051 4184 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys
    2011/09/22 20:20:39.0129 4184 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
    2011/09/22 20:20:39.0176 4184 Boot (0x1200) (13ca94daba5d84038b10bb12a2a62b12) \Device\Harddisk0\DR0\Partition0
    2011/09/22 20:20:39.0201 4184 Boot (0x1200) (0144fd598dfedd81c16573576150abdc) \Device\Harddisk0\DR0\Partition1
    2011/09/22 20:20:39.0218 4184 ================================================================================
    2011/09/22 20:20:39.0218 4184 Scan finished
    2011/09/22 20:20:39.0218 4184 ================================================================================
    2011/09/22 20:20:39.0246 7968 Detected object count: 1
    2011/09/22 20:20:39.0246 7968 Actual detected object count: 1
    2011/09/22 20:20:51.0915 7968 LockedFile.Multi.Generic(sptd) - User select action: Skip


    aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
    Run date: 2011-09-22 20:22:31
    —————————–
    20:22:31.738 OS Version: Windows 6.0.6002 Service Pack 2
    20:22:31.739 Number of processors: 2 586 0x6801
    20:22:31.741 ComputerName: PC_VAN_MARTIN UserName: Martin
    20:22:32.420 Initialize success
    20:22:32.812 AVAST engine defs: 11092200
    20:22:47.221 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
    20:22:47.232 Disk 0 Vendor: WDC_WD1200BEVS-60UST0 01.01A01 Size: 114473MB BusType: 3
    20:22:49.296 Disk 0 MBR read successfully
    20:22:49.309 Disk 0 MBR scan
    20:22:49.325 Disk 0 unknown MBR code
    20:22:49.343 Disk 0 scanning sectors +234436545
    20:22:49.427 Disk 0 scanning C:\Windows\system32\drivers
    20:23:08.222 Service scanning
    20:23:11.018 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    20:23:11.953 Modules scanning
    20:23:20.496 Disk 0 trace - called modules:
    20:23:20.521 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84daa1f8]<<
    20:23:20.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84fc9030]
    20:23:20.548 3 CLASSPNP.SYS[883a18b3] -> nt!IofCallDriver -> [0x84e54918]
    20:23:20.564 5 acpi.sys[87b2d6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x84e2e390]
    20:23:20.582 \Driver\atapi[0x84e1d590] -> IRP_MJ_CREATE -> 0x84daa1f8
    20:23:21.107 AVAST engine scan C:\Windows
    20:23:24.044 AVAST engine scan C:\Windows\system32
    20:26:05.515 AVAST engine scan C:\Windows\system32\drivers
    20:26:18.205 AVAST engine scan C:\Users\Martin
    20:35:07.856 AVAST engine scan C:\ProgramData
    20:44:05.801 Scan finished successfully
    20:49:00.101 Disk 0 MBR has been saved successfully to "
  • Hoi Radlab, heb jij DaemonTools of Alcohol-brandsoftware in jouw Windows?

    Ik vraag dit, omdat beide tools SPTD.SYS hebben gevonden!

    Dat bestand hoort bij een van de vermelde tools, indien die niet in jouw Windows zitten, dan is SPTD.SYS mogelijk een rootkit!
  • Hoi Abraham

    Ik heb deamon tools lite gehad maar die heb ik voor de logscans verwijderd.
    Alcohol brandsoftware zegt me niets!!!!

    Radlab
  • Duidelijk, dan zullen we dat bestand uiteindelijk door onderstaande tool laten verwijderen!

    [b:3cfadfa093]Welk programma[/b:3cfadfa093]: ComboFix
    [b:3cfadfa093]Waarvoor/waarom[/b:3cfadfa093]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:3cfadfa093]Moeilijkheidsgraad[/b:3cfadfa093]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:3cfadfa093]Downloadlokatie[/b:3cfadfa093]: Dit programma absoluut naar het bureaublad downloaden!
    [b:3cfadfa093]Download ComboFix via één van deze locaties[/b:3cfadfa093]:
    [list:3cfadfa093][*:3cfadfa093][b:3cfadfa093]Bleepingcomputer[/b:3cfadfa093]
    [*:3cfadfa093][b:3cfadfa093]ForoSpyware[/b:3cfadfa093]
    [*:3cfadfa093][b:3cfadfa093]Geekstogo[/b:3cfadfa093][/list:u:3cfadfa093]
    [b:3cfadfa093]Hier[/b:3cfadfa093] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:3cfadfa093]Hier[/b:3cfadfa093] en [b:3cfadfa093]hier[/b:3cfadfa093] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:3cfadfa093]Voor alle duidelijkheid nogmaals[/b:3cfadfa093]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:3cfadfa093]Opmerkingen[/b:3cfadfa093]:
    [list:3cfadfa093][*:3cfadfa093] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:3cfadfa093]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:3cfadfa093]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:3cfadfa093]
    [b:3cfadfa093]ComboFix is opgestart[/b:3cfadfa093]:
    [list:3cfadfa093][*:3cfadfa093]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:3cfadfa093]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:3cfadfa093]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:3cfadfa093]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:3cfadfa093]Post de inhoud van dit logbestand in je volgende bericht.
    [*:3cfadfa093]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:3cfadfa093]
    [b:3cfadfa093]Belangrijke opmerking[/b:3cfadfa093]:
    [list:3cfadfa093][*:3cfadfa093][b:3cfadfa093]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:3cfadfa093][/b:3cfadfa093]
    [*:3cfadfa093][b:3cfadfa093]Illegal operation attempted on a registery key that has been marked for deletion.[/color:3cfadfa093][/b:3cfadfa093]
    [*:3cfadfa093][b:3cfadfa093]Start dan de computer opnieuw op.[/color:3cfadfa093][/b:3cfadfa093][/list:u:3cfadfa093]
  • Hoi Abraham

    wat ik ook doe ik krijg combofix niet aan het werk.
    Als ik het programma download krijg ik niet de keus om op te slaan op bureaublad. Als ik het programma van uit de downloadlocatie op de computer verplaats naar het bureaublad en met reklik open als administrator dan wordt het programma uitgepakt en daarna gebeurt er niets.
    Wat doe ik verkeerd???

    Radlab
  • Download ComboFix nu eerst opnieuw naar je downloadmap en dan na deaktiveren van Avast mag je van mij ComboFix starten vanuit de downloadmap.
  • Hallo Abraham

    Hierbij de log van de combifix:


    ComboFix 11-09-23.03 - Martin 23-09-2011 20:46:48.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1982.1068 [GMT 2:00]
    Gestart vanuit: c:\users\Martin\Documents\Downloads\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\IsUn0413.exe
    c:\windows\system32\comct332.ocx
    .
    Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd
    Hersteld exemplaar van - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!userinit.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-08-23 to 2011-09-23 ))))))))))))))))))))))))))))))
    .
    .
    2011-09-23 19:07 . 2011-09-23 19:07 ——– d—–w- c:\users\TEMP\AppData\Local\temp
    2011-09-23 19:07 . 2011-09-23 19:07 ——– d—–w- c:\users\Petra\AppData\Local\temp
    2011-09-23 19:07 . 2011-09-23 19:07 ——– d—–w- c:\users\Laura\AppData\Local\temp
    2011-09-23 19:06 . 2011-09-23 19:06 ——– d—–w- c:\users\Jarno\AppData\Local\temp
    2011-09-23 19:06 . 2011-09-23 19:37 ——– d—–w- c:\users\Martin\AppData\Local\temp
    2011-09-23 19:06 . 2011-09-23 19:06 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-09-22 06:45 . 2011-09-22 06:45 ——– d—–w- c:\users\Laura\AppData\Roaming\Malwarebytes
    2011-09-22 06:44 . 2011-09-22 06:48 ——– d—–w- c:\users\Laura\AppData\Local\panda2_0dn
    2011-09-22 00:38 . 2011-09-22 00:41 ——– d—–w- c:\users\Petra\AppData\Local\panda2_0dn
    2011-09-21 21:07 . 2011-09-21 21:07 ——– d—–w- c:\users\Martin\AppData\Roaming\Malwarebytes
    2011-09-21 21:07 . 2011-09-21 21:07 ——– d—–w- c:\programdata\Malwarebytes
    2011-09-21 21:07 . 2011-09-21 21:07 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-21 21:07 . 2011-08-31 15:00 22216 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-21 20:32 . 2011-09-21 20:32 388096 —-a-r- c:\users\Martin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-09-21 20:32 . 2011-09-21 20:32 ——– d—–w- c:\program files\Trend Micro
    2011-09-21 19:35 . 2011-09-06 20:37 320856 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2011-09-21 19:35 . 2011-09-06 20:36 20568 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-09-21 19:35 . 2011-09-06 20:36 34392 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-21 19:35 . 2011-09-06 20:36 52568 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-21 19:35 . 2011-09-06 20:38 442200 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-09-21 19:35 . 2011-09-06 20:36 54616 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-09-21 19:34 . 2011-09-06 20:45 41184 —-a-w- c:\windows\avastSS.scr
    2011-09-21 19:34 . 2011-09-06 20:45 199304 —-a-w- c:\windows\system32\aswBoot.exe
    2011-09-21 19:34 . 2011-09-21 19:34 ——– d—–w- c:\programdata\AVAST Software
    2011-09-21 19:34 . 2011-09-21 19:34 ——– d—–w- c:\program files\AVAST Software
    2011-09-21 18:23 . 2011-09-21 18:27 ——– d—–w- c:\users\Martin\AppData\Local\panda2_0dn
    2011-09-14 05:01 . 2011-08-10 12:14 2409784 —-a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-09-08 18:20 . 2011-09-08 18:20 ——– dc—-w- C:\logs
    2011-09-05 05:39 . 2011-09-05 05:39 913160 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-09-04 16:15 . 2011-09-13 06:55 ——– d—–w- c:\users\Martin\AppData\Roaming\vlc
    2011-09-04 15:25 . 2011-09-04 15:25 ——– d—–w- c:\users\Martin\AppData\Roaming\CyberLink
    2011-09-04 15:24 . 2011-09-04 15:24 ——– d—–w- c:\users\Martin\AppData\Roaming\HP
    2011-08-27 22:06 . 2011-08-27 22:06 ——– d—–w- c:\program files\VS Revo Group
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-23 19:22 . 2011-09-23 19:22 56200 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E167DA7-CABA-4F33-87B9-B9624255140D}\offreg.dll
    2011-09-12 23:14 . 2011-09-23 10:36 7269712 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E167DA7-CABA-4F33-87B9-B9624255140D}\mpengine.dll
    2011-08-01 13:09 . 2011-08-12 19:32 326392 —-a-w- c:\windows\system32\GfKLSPService64.dll
    2011-08-01 13:09 . 2011-08-12 19:32 3414776 —-a-w- c:\windows\system32\GfKLSPService.exe
    2011-08-01 13:08 . 2011-05-22 18:53 269560 —-a-w- c:\windows\system32\GfKLSPService.dll
    2011-07-22 02:54 . 2011-08-13 15:34 1797632 —-a-w- c:\windows\system32\jscript9.dll
    2011-07-22 02:48 . 2011-08-13 15:34 1126912 —-a-w- c:\windows\system32\wininet.dll
    2011-07-22 02:44 . 2011-08-13 15:34 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-07-19 03:05 . 2010-05-10 17:18 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2011-07-11 13:25 . 2011-08-24 07:43 2048 —-a-w- c:\windows\system32\tzres.dll
    2011-07-06 15:31 . 2011-08-12 19:14 214016 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-28 15:37 . 2009-11-24 16:33 101720 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 20:45 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
    "Panda Security Toolbar Antiphishing"="c:\programdata\Panda Security Toolbar Antiphishing\panda2_0dn.exe" [2010-12-08 223400]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-29 19:59 937920 —-a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2007-09-10 22:43 67488 —-a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-05-27 12:52 40368 —-a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-19 07:33 125952 —-a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
    2007-07-16 16:54 311984 —-a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GfK-WatchDog]
    2011-08-01 13:08 57592 —-a-w- c:\program files\GfKLSPService\GfK-WatchDog.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-12-16 13:31 135664 —-atw- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
    2007-03-12 09:54 50696 —-a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2005-02-16 21:11 49152 —-a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
    2007-03-01 11:18 472776 —-a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher]
    2006-11-07 15:39 44128 —-a-w- c:\windows\SMINST\Launcher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]
    2007-07-16 16:54 25264 —-a-w- c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]
    2007-07-16 16:54 434864 —-a-w- c:\program files\Lexmark 3500-4500 Series\lxdimon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
    2007-02-13 09:38 159744 —-a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
    2007-04-23 16:11 176128 —-a-w- c:\program files\HP\QuickPlay\QPService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 16:38 421888 —-a-w- c:\program files\Final Codecs\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-06-09 11:06 254696 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-06-12 20:14 68856 —-a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2010-05-27 20:31 1721640 —-a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TNS NIPO Clicks]
    2011-02-02 17:52 874496 —-a-w- c:\users\Martin\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2011-04-22 12:21 247728 —-a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 07:38 1008184 —-a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-19 07:33 202240 —-a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 135664]
    R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 135664]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe [2010-05-02 5027328]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-09 691696]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
    S2 GfK-Reporting-Service;GfK-Reporting-Service;c:\program files\GfK Internet Monitor\GfK-Reporting.exe [2011-01-20 102400]
    S2 GfK-Update-Service;GfK-Update-Service;c:\program files\GfK Internet Monitor\GfK-Updater.exe [2011-01-20 180224]
    S2 GfkLSPService;GfkLSPService;c:\program files\GfKLSPService\GfKLSPService.exe [2011-08-01 3414776]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
    S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 517040]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-06-17 10:11 451872 —-a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-09-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 07:40]
    .
    2011-09-23 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-01 14:01]
    .
    2011-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 18:01]
    .
    2011-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 18:01]
    .
    2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1000Core.job
    - c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 13:31]
    .
    2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1000UA.job
    - c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 13:31]
    .
    2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1001Core.job
    - c:\users\Petra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 19:46]
    .
    2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1001UA.job
    - c:\users\Petra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 19:46]
    .
    2011-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1002Core.job
    - c:\users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-02 19:02]
    .
    2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1002UA.job
    - c:\users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-02 19:02]
    .
    2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1003Core.job
    - c:\users\Jarno\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-27 11:11]
    .
    2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1003UA.job
    - c:\users\Jarno\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-27 11:11]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.startpagina.nl/
    mStart Page = hxxp://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    LSP: c:\windows\system32\GfKLSPService.DLL
    Trusted Zone: alysis.nl\loginlight
    Trusted Zone: alysis.nl\oma00
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Toolbar-{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - (no file)
    MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
    MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
    MSConfigStartUp-L07NXLRD_21693155 - c:\program files\Microsoft Winkler Prins\Microsoft Winkler Prins Huiswerkhulp voor Leerlingen 2007 DVD\EDICT.EXE
    MSConfigStartUp-L07NXLRD_32606876 - c:\program files\Microsoft Winkler Prins\Microsoft Winkler Prins Huiswerkhulp voor Leerlingen 2007 DVD\EDICT.EXE
    MSConfigStartUp-ZoneAlarm Client - c:\program files\Zone Labs\ZoneAlarm\zlclient.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-23 21:37
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wxpSvc]
    "ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'Explorer.exe'(5372)
    c:\programdata\Panda Security Toolbar Antiphishing\panda2_0dn.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32
    vvsvc.exe
    c:\windows\system32\rundll32.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\conime.exe
    c:\windows\System32\rundll32.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    c:\windows\system32\wbem\unsecapp.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-09-23 21:46:55 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-09-23 19:46
    .
    Pre-Run: 33.446.232.064 bytes beschikbaar
    Post-Run: 34.339.266.560 bytes beschikbaar
    .
    - - End Of File - - 40FA5B1EADC58EBADB551841A75FDA18
  • Voordat we verder gaan - hoe gaat het nu en heb je nog steeds die problemen van doorlinken?
  • Ja, is nog niet over, heb er nog steeds last van.
  • Post een nieuw Hijack This-log.
  • Hoi Abraham

    Bij deze:




    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:21:43, on 25-9-2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\ProgramData\Panda Security Toolbar Antiphishing\panda2_0dn.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Gacela2 - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\GfK Internet Monitor\Gacela2.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: WakoopaBHOClass Class - {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} - C:\Users\Martin\AppData\Local\Wakoopa Shared\WakoopaBHO.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [Panda Security Toolbar Antiphishing] "C:\ProgramData\Panda Security Toolbar Antiphishing\panda2_0dn.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\GfK Internet Monitor\Gacela2.dll
    O9 - Extra 'Tools' menuitem: Informatie over GfK Internet Monitor - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\GfK Internet Monitor\Gacela2.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\gfklspservice.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\gfklspservice.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\gfklspservice.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\gfklspservice.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\gfklspservice.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GfK-Reporting-Service - Unknown owner - C:\Program Files\GfK Internet Monitor\GfK-Reporting.exe
    O23 - Service: GfK-Update-Service - Unknown owner - C:\Program Files\GfK Internet Monitor\GfK-Updater.exe
    O23 - Service: GfkLSPService - GfK - C:\Program Files\GfKLSPService\GfKLSPService.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
    O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
    vvsvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: webcamXP Service (wxpSvc) - Unknown owner - C:\Program Files\wLite\wService.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


    End of file - 8380 bytes
  • Verwijder ComboFix van jouw bureaublad en download ComboFix alvast opnieuw.

    Open een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:4e7eb1d2c3]Kladblok[/b:4e7eb1d2c3]".


    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:4e7eb1d2c3]File::
    c:\windows\system32\GfKLSPService.dll
    c:\programdata\Panda Security Toolbar Antiphishing\panda2_0dn.exe[/color:4e7eb1d2c3][/b:4e7eb1d2c3]

    Sla dit kladblokbestand op je bureaublad op als [b:4e7eb1d2c3]CFScript.txt[/b:4e7eb1d2c3].

    [b:4e7eb1d2c3]Nu eerst de antivirus deaktiveren![/color:4e7eb1d2c3][/b:4e7eb1d2c3]


    Sleep CFScript.txt in ComboFix.exe


    [img:4e7eb1d2c3]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/img:4e7eb1d2c3]

    Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.


    Post het Combofix log dat na het opnieuw starten wordt getoond!
  • ComboFix 11-09-24.04 - Martin 25-09-2011 20:36:35.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1982.1139 [GMT 2:00]
    Gestart vanuit: c:\users\Martin\Documents\Downloads\Downloads\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Martin\Desktop\CFScript.txt. - Snelkoppeling.lnk
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-08-25 to 2011-09-25 ))))))))))))))))))))))))))))))
    .
    .
    2011-09-25 19:04 . 2011-09-25 19:04 ——– d—–w- c:\users\Martin\AppData\Local\temp
    2011-09-25 19:04 . 2011-09-25 19:04 ——– d—–w- c:\users\TEMP\AppData\Local\temp
    2011-09-25 19:04 . 2011-09-25 19:04 ——– d—–w- c:\users\Petra\AppData\Local\temp
    2011-09-25 19:04 . 2011-09-25 19:04 ——– d—–w- c:\users\Laura\AppData\Local\temp
    2011-09-25 19:04 . 2011-09-25 19:04 ——– d—–w- c:\users\Jarno\AppData\Local\temp
    2011-09-25 19:04 . 2011-09-25 19:04 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-09-25 14:16 . 2011-09-25 14:16 56200 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E167DA7-CABA-4F33-87B9-B9624255140D}\offreg.dll
    2011-09-24 19:38 . 2011-09-24 19:38 ——– d—–w- c:\program files\Common Files\iS3
    2011-09-24 19:38 . 2011-09-25 18:11 ——– d—–w- c:\programdata\STOPzilla!
    2011-09-23 10:36 . 2011-09-12 23:14 7269712 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E167DA7-CABA-4F33-87B9-B9624255140D}\mpengine.dll
    2011-09-22 06:45 . 2011-09-22 06:45 ——– d—–w- c:\users\Laura\AppData\Roaming\Malwarebytes
    2011-09-22 06:44 . 2011-09-22 06:48 ——– d—–w- c:\users\Laura\AppData\Local\panda2_0dn
    2011-09-22 00:38 . 2011-09-22 00:41 ——– d—–w- c:\users\Petra\AppData\Local\panda2_0dn
    2011-09-21 21:07 . 2011-09-21 21:07 ——– d—–w- c:\users\Martin\AppData\Roaming\Malwarebytes
    2011-09-21 21:07 . 2011-09-21 21:07 ——– d—–w- c:\programdata\Malwarebytes
    2011-09-21 21:07 . 2011-09-21 21:07 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-21 21:07 . 2011-08-31 15:00 22216 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-21 20:32 . 2011-09-21 20:32 388096 —-a-r- c:\users\Martin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-09-21 20:32 . 2011-09-21 20:32 ——– d—–w- c:\program files\Trend Micro
    2011-09-21 19:35 . 2011-09-06 20:37 320856 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2011-09-21 19:35 . 2011-09-06 20:36 20568 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-09-21 19:35 . 2011-09-06 20:36 34392 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-21 19:35 . 2011-09-06 20:36 52568 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-21 19:35 . 2011-09-06 20:38 442200 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-09-21 19:35 . 2011-09-06 20:36 54616 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-09-21 19:34 . 2011-09-06 20:45 41184 —-a-w- c:\windows\avastSS.scr
    2011-09-21 19:34 . 2011-09-06 20:45 199304 —-a-w- c:\windows\system32\aswBoot.exe
    2011-09-21 19:34 . 2011-09-21 19:34 ——– d—–w- c:\programdata\AVAST Software
    2011-09-21 19:34 . 2011-09-21 19:34 ——– d—–w- c:\program files\AVAST Software
    2011-09-21 18:23 . 2011-09-21 18:27 ——– d—–w- c:\users\Martin\AppData\Local\panda2_0dn
    2011-09-14 05:01 . 2011-08-10 12:14 2409784 —-a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-09-08 18:20 . 2011-09-08 18:20 ——– dc—-w- C:\logs
    2011-09-05 05:39 . 2011-09-05 05:39 913160 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-09-04 16:15 . 2011-09-13 06:55 ——– d—–w- c:\users\Martin\AppData\Roaming\vlc
    2011-09-04 15:25 . 2011-09-04 15:25 ——– d—–w- c:\users\Martin\AppData\Roaming\CyberLink
    2011-09-04 15:24 . 2011-09-04 15:24 ——– d—–w- c:\users\Martin\AppData\Roaming\HP
    2011-08-27 22:06 . 2011-08-27 22:06 ——– d—–w- c:\program files\VS Revo Group
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-01 13:09 . 2011-08-12 19:32 326392 —-a-w- c:\windows\system32\GfKLSPService64.dll
    2011-08-01 13:09 . 2011-08-12 19:32 3414776 —-a-w- c:\windows\system32\GfKLSPService.exe
    2011-08-01 13:08 . 2011-05-22 18:53 269560 —-a-w- c:\windows\system32\GfKLSPService.dll
    2011-07-22 02:54 . 2011-08-13 15:34 1797632 —-a-w- c:\windows\system32\jscript9.dll
    2011-07-22 02:48 . 2011-08-13 15:34 1126912 —-a-w- c:\windows\system32\wininet.dll
    2011-07-22 02:44 . 2011-08-13 15:34 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-07-19 03:05 . 2010-05-10 17:18 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2011-07-11 13:25 . 2011-08-24 07:43 2048 —-a-w- c:\windows\system32\tzres.dll
    2011-07-06 15:31 . 2011-08-12 19:14 214016 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-28 15:37 . 2009-11-24 16:33 101720 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 20:45 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Panda Security Toolbar Antiphishing"="c:\programdata\Panda Security Toolbar Antiphishing\panda2_0dn.exe" [2010-12-08 223400]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-29 19:59 937920 —-a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2007-09-10 22:43 67488 —-a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-05-27 12:52 40368 —-a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-19 07:33 125952 —-a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
    2007-07-16 16:54 311984 —-a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GfK-WatchDog]
    2011-08-01 13:08 57592 —-a-w- c:\program files\GfKLSPService\GfK-WatchDog.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-12-16 13:31 135664 —-atw- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
    2007-03-12 09:54 50696 —-a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2005-02-16 21:11 49152 —-a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
    2007-03-01 11:18 472776 —-a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher]
    2006-11-07 15:39 44128 —-a-w- c:\windows\SMINST\Launcher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]
    2007-07-16 16:54 25264 —-a-w- c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]
    2007-07-16 16:54 434864 —-a-w- c:\program files\Lexmark 3500-4500 Series\lxdimon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
    2007-02-13 09:38 159744 —-a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
    2007-04-23 16:11 176128 —-a-w- c:\program files\HP\QuickPlay\QPService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 16:38 421888 —-a-w- c:\program files\Final Codecs\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-06-09 11:06 254696 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-06-12 20:14 68856 —-a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2010-05-27 20:31 1721640 —-a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TNS NIPO Clicks]
    2011-02-02 17:52 874496 —-a-w- c:\users\Martin\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2011-04-22 12:21 247728 —-a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 07:38 1008184 —-a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-19 07:33 202240 —-a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 135664]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 135664]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
    S2 GfK-Reporting-Service;GfK-Reporting-Service;c:\program files\GfK Internet Monitor\GfK-Reporting.exe [2011-01-20 102400]
    S2 GfK-Update-Service;GfK-Update-Service;c:\program files\GfK Internet Monitor\GfK-Updater.exe [2011-01-20 180224]
    S2 GfkLSPService;GfkLSPService;c:\program files\GfKLSPService\GfKLSPService.exe [2011-08-01 3414776]
    .
    .
    — Andere Services/Drivers In Geheugen —
    .
    *Deregistered* - Lavasoft Kernexplorer
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-06-17 10:11 451872 —-a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-09-25 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-01 14:01]
    .
    2011-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 18:01]
    .
    2011-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 18:01]
    .
    2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1000Core.job
    - c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 13:31]
    .
    2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1000UA.job
    - c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 13:31]
    .
    2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1001Core.job
    - c:\users\Petra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 19:46]
    .
    2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1001UA.job
    - c:\users\Petra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 19:46]
    .
    2011-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1002Core.job
    - c:\users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-02 19:02]
    .
    2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1002UA.job
    - c:\users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-02 19:02]
    .
    2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1003Core.job
    - c:\users\Jarno\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-27 11:11]
    .
    2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1003UA.job
    - c:\users\Jarno\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-27 11:11]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.startpagina.nl/
    mStart Page = hxxp://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    LSP: c:\windows\system32\GfKLSPService.DLL
    Trusted Zone: alysis.nl\loginlight
    Trusted Zone: alysis.nl\oma00
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-25 21:04
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wxpSvc]
    "ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Voltooingstijd: 2011-09-25 21:10:05
    ComboFix-quarantined-files.txt 2011-09-25 19:10
    ComboFix2.txt 2011-09-23 19:46
    .
    Pre-Run: 35.563.442.176 bytes beschikbaar
    Post-Run: 34.949.943.296 bytes beschikbaar
    .
    - - End Of File - - 059FDD3BC6F1AEC3CFB5AF112768191D
  • Het script heeft niet gewerkt.
    Had jij comboFix wel met administratorrechten opgestart?

    Zo niet, dan de hele handeling opnieuw doen!
  • Bij deze nog een keer:



    ComboFix 11-09-26.01 - Martin 26-09-2011 15:37:39.3.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1982.1059 [GMT 2:00]
    Gestart vanuit: c:\users\Martin\Documents\Downloads\Downloads\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Martin\Desktop\CFScript.txt. - Snelkoppeling.lnk
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd
    Hersteld exemplaar van - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!userinit.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-08-26 to 2011-09-26 ))))))))))))))))))))))))))))))
    .
    .
    2011-09-26 13:56 . 2011-09-26 14:02 ——– d—–w- c:\users\Martin\AppData\Local\temp
    2011-09-26 13:56 . 2011-09-26 13:56 ——– d—–w- c:\users\TEMP\AppData\Local\temp
    2011-09-26 13:56 . 2011-09-26 13:56 ——– d—–w- c:\users\Petra\AppData\Local\temp
    2011-09-26 13:56 . 2011-09-26 13:56 ——– d—–w- c:\users\Laura\AppData\Local\temp
    2011-09-26 13:56 . 2011-09-26 13:56 ——– d—–w- c:\users\Jarno\AppData\Local\temp
    2011-09-26 13:56 . 2011-09-26 13:56 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-09-24 19:38 . 2011-09-24 19:38 ——– d—–w- c:\program files\Common Files\iS3
    2011-09-24 19:38 . 2011-09-25 18:11 ——– d—–w- c:\programdata\STOPzilla!
    2011-09-22 06:45 . 2011-09-22 06:45 ——– d—–w- c:\users\Laura\AppData\Roaming\Malwarebytes
    2011-09-22 06:44 . 2011-09-22 06:48 ——– d—–w- c:\users\Laura\AppData\Local\panda2_0dn
    2011-09-22 00:38 . 2011-09-22 00:41 ——– d—–w- c:\users\Petra\AppData\Local\panda2_0dn
    2011-09-21 21:07 . 2011-09-21 21:07 ——– d—–w- c:\users\Martin\AppData\Roaming\Malwarebytes
    2011-09-21 21:07 . 2011-09-21 21:07 ——– d—–w- c:\programdata\Malwarebytes
    2011-09-21 21:07 . 2011-09-21 21:07 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-21 21:07 . 2011-08-31 15:00 22216 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-21 20:32 . 2011-09-21 20:32 388096 —-a-r- c:\users\Martin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-09-21 20:32 . 2011-09-21 20:32 ——– d—–w- c:\program files\Trend Micro
    2011-09-21 19:35 . 2011-09-06 20:37 320856 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2011-09-21 19:35 . 2011-09-06 20:36 20568 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-09-21 19:35 . 2011-09-06 20:36 34392 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-21 19:35 . 2011-09-06 20:36 52568 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-21 19:35 . 2011-09-06 20:38 442200 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-09-21 19:35 . 2011-09-06 20:36 54616 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-09-21 19:34 . 2011-09-06 20:45 41184 —-a-w- c:\windows\avastSS.scr
    2011-09-21 19:34 . 2011-09-06 20:45 199304 —-a-w- c:\windows\system32\aswBoot.exe
    2011-09-21 19:34 . 2011-09-21 19:34 ——– d—–w- c:\programdata\AVAST Software
    2011-09-21 19:34 . 2011-09-21 19:34 ——– d—–w- c:\program files\AVAST Software
    2011-09-21 18:23 . 2011-09-21 18:27 ——– d—–w- c:\users\Martin\AppData\Local\panda2_0dn
    2011-09-14 05:01 . 2011-08-10 12:14 2409784 —-a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-09-08 18:20 . 2011-09-08 18:20 ——– dc—-w- C:\logs
    2011-09-05 05:39 . 2011-09-05 05:39 913160 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-09-04 16:15 . 2011-09-13 06:55 ——– d—–w- c:\users\Martin\AppData\Roaming\vlc
    2011-09-04 15:25 . 2011-09-04 15:25 ——– d—–w- c:\users\Martin\AppData\Roaming\CyberLink
    2011-09-04 15:24 . 2011-09-04 15:24 ——– d—–w- c:\users\Martin\AppData\Roaming\HP
    2011-08-27 22:06 . 2011-08-27 22:06 ——– d—–w- c:\program files\VS Revo Group
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-26 13:58 . 2011-09-26 13:58 56200 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E167DA7-CABA-4F33-87B9-B9624255140D}\offreg.dll
    2011-09-12 23:14 . 2011-09-23 10:36 7269712 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E167DA7-CABA-4F33-87B9-B9624255140D}\mpengine.dll
    2011-08-01 13:09 . 2011-08-12 19:32 326392 —-a-w- c:\windows\system32\GfKLSPService64.dll
    2011-08-01 13:09 . 2011-08-12 19:32 3414776 —-a-w- c:\windows\system32\GfKLSPService.exe
    2011-08-01 13:08 . 2011-05-22 18:53 269560 —-a-w- c:\windows\system32\GfKLSPService.dll
    2011-07-22 02:54 . 2011-08-13 15:34 1797632 —-a-w- c:\windows\system32\jscript9.dll
    2011-07-22 02:48 . 2011-08-13 15:34 1126912 —-a-w- c:\windows\system32\wininet.dll
    2011-07-22 02:44 . 2011-08-13 15:34 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-07-19 03:05 . 2010-05-10 17:18 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2011-07-11 13:25 . 2011-08-24 07:43 2048 —-a-w- c:\windows\system32\tzres.dll
    2011-07-06 15:31 . 2011-08-12 19:14 214016 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-28 15:37 . 2009-11-24 16:33 101720 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 20:45 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Panda Security Toolbar Antiphishing"="c:\programdata\Panda Security Toolbar Antiphishing\panda2_0dn.exe" [2010-12-08 223400]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-29 19:59 937920 —-a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2007-09-10 22:43 67488 —-a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-05-27 12:52 40368 —-a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-19 07:33 125952 —-a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
    2007-07-16 16:54 311984 —-a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GfK-WatchDog]
    2011-08-01 13:08 57592 —-a-w- c:\program files\GfKLSPService\GfK-WatchDog.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-12-16 13:31 135664 —-atw- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
    2007-03-12 09:54 50696 —-a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2005-02-16 21:11 49152 —-a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
    2007-03-01 11:18 472776 —-a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher]
    2006-11-07 15:39 44128 —-a-w- c:\windows\SMINST\Launcher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]
    2007-07-16 16:54 25264 —-a-w- c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]
    2007-07-16 16:54 434864 —-a-w- c:\program files\Lexmark 3500-4500 Series\lxdimon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
    2007-02-13 09:38 159744 —-a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
    2007-04-23 16:11 176128 —-a-w- c:\program files\HP\QuickPlay\QPService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 16:38 421888 —-a-w- c:\program files\Final Codecs\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-06-09 11:06 254696 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-06-12 20:14 68856 —-a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2010-05-27 20:31 1721640 —-a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TNS NIPO Clicks]
    2011-02-02 17:52 874496 —-a-w- c:\users\Martin\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2011-04-22 12:21 247728 —-a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 07:38 1008184 —-a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-19 07:33 202240 —-a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 135664]
    R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 135664]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe [2010-05-02 5027328]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-09 691696]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
    S2 GfK-Reporting-Service;GfK-Reporting-Service;c:\program files\GfK Internet Monitor\GfK-Reporting.exe [2011-01-20 102400]
    S2 GfK-Update-Service;GfK-Update-Service;c:\program files\GfK Internet Monitor\GfK-Updater.exe [2011-01-20 180224]
    S2 GfkLSPService;GfkLSPService;c:\program files\GfKLSPService\GfKLSPService.exe [2011-08-01 3414776]
    S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 517040]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-06-17 10:11 451872 —-a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-09-26 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-01 14:01]
    .
    2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 18:01]
    .
    2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 18:01]
    .
    2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1000Core.job
    - c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 13:31]
    .
    2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1000UA.job
    - c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 13:31]
    .
    2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1001Core.job
    - c:\users\Petra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 19:46]
    .
    2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1001UA.job
    - c:\users\Petra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 19:46]
    .
    2011-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1002Core.job
    - c:\users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-02 19:02]
    .
    2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1002UA.job
    - c:\users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-02 19:02]
    .
    2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1003Core.job
    - c:\users\Jarno\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-27 11:11]
    .
    2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1003UA.job
    - c:\users\Jarno\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-27 11:11]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.startpagina.nl/
    mStart Page = hxxp://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    LSP: c:\windows\system32\GfKLSPService.DLL
    Trusted Zone: alysis.nl\loginlight
    Trusted Zone: alysis.nl\oma00
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-26 16:02
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wxpSvc]
    "ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'Explorer.exe'(4296)
    c:\programdata\Panda Security Toolbar Antiphishing\panda2_0dn.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32
    vvsvc.exe
    c:\windows\system32\rundll32.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\windows\system32\conime.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-09-26 16:12:25 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-09-26 14:12
    ComboFix2.txt 2011-09-25 19:10
    ComboFix3.txt 2011-09-23 19:46
    .
    Pre-Run: 34.846.351.360 bytes beschikbaar
    Post-Run: 34.905.300.992 bytes beschikbaar
    .
    - - End Of File - - 7298D4B295E7D06824159FAB0752BA96
  • Er zijn dus drie gebruikers in deze Windows.
    Zijn alle accounts met beheerdersrechten?

    En wie van deze drie gebruikers heeft er voor gezorgd dat van http://www.nurago.com/en er bestanden in de PC staan die feitelijk spyware zijn!

    Datzelfde geldt voor de Panda securitybar, een van de drie heeft ervoor gezorgd dat dit kreng in Windows is terchtgekomen!

    En mogelijk - net als met Nurago heb jij geen rechten om een en ander te verwijderen!

    Maar we proberen het nogmaals:

    open wederom een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:b6fb463bb8]Kladblok[/b:b6fb463bb8]".


    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:b6fb463bb8]File::
    c:\users\Laura\AppData\Local\panda2_0dn
    c:\users\Petra\AppData\Local\panda2_0dn
    c:\users\Martin\AppData\Local\panda2_0dn
    c:\programdata\Panda Security Toolbar Antiphishing\panda2_0dn.dll

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Panda Security Toolbar Antiphishing"="-
    [/b:b6fb463bb8]


    Sla dit kladblokbestand op je bureaublad op als [b:b6fb463bb8]CFScript.txt[/b:b6fb463bb8].

    [b:b6fb463bb8]Nu eerst de antivirus deaktiveren![/b:b6fb463bb8]


    Sleep CFScript.txt in ComboFix.exe


    [img:b6fb463bb8]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/img:b6fb463bb8]

    Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.


    Post het Combofix-log dat na het opnieuw starten wordt getoond via de kleurcodeerder!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.