Vraag & Antwoord

Beveiliging & privacy

pandadomainadvisor

26 antwoorden
  • Sinds een paar dagen worden bijna alle links doorgelinkt naar www.pandadomainadvisor.com. Zelfs de startpagina wordt overgenomen,en daarvandaan kom je niet verder. Ik heb al diverse spyware en malware scans gedaan maar dat heeft niet geholpen. Wie heeft er een idee???
  • Hoi radlab, het volgende: [b:1668fe7b85]ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:1668fe7b85] [color=#0000FF:1668fe7b85][list:1668fe7b85][*:1668fe7b85]Lees alle instrukties goed door. [*:1668fe7b85]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat serieuze problemen in Windows veroorzaken. [*:1668fe7b85]Onthou je van het gebruik van tools cq. updates anders dan die ik jou adviseer te gebruiken. [*:1668fe7b85]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken. [*:1668fe7b85]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht. [*:1668fe7b85]De fix, eenmaal gestart, moet afgewerkt worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:1668fe7b85][/color:1668fe7b85] [color=#FF0000:1668fe7b85][b:1668fe7b85]Stap •1•[/b:1668fe7b85][/color:1668fe7b85] [b:1668fe7b85]Welk programma[/b:1668fe7b85]: Trend Micro [b:1668fe7b85]Hijack This Versie 2.0.4[/b:1668fe7b85] [b:1668fe7b85]Waarvoor/waarom[/b:1668fe7b85]: maakt een duidelijk overzicht van Windows door middel van een scan. [b:1668fe7b85]Moeilijkheidsgraad[/b:1668fe7b85]: geen, enkel Vista- en Win 7 gebruikers dienen even extra aandacht te geven. [b:1668fe7b85]Download[/b:1668fe7b85] de [url=http://www.trendmicro.com/ftp/products/hijackthis/HiJackThis.msi][b:1668fe7b85]HijackThis Installer[/b:1668fe7b85][/url] [b:1668fe7b85]Installatie[/b:1668fe7b85]: [list:1668fe7b85][*:1668fe7b85]Installeer HijackThis op de aangegeven lokatie - daarmee wordt voorkomen dat eventuele back-ups niet terugvindbaar zijn![/list:u:1668fe7b85] Gebruikers van [b:1668fe7b85]Windows Vista[/b:1668fe7b85] en [b:1668fe7b85]Windows 7[/b:1668fe7b85] gaan daarna naar de installatielokatie van HijackThis. [list:1668fe7b85][*:1668fe7b85]Vervolgens met rechts "hijackthis.exe" aanklikken en dan "Eigenschappen" kiezen. [*:1668fe7b85]Klik nu op de tab "Comptabiliteit" en zet dan een vinkje bij "Als Administrator uitvoeren". [*:1668fe7b85]Als laatste wordt dan nog op [b:1668fe7b85]Toepassen[/b:1668fe7b85] en [b:1668fe7b85]OK[/b:1668fe7b85] geklikt[/list:u:1668fe7b85] [b:1668fe7b85]Hijack This gebruiken[/b:1668fe7b85]: [list:1668fe7b85][*:1668fe7b85]Sluit eerst alle openstaande programma's en de webbrowsers. [*:1668fe7b85]Start nu 'Hijack This' en klik vervolgens op de knop 'Do a system scan and save a logfile' [list:1668fe7b85][*:1668fe7b85]Start HijackThis op met het scanvenster, klik dan eerst op de knop 'Main Menu'[/list:u:1668fe7b85] [*:1668fe7b85]Sluit nu alle openstaande vensters en start vervolgens 'HijackThis' en kies voor 'Do a system scan and save a logfile'. [*:1668fe7b85]Kopieer en plak de inhoud van het Hijack This-logfile in je aansluitende bericht. [*:1668fe7b85]Hierna mag je Hijack This weer sluiten[/list:u:1668fe7b85] [color=#FF0000:1668fe7b85][b:1668fe7b85]Stap •2•[/b:1668fe7b85][/color:1668fe7b85] [b:1668fe7b85]Welk programma[/b:1668fe7b85]: Microsoft Safety Scanner [b:1668fe7b85]Waarvoor/waarom[/b:1668fe7b85]: specialistische scanner van Microsoft om Windows snel te onderzoeken op- en te ontdoen van spy- & malware. [b:1668fe7b85]Moeilijkheidsgraad[/b:1668fe7b85]: geen. [quote:1668fe7b85][b:1668fe7b85][color=#0000FF:1668fe7b85]Opmerking: Microsoft Safety Scanner verloopt 10 dagen nadat het is gedownload. Als u opnieuw een scan wilt uitvoeren met de nieuwste definities ter voorkoming van schadelijke software, downloadt u Microsoft Safety Scanner opnieuw en voert u het opnieuw uit.[/color:1668fe7b85][/b:1668fe7b85][/quote:1668fe7b85] Dowload de [b:1668fe7b85]Microsoft Safety Scanner [/b:1668fe7b85][url=http://www.microsoft.com/security/scanner/nl-nl/default.aspx]hier[/url]. Windows 2000 en Windows XP: start Microsoft's Safety Scanner middels dubbelklik op de snelkoppeling. Windows Vista en Windows 7: start Microsoft's Safety Scanner middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren. Zet vervolgens een vinkje bij "Ik accepteer de voorwaarden van de bovenstaande gebruiksovereenkomst". [b:1668fe7b85]Scannen[/b:1668fe7b85]: [list:1668fe7b85][*:1668fe7b85] Bij het starten van 'Microsoft's Safety Scanner', klik op de knop "Volgende", vervolgens kies je voor 'Snelle Scan'. [*:1668fe7b85]Het scannen duurt wel even, dus wees geduldig.[/list:u:1668fe7b85] [color=#FF0000:1668fe7b85][b:1668fe7b85]Stap •3•[/b:1668fe7b85][/color:1668fe7b85] [b:1668fe7b85]Welk programma[/b:1668fe7b85]: Malwarebytes MBAM [b:1668fe7b85]Waarvoor/waarom[/b:1668fe7b85]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware. [b:1668fe7b85]Moeilijkheidsgraad[/b:1668fe7b85]: geen. [b:1668fe7b85]Download Malwarebytes MBAM via één van deze locaties[/b:1668fe7b85]: [list:1668fe7b85][*:1668fe7b85][url=http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?][b:1668fe7b85]Download.com[/b:1668fe7b85][/url] [*:1668fe7b85][url=http://www.softpedia.com/result.php?sid=&pid=1-423&r=Z2V0L0FudGl2aXJ1cy9NYWx3YXJlYnl0ZXMtQW50aS1NYWx3YXJlLnNodG1s][b:1668fe7b85]Softpedia.com[/b:1668fe7b85][/url][*:1668fe7b85][url=http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html][b:1668fe7b85]Majorgeeks.com[/b:1668fe7b85][/url][/list:u:1668fe7b85] [b:1668fe7b85]Allereerst[/b:1668fe7b85]:[list:1668fe7b85][*:1668fe7b85] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus. [*:1668fe7b85] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'! [/list:u:1668fe7b85] [b:1668fe7b85]Malwarebytes MBAM opstarten[/b:1668fe7b85]: Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling. Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren. [list:1668fe7b85][*:1668fe7b85][b:1668fe7b85]Let op:[/b:1668fe7b85] [list:1668fe7b85][*:1668fe7b85]Malwarebytes verstrekt nu de volledige versie van MBAM. [*:1668fe7b85]Bij de eerstse start kijg je de mogelijkheid de volledige versie te gebruiken of de gratis versie. [*:1668fe7b85]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken. [*:1668fe7b85]Zodoende zal MBAM als gratis versie verder te gebruiken zijn[/list:u:1668fe7b85][/list:u:1668fe7b85] [img:1668fe7b85]http://img30.imageshack.us/img30/3928/mbam2.png[/img:1668fe7b85] [list:1668fe7b85][*:1668fe7b85][b:1668fe7b85]Doe ook nog het volgende:[/b:1668fe7b85] [list:1668fe7b85][*:1668fe7b85]Zodra het programma gestart is, ga dan naar het tabblad "[b:1668fe7b85]Instellingen[/b:1668fe7b85]". [*:1668fe7b85]Vink hier aan: "[b:1668fe7b85]Sluit Internet Explorer tijdens verwijdering van malware[/b:1668fe7b85]".[/list:u:1668fe7b85][/list:u:1668fe7b85] [b:1668fe7b85]Scannen[/b:1668fe7b85]: [list:1668fe7b85][*:1668fe7b85] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'. [*:1668fe7b85]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'. [*:1668fe7b85]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:1668fe7b85] [b:1668fe7b85]Infecties gevonden[/b:1668fe7b85]: [list:1668fe7b85][*:1668fe7b85]Klik nu eerst op OK om de melding weg te klikken [*:1668fe7b85]Klik vervolgens rechtsonder op de knop Bekijk resultaten. [*:1668fe7b85]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde. [*:1668fe7b85]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [*:1668fe7b85]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken! [*:1668fe7b85]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:1668fe7b85] [b:1668fe7b85]MBAM-Log[/b:1668fe7b85]: [list:1668fe7b85][*:1668fe7b85] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:1668fe7b85] [b:1668fe7b85]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:1668fe7b85] [color=#FF0000:1668fe7b85][b:1668fe7b85]Stap •4•[/b:1668fe7b85][/color:1668fe7b85] [b:1668fe7b85]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:1668fe7b85] [list:1668fe7b85][*:1668fe7b85] een nieuw Hijackthis-log [*:1668fe7b85] MBAM scanlog[/list:u:1668fe7b85]
  • Hallo Abraham Alvast dank voor je aandacht in deze Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:42:21, on 21-9-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Windows\System32\rundll32.exe C:\ProgramData\Panda Security Toolbar Antiphishing\panda2_0dn.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\windows defender\MSASCui.exe C:\Windows\explorer.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Internet Explorer\IELowutil.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Gacela2 - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\GfK Internet Monitor\Gacela2.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: WakoopaBHOClass Class - {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} - C:\Users\Martin\AppData\Local\Wakoopa Shared\WakoopaBHO.dll O3 - Toolbar: (no name) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Panda Security Toolbar Antiphishing] "C:\ProgramData\Panda Security Toolbar Antiphishing\panda2_0dn.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\GfK Internet Monitor\Gacela2.dll O9 - Extra 'Tools' menuitem: Informatie over GfK Internet Monitor - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\GfK Internet Monitor\Gacela2.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\gfklspservice.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\gfklspservice.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\gfklspservice.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\gfklspservice.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\gfklspservice.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GfK-Reporting-Service - Unknown owner - C:\Program Files\GfK Internet Monitor\GfK-Reporting.exe O23 - Service: GfK-Update-Service - Unknown owner - C:\Program Files\GfK Internet Monitor\GfK-Updater.exe O23 - Service: GfkLSPService - GfK - C:\Program Files\GfKLSPService\GfKLSPService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: webcamXP Service (wxpSvc) - Unknown owner - C:\Program Files\wLite\wService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9658 bytes Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Databaseversie: 7765 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 21-9-2011 23:40:24 mbam-log-2011-09-21 (23-40-24).txt Scantype: Snelle scan Objecten gescand: 276018 Verstreken tijd: 28 minuut/minuten, 51 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: c:\Users\Jarno\downloads\com izumi old offender 3.apk.exe (PUP.FileHunter) -> Quarantined and deleted successfully. Hopelijk kun je hier iets mee Radlab
  • We gaan nu de MBR van de HD controleren! [color=#FF0000:6e02b80c44][b:6e02b80c44]Stap •1•[/b:6e02b80c44][/color:6e02b80c44] [[b:6e02b80c44]Welk programma[/b:6e02b80c44]: Kaspersky [b:6e02b80c44]TDSSKiller[/b:6e02b80c44] [b:6e02b80c44]Waarvoor/waarom[/b:6e02b80c44]: Rootkitscanner [b:6e02b80c44]Moeilijkheidsgraad[/b:6e02b80c44]: geen [b:6e02b80c44]Downloadlokatie[/b:6e02b80c44]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen! [b:6e02b80c44]Download[/b:6e02b80c44] [b:6e02b80c44]TDSSKiller[/b:6e02b80c44] [url=http://support.kaspersky.com/downloads/utils/tdsskiller.zip][b:6e02b80c44]hier[/b:6e02b80c44][/url]. [b:6e02b80c44]Installatie[/b:6e02b80c44]: [list:6e02b80c44][*:6e02b80c44] pak het bestand uit op je bureaublad.[/list:u:6e02b80c44] [b:6e02b80c44]TDSSKiller gebruiken[/b:6e02b80c44]: [list:6e02b80c44][*:6e02b80c44]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe. [*:6e02b80c44]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:6e02b80c44]Als Administrator uitvoeren[/b:6e02b80c44]. [*:6e02b80c44]Idien TDSSKiller met een bericht komt over een beschikbare update, dan voer je deze eerst uit.[/list:u:6e02b80c44] [img:6e02b80c44]http://www.imgdumper.nl/uploads4/4dc1d6438f791/4dc1d6438d897-TDSSKiller_2011-05-05_00-26-21.jpg[/img:6e02b80c44] [list:6e02b80c44][*:6e02b80c44]Klik vervolgens op de knop [b:6e02b80c44]"Start Scan"[/b:6e02b80c44] en volg de instructies. [*:6e02b80c44] Nadat de scan klaar is klik je op de knop [b:6e02b80c44]"Report"[/b:6e02b80c44]. [*:6e02b80c44]Er opent een kladblokbestand. Post de inhoud van dit bestand. [list:6e02b80c44][*:6e02b80c44][b:6e02b80c44]Herstart de pc indien TDSSKiller die optie aangeeft (Reboot now).[/b:6e02b80c44] [*:6e02b80c44]Wanneer het opnieuw opstarten noodzakelijk is, vind je de logfile in [b:6e02b80c44]C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt[/b:6e02b80c44][/list:u:6e02b80c44][/list:u:6e02b80c44] [color=#FF0000:6e02b80c44][b:6e02b80c44]Stap •2•[/b:6e02b80c44][/color:6e02b80c44] [b:6e02b80c44]Welk programma[/b:6e02b80c44]: "aswMBR.exe' [b:6e02b80c44]Waarvoor/waarom[/b:6e02b80c44]: MBR-Rootkitscanner [b:6e02b80c44]Moeilijkheidsgraad[/b:6e02b80c44]: geen [b:6e02b80c44]Downloadlokatie[/b:6e02b80c44]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen! [b:6e02b80c44]Download[/b:6e02b80c44] [b:6e02b80c44]aswMBR.exe[/b:6e02b80c44] [url=http://public.avast.com/~gmerek/aswMBR.exe][b:6e02b80c44]hier[/b:6e02b80c44][/url]. [b:6e02b80c44]aswMBR.exe gebruiken[/b:6e02b80c44]: [list:6e02b80c44][*:6e02b80c44]Windows 2000 en Windows XP: start "aswMBR.exe" middels dubbelklik op "aswMBR.exe". [*:6e02b80c44]Windows Vista en Windows 7: start "aswMBR.exe" middels rechtsklik op "aswMBR.exe" en kies jij voor [b:6e02b80c44]Als Administrator uitvoeren[/b:6e02b80c44].[/list:u:6e02b80c44] [img:6e02b80c44]http://www.imgdumper.nl/uploads4/4db3f87694fe9/4db3f87693886-aswmbrscan.gif[/img:6e02b80c44] [list:6e02b80c44][*:6e02b80c44] Klik nu in het zwarte scherm op de knop [b:6e02b80c44]Scan[/b:6e02b80c44] [*:6e02b80c44] Als de melding "Scan finished successfully" komt, klik dan vervolgens op de knop [b:6e02b80c44]Save log[/b:6e02b80c44][/list:u:6e02b80c44] [img:6e02b80c44]http://www.imgdumper.nl/uploads4/4db3f8e71343a/4db3f8e71288d-aswmbrsavelog.gif[/img:6e02b80c44] [list:6e02b80c44][*:6e02b80c44] Het makkelijkst is het, als opslaglokatie voor het log gewoon het bureaublad te kiezen. [*:6e02b80c44] Tevens vindt je nu op het bureaublad ook het bestand [b:6e02b80c44]MBR.dat[/b:6e02b80c44]! [*:6e02b80c44] [b:6e02b80c44]MBR.dat[/b:6e02b80c44] is een backupbestand, bewaar dat dus voorlopig. [*:6e02b80c44] Ook op het bureaublad staat een kladbloktekst-document genaamd [b:6e02b80c44]aswMBR.txt[/b:6e02b80c44] [*:6e02b80c44] Post de inhoud van [b:6e02b80c44]aswMBR.txt[/b:6e02b80c44] in jouw volgende bericht.[/list:u:6e02b80c44] [color=#FF0000:6e02b80c44][b:6e02b80c44]Stap •3•[/b:6e02b80c44][/color:6e02b80c44] [b:6e02b80c44]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:6e02b80c44] [list:6e02b80c44][*:6e02b80c44] TDSSKiller-log [*:6e02b80c44] aswMBR.txt-log [/list:u:6e02b80c44]
  • Hallo Abraham Hierbij de gevraagde logs: 2011/09/22 20:17:43.0425 2976 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10 2011/09/22 20:17:43.0810 2976 ================================================================================ 2011/09/22 20:17:43.0810 2976 SystemInfo: 2011/09/22 20:17:43.0810 2976 2011/09/22 20:17:43.0811 2976 OS Version: 6.0.6002 ServicePack: 2.0 2011/09/22 20:17:43.0811 2976 Product type: Workstation 2011/09/22 20:17:43.0811 2976 ComputerName: PC_VAN_MARTIN 2011/09/22 20:17:43.0811 2976 UserName: Martin 2011/09/22 20:17:43.0811 2976 Windows directory: C:\Windows 2011/09/22 20:17:43.0811 2976 System windows directory: C:\Windows 2011/09/22 20:17:43.0811 2976 Processor architecture: Intel x86 2011/09/22 20:17:43.0811 2976 Number of processors: 2 2011/09/22 20:17:43.0811 2976 Page size: 0x1000 2011/09/22 20:17:43.0811 2976 Boot type: Normal boot 2011/09/22 20:17:43.0811 2976 ================================================================================ 2011/09/22 20:17:45.0622 2976 Initialize success 2011/09/22 20:17:54.0496 6448 ================================================================================ 2011/09/22 20:17:54.0496 6448 Scan started 2011/09/22 20:17:54.0496 6448 Mode: Manual; 2011/09/22 20:17:54.0496 6448 ================================================================================ 2011/09/22 20:17:57.0305 6448 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/09/22 20:17:57.0455 6448 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/09/22 20:17:57.0524 6448 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/09/22 20:17:57.0741 6448 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/09/22 20:17:57.0809 6448 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/09/22 20:17:57.0986 6448 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 2011/09/22 20:17:58.0073 6448 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2011/09/22 20:17:58.0122 6448 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/09/22 20:17:58.0195 6448 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2011/09/22 20:17:58.0240 6448 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/09/22 20:17:58.0291 6448 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2011/09/22 20:17:58.0333 6448 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/09/22 20:17:58.0402 6448 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys 2011/09/22 20:17:58.0490 6448 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/09/22 20:17:58.0571 6448 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/09/22 20:17:58.0699 6448 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\Windows\system32\drivers\aswFsBlk.sys 2011/09/22 20:17:58.0816 6448 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\Windows\system32\drivers\aswMonFlt.sys 2011/09/22 20:17:58.0885 6448 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\Windows\system32\drivers\aswRdr.sys 2011/09/22 20:17:59.0010 6448 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\Windows\system32\drivers\aswSnx.sys 2011/09/22 20:17:59.0137 6448 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\Windows\system32\drivers\aswSP.sys 2011/09/22 20:17:59.0241 6448 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\Windows\system32\drivers\aswTdi.sys 2011/09/22 20:17:59.0435 6448 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/09/22 20:17:59.0538 6448 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/09/22 20:17:59.0747 6448 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys 2011/09/22 20:17:59.0848 6448 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys 2011/09/22 20:18:00.0021 6448 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/09/22 20:18:00.0156 6448 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 2011/09/22 20:18:00.0271 6448 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/09/22 20:18:00.0344 6448 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/09/22 20:18:00.0419 6448 Bridge (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys 2011/09/22 20:18:00.0462 6448 BridgeMP (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys 2011/09/22 20:18:00.0513 6448 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/09/22 20:18:00.0551 6448 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/09/22 20:18:00.0592 6448 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/09/22 20:18:00.0622 6448 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/09/22 20:18:00.0667 6448 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/09/22 20:18:00.0764 6448 BVRPMPR5 (da2dc84e2d14ec6dac1132caa286118d) C:\Windows\system32\drivers\BVRPMPR5.SYS 2011/09/22 20:18:00.0830 6448 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/09/22 20:18:00.0893 6448 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers\cdrbsdrv.sys 2011/09/22 20:18:00.0963 6448 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/09/22 20:18:01.0021 6448 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/09/22 20:18:01.0120 6448 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/09/22 20:18:01.0234 6448 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/09/22 20:18:01.0284 6448 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2011/09/22 20:18:01.0375 6448 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys 2011/09/22 20:18:01.0465 6448 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/09/22 20:18:01.0509 6448 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/09/22 20:18:01.0568 6448 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/09/22 20:18:01.0708 6448 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 2011/09/22 20:18:01.0832 6448 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/09/22 20:18:01.0941 6448 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/09/22 20:18:02.0014 6448 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/09/22 20:18:02.0100 6448 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys 2011/09/22 20:18:02.0172 6448 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/09/22 20:18:02.0273 6448 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys 2011/09/22 20:18:02.0368 6448 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/09/22 20:18:02.0530 6448 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/09/22 20:18:02.0726 6448 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/09/22 20:18:02.0975 6448 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/09/22 20:18:03.0050 6448 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/09/22 20:18:03.0170 6448 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/09/22 20:18:03.0261 6448 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/09/22 20:18:03.0360 6448 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/09/22 20:18:03.0476 6448 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/09/22 20:18:03.0559 6448 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys 2011/09/22 20:18:03.0634 6448 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/09/22 20:18:03.0676 6448 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/09/22 20:18:03.0837 6448 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys 2011/09/22 20:18:03.0891 6448 HdAudAddService (5ab09c8b9da9e5dae0090eb62a9d035a) C:\Windows\system32\drivers\CHDART.sys 2011/09/22 20:18:03.0961 6448 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/09/22 20:18:04.0034 6448 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/09/22 20:18:04.0072 6448 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/09/22 20:18:04.0137 6448 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/09/22 20:18:04.0217 6448 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/09/22 20:18:04.0285 6448 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2011/09/22 20:18:04.0370 6448 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys 2011/09/22 20:18:04.0465 6448 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 2011/09/22 20:18:04.0538 6448 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/09/22 20:18:04.0595 6448 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/09/22 20:18:04.0687 6448 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/09/22 20:18:04.0764 6448 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/09/22 20:18:04.0853 6448 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/09/22 20:18:04.0923 6448 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/09/22 20:18:04.0986 6448 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys 2011/09/22 20:18:05.0045 6448 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 2011/09/22 20:18:05.0101 6448 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/09/22 20:18:05.0195 6448 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/09/22 20:18:05.0259 6448 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/09/22 20:18:05.0316 6448 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/09/22 20:18:05.0361 6448 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2011/09/22 20:18:05.0430 6448 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/09/22 20:18:05.0475 6448 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/09/22 20:18:05.0511 6448 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/09/22 20:18:05.0570 6448 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/09/22 20:18:05.0616 6448 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/09/22 20:18:05.0697 6448 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/09/22 20:18:05.0810 6448 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 2011/09/22 20:18:05.0897 6448 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys 2011/09/22 20:18:05.0975 6448 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/09/22 20:18:06.0060 6448 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/09/22 20:18:06.0108 6448 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/09/22 20:18:06.0174 6448 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/09/22 20:18:06.0255 6448 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/09/22 20:18:06.0381 6448 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2011/09/22 20:18:06.0443 6448 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/09/22 20:18:06.0519 6448 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/09/22 20:18:06.0579 6448 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/09/22 20:18:06.0626 6448 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/09/22 20:18:06.0663 6448 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/09/22 20:18:06.0717 6448 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/09/22 20:18:06.0757 6448 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/09/22 20:18:06.0804 6448 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/09/22 20:18:06.0870 6448 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/09/22 20:18:06.0930 6448 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/09/22 20:18:07.0014 6448 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/09/22 20:18:07.0082 6448 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/09/22 20:18:07.0126 6448 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/09/22 20:18:07.0178 6448 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 2011/09/22 20:18:07.0249 6448 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/09/22 20:18:07.0334 6448 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/09/22 20:18:07.0408 6448 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/09/22 20:18:07.0481 6448 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/09/22 20:18:07.0537 6448 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/09/22 20:18:07.0588 6448 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/09/22 20:18:07.0646 6448 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/09/22 20:18:07.0688 6448 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/09/22 20:18:07.0730 6448 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/09/22 20:18:07.0773 6448 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/09/22 20:18:07.0852 6448 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/09/22 20:18:07.0939 6448 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/09/22 20:18:08.0106 6448 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/09/22 20:18:08.0212 6448 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/09/22 20:18:08.0291 6448 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/09/22 20:18:08.0366 6448 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/09/22 20:18:08.0422 6448 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/09/22 20:18:08.0497 6448 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/09/22 20:18:08.0604 6448 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/09/22 20:18:08.0679 6448 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/09/22 20:18:08.0742 6448 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/09/22 20:18:08.0874 6448 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/09/22 20:18:08.0958 6448 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/09/22 20:18:09.0033 6448 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/09/22 20:18:09.0123 6448 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys 2011/09/22 20:18:09.0458 6448 nvlddmkm (d65bc32c1795191b7f2b028351ab4fe2) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/09/22 20:18:09.0716 6448 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/09/22 20:18:09.0781 6448 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys 2011/09/22 20:18:09.0821 6448 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/09/22 20:18:09.0876 6448 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2011/09/22 20:18:10.0003 6448 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/09/22 20:18:10.0059 6448 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/09/22 20:18:10.0122 6448 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/09/22 20:18:10.0167 6448 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/09/22 20:18:10.0267 6448 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/09/22 20:18:10.0326 6448 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 2011/09/22 20:18:10.0372 6448 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/09/22 20:18:10.0446 6448 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/09/22 20:18:10.0624 6448 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/09/22 20:18:10.0663 6448 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/09/22 20:18:10.0745 6448 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/09/22 20:18:10.0800 6448 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys 2011/09/22 20:18:10.0870 6448 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/09/22 20:18:10.0954 6448 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/09/22 20:18:11.0024 6448 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/09/22 20:18:11.0108 6448 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/09/22 20:18:11.0207 6448 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/09/22 20:18:11.0296 6448 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/09/22 20:18:11.0348 6448 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/09/22 20:18:11.0412 6448 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/09/22 20:18:11.0461 6448 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/09/22 20:18:11.0515 6448 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2011/09/22 20:18:11.0547 6448 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/09/22 20:18:11.0604 6448 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/09/22 20:18:11.0672 6448 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys 2011/09/22 20:18:11.0731 6448 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys 2011/09/22 20:18:11.0763 6448 rismxdp (c663af77e2f4eabf8eb08b388d2f1f36) C:\Windows\system32\DRIVERS\rixdptsk.sys 2011/09/22 20:18:11.0841 6448 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/09/22 20:18:11.0898 6448 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/09/22 20:18:12.0003 6448 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 2011/09/22 20:18:12.0058 6448 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/09/22 20:18:12.0116 6448 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/09/22 20:18:12.0167 6448 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/09/22 20:18:12.0232 6448 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/09/22 20:18:12.0330 6448 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/09/22 20:18:12.0368 6448 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 2011/09/22 20:18:12.0428 6448 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/09/22 20:18:12.0475 6448 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/09/22 20:18:12.0536 6448 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2011/09/22 20:18:12.0572 6448 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/09/22 20:18:12.0610 6448 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/09/22 20:18:12.0687 6448 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/09/22 20:18:12.0777 6448 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/09/22 20:18:12.0865 6448 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2011/09/22 20:18:12.0866 6448 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/09/22 20:18:12.0876 6448 sptd - detected LockedFile.Multi.Generic (1) 2011/09/22 20:18:12.0936 6448 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 2011/09/22 20:18:13.0024 6448 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 2011/09/22 20:18:13.0117 6448 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 2011/09/22 20:18:13.0203 6448 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/09/22 20:18:13.0265 6448 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/09/22 20:18:13.0305 6448 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/09/22 20:18:13.0347 6448 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/09/22 20:18:13.0414 6448 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys 2011/09/22 20:18:13.0547 6448 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys 2011/09/22 20:18:13.0629 6448 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys 2011/09/22 20:18:13.0692 6448 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/09/22 20:18:13.0741 6448 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/09/22 20:18:13.0785 6448 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/09/22 20:18:13.0849 6448 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/09/22 20:18:13.0905 6448 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/09/22 20:18:14.0013 6448 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/09/22 20:18:14.0086 6448 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/09/22 20:18:14.0158 6448 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/09/22 20:18:14.0233 6448 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/09/22 20:18:14.0294 6448 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/09/22 20:18:14.0368 6448 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2011/09/22 20:18:14.0421 6448 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/09/22 20:18:14.0474 6448 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/09/22 20:18:14.0515 6448 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/09/22 20:18:14.0574 6448 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/09/22 20:18:14.0653 6448 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/09/22 20:18:14.0695 6448 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/09/22 20:18:14.0771 6448 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/09/22 20:18:14.0825 6448 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/09/22 20:18:14.0885 6448 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 2011/09/22 20:18:14.0945 6448 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/09/22 20:18:15.0028 6448 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/09/22 20:18:15.0070 6448 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/09/22 20:18:15.0126 6448 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/09/22 20:18:15.0200 6448 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 2011/09/22 20:18:15.0264 6448 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/09/22 20:18:15.0323 6448 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/09/22 20:18:15.0368 6448 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2011/09/22 20:18:15.0412 6448 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/09/22 20:18:15.0456 6448 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2011/09/22 20:18:15.0525 6448 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/09/22 20:18:15.0590 6448 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/09/22 20:18:15.0660 6448 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/09/22 20:18:15.0738 6448 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/09/22 20:18:15.0815 6448 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/09/22 20:18:15.0880 6448 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/09/22 20:18:15.0903 6448 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/09/22 20:18:15.0962 6448 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/09/22 20:18:16.0037 6448 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/09/22 20:18:16.0174 6448 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2011/09/22 20:18:16.0356 6448 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/09/22 20:18:16.0456 6448 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/09/22 20:18:16.0524 6448 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/09/22 20:18:16.0628 6448 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/09/22 20:18:16.0697 6448 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys 2011/09/22 20:18:16.0764 6448 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0 2011/09/22 20:18:16.0808 6448 Boot (0x1200) (13ca94daba5d84038b10bb12a2a62b12) \Device\Harddisk0\DR0\Partition0 2011/09/22 20:18:16.0832 6448 Boot (0x1200) (0144fd598dfedd81c16573576150abdc) \Device\Harddisk0\DR0\Partition1 2011/09/22 20:18:16.0848 6448 ================================================================================ 2011/09/22 20:18:16.0848 6448 Scan finished 2011/09/22 20:18:16.0848 6448 ================================================================================ 2011/09/22 20:18:16.0870 3896 Detected object count: 1 2011/09/22 20:18:16.0870 3896 Actual detected object count: 1 2011/09/22 20:20:10.0996 3896 LockedFile.Multi.Generic(sptd) - User select action: Skip 2011/09/22 20:20:22.0927 4184 ================================================================================ 2011/09/22 20:20:22.0927 4184 Scan started 2011/09/22 20:20:22.0927 4184 Mode: Manual; 2011/09/22 20:20:22.0927 4184 ================================================================================ 2011/09/22 20:20:23.0587 4184 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/09/22 20:20:23.0660 4184 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/09/22 20:20:23.0716 4184 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/09/22 20:20:23.0755 4184 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/09/22 20:20:23.0790 4184 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/09/22 20:20:23.0878 4184 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 2011/09/22 20:20:23.0921 4184 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2011/09/22 20:20:23.0958 4184 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/09/22 20:20:23.0998 4184 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2011/09/22 20:20:24.0032 4184 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/09/22 20:20:24.0072 4184 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2011/09/22 20:20:24.0113 4184 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/09/22 20:20:24.0161 4184 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys 2011/09/22 20:20:24.0215 4184 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/09/22 20:20:24.0263 4184 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/09/22 20:20:24.0313 4184 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\Windows\system32\drivers\aswFsBlk.sys 2011/09/22 20:20:24.0364 4184 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\Windows\system32\drivers\aswMonFlt.sys 2011/09/22 20:20:24.0398 4184 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\Windows\system32\drivers\aswRdr.sys 2011/09/22 20:20:24.0446 4184 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\Windows\system32\drivers\aswSnx.sys 2011/09/22 20:20:24.0506 4184 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\Windows\system32\drivers\aswSP.sys 2011/09/22 20:20:24.0555 4184 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\Windows\system32\drivers\aswTdi.sys 2011/09/22 20:20:24.0604 4184 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/09/22 20:20:24.0651 4184 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/09/22 20:20:24.0749 4184 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys 2011/09/22 20:20:24.0793 4184 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys 2011/09/22 20:20:24.0857 4184 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/09/22 20:20:24.0958 4184 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 2011/09/22 20:20:25.0006 4184 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/09/22 20:20:25.0045 4184 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/09/22 20:20:25.0099 4184 Bridge (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys 2011/09/22 20:20:25.0121 4184 BridgeMP (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys 2011/09/22 20:20:25.0181 4184 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/09/22 20:20:25.0220 4184 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/09/22 20:20:25.0260 4184 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/09/22 20:20:25.0288 4184 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/09/22 20:20:25.0335 4184 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/09/22 20:20:25.0410 4184 BVRPMPR5 (da2dc84e2d14ec6dac1132caa286118d) C:\Windows\system32\drivers\BVRPMPR5.SYS 2011/09/22 20:20:25.0465 4184 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/09/22 20:20:25.0517 4184 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers\cdrbsdrv.sys 2011/09/22 20:20:25.0575 4184 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/09/22 20:20:25.0622 4184 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/09/22 20:20:25.0688 4184 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/09/22 20:20:25.0769 4184 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/09/22 20:20:25.0819 4184 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2011/09/22 20:20:25.0865 4184 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys 2011/09/22 20:20:25.0932 4184 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/09/22 20:20:25.0969 4184 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/09/22 20:20:26.0013 4184 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/09/22 20:20:26.0120 4184 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 2011/09/22 20:20:26.0188 4184 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/09/22 20:20:26.0264 4184 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/09/22 20:20:26.0337 4184 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/09/22 20:20:26.0379 4184 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys 2011/09/22 20:20:26.0417 4184 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/09/22 20:20:26.0463 4184 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys 2011/09/22 20:20:26.0536 4184 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/09/22 20:20:26.0606 4184 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/09/22 20:20:26.0685 4184 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/09/22 20:20:26.0742 4184 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/09/22 20:20:26.0784 4184 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/09/22 20:20:26.0859 4184 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/09/22 20:20:26.0906 4184 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/09/22 20:20:26.0960 4184 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/09/22 20:20:27.0020 4184 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/09/22 20:20:27.0092 4184 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys 2011/09/22 20:20:27.0145 4184 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/09/22 20:20:27.0186 4184 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/09/22 20:20:27.0304 4184 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys 2011/09/22 20:20:27.0357 4184 HdAudAddService (5ab09c8b9da9e5dae0090eb62a9d035a) C:\Windows\system32\drivers\CHDART.sys 2011/09/22 20:20:27.0428 4184 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/09/22 20:20:27.0478 4184 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/09/22 20:20:27.0516 4184 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/09/22 20:20:27.0570 4184 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/09/22 20:20:27.0628 4184 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/09/22 20:20:27.0707 4184 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2011/09/22 20:20:27.0849 4184 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys 2011/09/22 20:20:27.0977 4184 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 2011/09/22 20:20:28.0038 4184 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/09/22 20:20:28.0095 4184 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/09/22 20:20:28.0154 4184 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/09/22 20:20:28.0244 4184 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/09/22 20:20:28.0297 4184 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/09/22 20:20:28.0365 4184 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/09/22 20:20:28.0430 4184 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys 2011/09/22 20:20:28.0467 4184 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 2011/09/22 20:20:28.0534 4184 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/09/22 20:20:28.0617 4184 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/09/22 20:20:28.0670 4184 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/09/22 20:20:28.0716 4184 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/09/22 20:20:28.0761 4184 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2011/09/22 20:20:28.0819 4184 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/09/22 20:20:28.0863 4184 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/09/22 20:20:28.0899 4184 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/09/22 20:20:28.0959 4184 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/09/22 20:20:29.0004 4184 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/09/22 20:20:29.0086 4184 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/09/22 20:20:29.0210 4184 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 2011/09/22 20:20:29.0263 4184 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys 2011/09/22 20:20:29.0341 4184 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/09/22 20:20:29.0460 4184 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/09/22 20:20:29.0507 4184 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/09/22 20:20:29.0551 4184 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/09/22 20:20:29.0611 4184 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/09/22 20:20:29.0725 4184 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2011/09/22 20:20:29.0765 4184 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/09/22 20:20:29.0841 4184 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/09/22 20:20:29.0890 4184 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/09/22 20:20:29.0937 4184 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/09/22 20:20:29.0973 4184 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/09/22 20:20:30.0039 4184 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/09/22 20:20:30.0078 4184 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/09/22 20:20:30.0114 4184 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/09/22 20:20:30.0170 4184 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/09/22 20:20:30.0218 4184 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/09/22 20:20:30.0302 4184 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/09/22 20:20:30.0370 4184 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/09/22 20:20:30.0404 4184 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/09/22 20:20:30.0444 4184 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 2011/09/22 20:20:30.0493 4184 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/09/22 20:20:30.0578 4184 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/09/22 20:20:30.0630 4184 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/09/22 20:20:30.0692 4184 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/09/22 20:20:30.0747 4184 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/09/22 20:20:30.0798 4184 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/09/22 20:20:30.0857 4184 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/09/22 20:20:30.0898 4184 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/09/22 20:20:30.0941 4184 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/09/22 20:20:30.0983 4184 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/09/22 20:20:31.0045 4184 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/09/22 20:20:31.0116 4184 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/09/22 20:20:31.0183 4184 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/09/22 20:20:31.0241 4184 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/09/22 20:20:31.0301 4184 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/09/22 20:20:31.0354 4184 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/09/22 20:20:31.0391 4184 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/09/22 20:20:31.0451 4184 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/09/22 20:20:31.0559 4184 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/09/22 20:20:31.0622 4184 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/09/22 20:20:31.0696 4184 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/09/22 20:20:31.0784 4184 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/09/22 20:20:31.0834 4184 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/09/22 20:20:31.0888 4184 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/09/22 20:20:31.0967 4184 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys 2011/09/22 20:20:32.0429 4184 nvlddmkm (d65bc32c1795191b7f2b028351ab4fe2) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/09/22 20:20:32.0559 4184 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/09/22 20:20:32.0607 4184 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys 2011/09/22 20:20:32.0653 4184 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/09/22 20:20:32.0708 4184 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2011/09/22 20:20:32.0824 4184 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/09/22 20:20:32.0881 4184 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/09/22 20:20:32.0932 4184 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/09/22 20:20:32.0977 4184 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/09/22 20:20:33.0077 4184 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/09/22 20:20:33.0113 4184 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 2011/09/22 20:20:33.0159 4184 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/09/22 20:20:33.0223 4184 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/09/22 20:20:33.0367 4184 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/09/22 20:20:33.0406 4184 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/09/22 20:20:33.0476 4184 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/09/22 20:20:33.0532 4184 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys 2011/09/22 20:20:33.0590 4184 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/09/22 20:20:33.0641 4184 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/09/22 20:20:33.0711 4184 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/09/22 20:20:33.0762 4184 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/09/22 20:20:33.0827 4184 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/09/22 20:20:33.0883 4184 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/09/22 20:20:33.0935 4184 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/09/22 20:20:34.0000 4184 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/09/22 20:20:34.0060 4184 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/09/22 20:20:34.0113 4184 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2011/09/22 20:20:34.0141 4184 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/09/22 20:20:34.0191 4184 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/09/22 20:20:34.0260 4184 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys 2011/09/22 20:20:34.0304 4184 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys 2011/09/22 20:20:34.0335 4184 rismxdp (c663af77e2f4eabf8eb08b388d2f1f36) C:\Windows\system32\DRIVERS\rixdptsk.sys 2011/09/22 20:20:34.0406 4184 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/09/22 20:20:34.0463 4184 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/09/22 20:20:34.0546 4184 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 2011/09/22 20:20:34.0601 4184 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/09/22 20:20:34.0670 4184 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/09/22 20:20:34.0710 4184 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/09/22 20:20:34.0763 4184 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/09/22 20:20:34.0861 4184 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/09/22 20:20:34.0900 4184 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 2011/09/22 20:20:34.0960 4184 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/09/22 20:20:34.0995 4184 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/09/22 20:20:35.0068 4184 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2011/09/22 20:20:35.0114 4184 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/09/22 20:20:35.0164 4184 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/09/22 20:20:35.0230 4184 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/09/22 20:20:35.0320 4184 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/09/22 20:20:35.0397 4184 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2011/09/22 20:20:35.0397 4184 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/09/22 20:20:35.0406 4184 sptd - detected LockedFile.Multi.Generic (1) 2011/09/22 20:20:35.0468 4184 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 2011/09/22 20:20:35.0544 4184 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 2011/09/22 20:20:35.0615 4184 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 2011/09/22 20:20:35.0701 4184 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/09/22 20:20:35.0763 4184 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/09/22 20:20:35.0802 4184 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/09/22 20:20:35.0845 4184 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/09/22 20:20:35.0913 4184 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys 2011/09/22 20:20:36.0046 4184 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys 2011/09/22 20:20:36.0111 4184 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys 2011/09/22 20:20:36.0168 4184 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/09/22 20:20:36.0217 4184 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/09/22 20:20:36.0261 4184 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/09/22 20:20:36.0326 4184 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/09/22 20:20:36.0381 4184 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/09/22 20:20:36.0478 4184 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/09/22 20:20:36.0540 4184 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/09/22 20:20:36.0601 4184 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/09/22 20:20:36.0676 4184 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/09/22 20:20:36.0737 4184 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/09/22 20:20:36.0811 4184 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2011/09/22 20:20:36.0863 4184 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/09/22 20:20:36.0917 4184 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/09/22 20:20:36.0958 4184 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/09/22 20:20:37.0017 4184 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/09/22 20:20:37.0107 4184 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/09/22 20:20:37.0160 4184 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/09/22 20:20:37.0269 4184 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/09/22 20:20:37.0390 4184 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/09/22 20:20:37.0450 4184 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 2011/09/22 20:20:37.0499 4184 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/09/22 20:20:37.0560 4184 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/09/22 20:20:37.0602 4184 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/09/22 20:20:37.0646 4184 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/09/22 20:20:37.0698 4184 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 2011/09/22 20:20:37.0751 4184 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/09/22 20:20:37.0810 4184 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/09/22 20:20:37.0856 4184 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2011/09/22 20:20:37.0899 4184 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/09/22 20:20:37.0943 4184 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2011/09/22 20:20:38.0001 4184 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/09/22 20:20:38.0068 4184 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/09/22 20:20:38.0136 4184 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/09/22 20:20:38.0181 4184 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/09/22 20:20:38.0246 4184 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/09/22 20:20:38.0311 4184 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/09/22 20:20:38.0332 4184 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/09/22 20:20:38.0393 4184 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/09/22 20:20:38.0458 4184 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/09/22 20:20:38.0571 4184 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2011/09/22 20:20:38.0732 4184 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/09/22 20:20:38.0832 4184 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/09/22 20:20:38.0900 4184 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/09/22 20:20:38.0993 4184 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/09/22 20:20:39.0051 4184 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys 2011/09/22 20:20:39.0129 4184 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0 2011/09/22 20:20:39.0176 4184 Boot (0x1200) (13ca94daba5d84038b10bb12a2a62b12) \Device\Harddisk0\DR0\Partition0 2011/09/22 20:20:39.0201 4184 Boot (0x1200) (0144fd598dfedd81c16573576150abdc) \Device\Harddisk0\DR0\Partition1 2011/09/22 20:20:39.0218 4184 ================================================================================ 2011/09/22 20:20:39.0218 4184 Scan finished 2011/09/22 20:20:39.0218 4184 ================================================================================ 2011/09/22 20:20:39.0246 7968 Detected object count: 1 2011/09/22 20:20:39.0246 7968 Actual detected object count: 1 2011/09/22 20:20:51.0915 7968 LockedFile.Multi.Generic(sptd) - User select action: Skip aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-09-22 20:22:31 ----------------------------- 20:22:31.738 OS Version: Windows 6.0.6002 Service Pack 2 20:22:31.739 Number of processors: 2 586 0x6801 20:22:31.741 ComputerName: PC_VAN_MARTIN UserName: Martin 20:22:32.420 Initialize success 20:22:32.812 AVAST engine defs: 11092200 20:22:47.221 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 20:22:47.232 Disk 0 Vendor: WDC_WD1200BEVS-60UST0 01.01A01 Size: 114473MB BusType: 3 20:22:49.296 Disk 0 MBR read successfully 20:22:49.309 Disk 0 MBR scan 20:22:49.325 Disk 0 unknown MBR code 20:22:49.343 Disk 0 scanning sectors +234436545 20:22:49.427 Disk 0 scanning C:\Windows\system32\drivers 20:23:08.222 Service scanning 20:23:11.018 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32 20:23:11.953 Modules scanning 20:23:20.496 Disk 0 trace - called modules: 20:23:20.521 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84daa1f8]<< 20:23:20.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84fc9030] 20:23:20.548 3 CLASSPNP.SYS[883a18b3] -> nt!IofCallDriver -> [0x84e54918] 20:23:20.564 5 acpi.sys[87b2d6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x84e2e390] 20:23:20.582 \Driver\atapi[0x84e1d590] -> IRP_MJ_CREATE -> 0x84daa1f8 20:23:21.107 AVAST engine scan C:\Windows 20:23:24.044 AVAST engine scan C:\Windows\system32 20:26:05.515 AVAST engine scan C:\Windows\system32\drivers 20:26:18.205 AVAST engine scan C:\Users\Martin 20:35:07.856 AVAST engine scan C:\ProgramData 20:44:05.801 Scan finished successfully 20:49:00.101 Disk 0 MBR has been saved successfully to "
  • Hoi Radlab, heb jij DaemonTools of Alcohol-brandsoftware in jouw Windows? Ik vraag dit, omdat beide tools SPTD.SYS hebben gevonden! Dat bestand hoort bij een van de vermelde tools, indien die niet in jouw Windows zitten, dan is SPTD.SYS mogelijk een rootkit!
  • Hoi Abraham Ik heb deamon tools lite gehad maar die heb ik voor de logscans verwijderd. Alcohol brandsoftware zegt me niets!!!! Radlab
  • Duidelijk, dan zullen we dat bestand uiteindelijk door onderstaande tool laten verwijderen! [b:3cfadfa093]Welk programma[/b:3cfadfa093]: ComboFix [b:3cfadfa093]Waarvoor/waarom[/b:3cfadfa093]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:3cfadfa093]Moeilijkheidsgraad[/b:3cfadfa093]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:3cfadfa093]Downloadlokatie[/b:3cfadfa093]: Dit programma absoluut naar het bureaublad downloaden! [b:3cfadfa093]Download ComboFix via één van deze locaties[/b:3cfadfa093]: [list:3cfadfa093][*:3cfadfa093][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:3cfadfa093]Bleepingcomputer[/b:3cfadfa093][/url] [*:3cfadfa093][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:3cfadfa093]ForoSpyware[/b:3cfadfa093][/url] [*:3cfadfa093][url=http://subs.geekstogo.com/ComboFix.exe][b:3cfadfa093]Geekstogo[/b:3cfadfa093][/url][/list:u:3cfadfa093] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:3cfadfa093]Hier[/b:3cfadfa093][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:3cfadfa093]Hier[/b:3cfadfa093][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:3cfadfa093]hier[/b:3cfadfa093][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:3cfadfa093]Voor alle duidelijkheid nogmaals[/b:3cfadfa093]: ComboFix dient vanaf het bureaublad gestart te worden. [b:3cfadfa093]Opmerkingen[/b:3cfadfa093]: [list:3cfadfa093][*:3cfadfa093] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:3cfadfa093]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:3cfadfa093]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:3cfadfa093] [b:3cfadfa093]ComboFix is opgestart[/b:3cfadfa093]: [list:3cfadfa093][*:3cfadfa093]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:3cfadfa093]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:3cfadfa093]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:3cfadfa093]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:3cfadfa093]Post de inhoud van dit logbestand in je volgende bericht. [*:3cfadfa093]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:3cfadfa093] [b:3cfadfa093]Belangrijke opmerking[/b:3cfadfa093]: [list:3cfadfa093][*:3cfadfa093][b:3cfadfa093][color=Red:3cfadfa093]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:3cfadfa093][/b:3cfadfa093] [*:3cfadfa093][b:3cfadfa093][color=blue:3cfadfa093]Illegal operation attempted on a registery key that has been marked for deletion.[/color:3cfadfa093][/b:3cfadfa093] [*:3cfadfa093][b:3cfadfa093][color=Red:3cfadfa093]Start dan de computer opnieuw op.[/color:3cfadfa093][/b:3cfadfa093][/list:u:3cfadfa093]
  • Hoi Abraham wat ik ook doe ik krijg combofix niet aan het werk. Als ik het programma download krijg ik niet de keus om op te slaan op bureaublad. Als ik het programma van uit de downloadlocatie op de computer verplaats naar het bureaublad en met reklik open als administrator dan wordt het programma uitgepakt en daarna gebeurt er niets. Wat doe ik verkeerd??? Radlab
  • Download ComboFix nu eerst opnieuw naar je downloadmap en dan na deaktiveren van Avast mag je van mij ComboFix starten vanuit de downloadmap.
  • Hallo Abraham Hierbij de log van de combifix: ComboFix 11-09-23.03 - Martin 23-09-2011 20:46:48.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1982.1068 [GMT 2:00] Gestart vanuit: c:\users\Martin\Documents\Downloads\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\IsUn0413.exe c:\windows\system32\comct332.ocx . Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!userinit.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-08-23 to 2011-09-23 )))))))))))))))))))))))))))))) . . 2011-09-23 19:07 . 2011-09-23 19:07 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2011-09-23 19:07 . 2011-09-23 19:07 -------- d-----w- c:\users\Petra\AppData\Local\temp 2011-09-23 19:07 . 2011-09-23 19:07 -------- d-----w- c:\users\Laura\AppData\Local\temp 2011-09-23 19:06 . 2011-09-23 19:06 -------- d-----w- c:\users\Jarno\AppData\Local\temp 2011-09-23 19:06 . 2011-09-23 19:37 -------- d-----w- c:\users\Martin\AppData\Local\temp 2011-09-23 19:06 . 2011-09-23 19:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-09-22 06:45 . 2011-09-22 06:45 -------- d-----w- c:\users\Laura\AppData\Roaming\Malwarebytes 2011-09-22 06:44 . 2011-09-22 06:48 -------- d-----w- c:\users\Laura\AppData\Local\panda2_0dn 2011-09-22 00:38 . 2011-09-22 00:41 -------- d-----w- c:\users\Petra\AppData\Local\panda2_0dn 2011-09-21 21:07 . 2011-09-21 21:07 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes 2011-09-21 21:07 . 2011-09-21 21:07 -------- d-----w- c:\programdata\Malwarebytes 2011-09-21 21:07 . 2011-09-21 21:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-09-21 21:07 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-21 20:32 . 2011-09-21 20:32 388096 ----a-r- c:\users\Martin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-09-21 20:32 . 2011-09-21 20:32 -------- d-----w- c:\program files\Trend Micro 2011-09-21 19:35 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-09-21 19:35 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-09-21 19:35 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-09-21 19:35 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-09-21 19:35 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-21 19:35 . 2011-09-06 20:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-09-21 19:34 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr 2011-09-21 19:34 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-09-21 19:34 . 2011-09-21 19:34 -------- d-----w- c:\programdata\AVAST Software 2011-09-21 19:34 . 2011-09-21 19:34 -------- d-----w- c:\program files\AVAST Software 2011-09-21 18:23 . 2011-09-21 18:27 -------- d-----w- c:\users\Martin\AppData\Local\panda2_0dn 2011-09-14 05:01 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-09-08 18:20 . 2011-09-08 18:20 -------- dc----w- C:\logs 2011-09-05 05:39 . 2011-09-05 05:39 913160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-09-04 16:15 . 2011-09-13 06:55 -------- d-----w- c:\users\Martin\AppData\Roaming\vlc 2011-09-04 15:25 . 2011-09-04 15:25 -------- d-----w- c:\users\Martin\AppData\Roaming\CyberLink 2011-09-04 15:24 . 2011-09-04 15:24 -------- d-----w- c:\users\Martin\AppData\Roaming\HP 2011-08-27 22:06 . 2011-08-27 22:06 -------- d-----w- c:\program files\VS Revo Group . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-23 19:22 . 2011-09-23 19:22 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E167DA7-CABA-4F33-87B9-B9624255140D}\offreg.dll 2011-09-12 23:14 . 2011-09-23 10:36 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E167DA7-CABA-4F33-87B9-B9624255140D}\mpengine.dll 2011-08-01 13:09 . 2011-08-12 19:32 326392 ----a-w- c:\windows\system32\GfKLSPService64.dll 2011-08-01 13:09 . 2011-08-12 19:32 3414776 ----a-w- c:\windows\system32\GfKLSPService.exe 2011-08-01 13:08 . 2011-05-22 18:53 269560 ----a-w- c:\windows\system32\GfKLSPService.dll 2011-07-22 02:54 . 2011-08-13 15:34 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-07-22 02:48 . 2011-08-13 15:34 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-07-22 02:44 . 2011-08-13 15:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-19 03:05 . 2010-05-10 17:18 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-11 13:25 . 2011-08-24 07:43 2048 ----a-w- c:\windows\system32\tzres.dll 2011-07-06 15:31 . 2011-08-12 19:14 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-28 15:37 . 2009-11-24 16:33 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704] "Panda Security Toolbar Antiphishing"="c:\programdata\Panda Security Toolbar Antiphishing\panda2_0dn.exe" [2010-12-08 223400] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-29 19:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-09-10 22:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-05-27 12:52 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] 2007-07-16 16:54 311984 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GfK-WatchDog] 2011-08-01 13:08 57592 ----a-w- c:\program files\GfKLSPService\GfK-WatchDog.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-12-16 13:31 135664 ----atw- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler] 2007-03-12 09:54 50696 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-02-16 21:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] 2007-03-01 11:18 472776 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher] 2006-11-07 15:39 44128 ----a-w- c:\windows\SMINST\Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon] 2007-07-16 16:54 25264 ----a-w- c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe] 2007-07-16 16:54 434864 ----a-w- c:\program files\Lexmark 3500-4500 Series\lxdimon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] 2007-02-13 09:38 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] 2007-04-23 16:11 176128 ----a-w- c:\program files\HP\QuickPlay\QPService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 16:38 421888 ----a-w- c:\program files\Final Codecs\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-06-12 20:14 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2010-05-27 20:31 1721640 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TNS NIPO Clicks] 2011-02-02 17:52 874496 ----a-w- c:\users\Martin\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 135664] R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 135664] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe [2010-05-02 5027328] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-09 691696] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616] S2 GfK-Reporting-Service;GfK-Reporting-Service;c:\program files\GfK Internet Monitor\GfK-Reporting.exe [2011-01-20 102400] S2 GfK-Update-Service;GfK-Update-Service;c:\program files\GfK Internet Monitor\GfK-Updater.exe [2011-01-20 180224] S2 GfkLSPService;GfkLSPService;c:\program files\GfKLSPService\GfKLSPService.exe [2011-08-01 3414776] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152] S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 517040] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2011-09-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 07:40] . 2011-09-23 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-01 14:01] . 2011-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 18:01] . 2011-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 18:01] . 2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1000Core.job - c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 13:31] . 2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1000UA.job - c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 13:31] . 2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1001Core.job - c:\users\Petra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 19:46] . 2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1001UA.job - c:\users\Petra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 19:46] . 2011-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1002Core.job - c:\users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-02 19:02] . 2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1002UA.job - c:\users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-02 19:02] . 2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1003Core.job - c:\users\Jarno\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-27 11:11] . 2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1003UA.job - c:\users\Jarno\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-27 11:11] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.startpagina.nl/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html LSP: c:\windows\system32\GfKLSPService.DLL Trusted Zone: alysis.nl\loginlight Trusted Zone: alysis.nl\oma00 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - (no file) MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe MSConfigStartUp-L07NXLRD_21693155 - c:\program files\Microsoft Winkler Prins\Microsoft Winkler Prins Huiswerkhulp voor Leerlingen 2007 DVD\EDICT.EXE MSConfigStartUp-L07NXLRD_32606876 - c:\program files\Microsoft Winkler Prins\Microsoft Winkler Prins Huiswerkhulp voor Leerlingen 2007 DVD\EDICT.EXE MSConfigStartUp-ZoneAlarm Client - c:\program files\Zone Labs\ZoneAlarm\zlclient.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-09-23 21:37 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wxpSvc] "ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(5372) c:\programdata\Panda Security Toolbar Antiphishing\panda2_0dn.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\rundll32.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\conime.exe c:\windows\System32\rundll32.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Voltooingstijd: 2011-09-23 21:46:55 - machine werd herstart ComboFix-quarantined-files.txt 2011-09-23 19:46 . Pre-Run: 33.446.232.064 bytes beschikbaar Post-Run: 34.339.266.560 bytes beschikbaar . - - End Of File - - 40FA5B1EADC58EBADB551841A75FDA18
  • Voordat we verder gaan - hoe gaat het nu en heb je nog steeds die problemen van doorlinken?
  • Ja, is nog niet over, heb er nog steeds last van.
  • Post een nieuw Hijack This-log.
  • Hoi Abraham Bij deze: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:21:43, on 25-9-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\ProgramData\Panda Security Toolbar Antiphishing\panda2_0dn.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Gacela2 - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\GfK Internet Monitor\Gacela2.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: WakoopaBHOClass Class - {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} - C:\Users\Martin\AppData\Local\Wakoopa Shared\WakoopaBHO.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [Panda Security Toolbar Antiphishing] "C:\ProgramData\Panda Security Toolbar Antiphishing\panda2_0dn.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\GfK Internet Monitor\Gacela2.dll O9 - Extra 'Tools' menuitem: Informatie over GfK Internet Monitor - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\GfK Internet Monitor\Gacela2.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\gfklspservice.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\gfklspservice.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\gfklspservice.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\gfklspservice.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\gfklspservice.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GfK-Reporting-Service - Unknown owner - C:\Program Files\GfK Internet Monitor\GfK-Reporting.exe O23 - Service: GfK-Update-Service - Unknown owner - C:\Program Files\GfK Internet Monitor\GfK-Updater.exe O23 - Service: GfkLSPService - GfK - C:\Program Files\GfKLSPService\GfKLSPService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: webcamXP Service (wxpSvc) - Unknown owner - C:\Program Files\wLite\wService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8380 bytes
  • Verwijder ComboFix van jouw bureaublad en download ComboFix alvast opnieuw. Open een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:4e7eb1d2c3]Kladblok[/b:4e7eb1d2c3]". Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:4e7eb1d2c3][color=Blue:4e7eb1d2c3]File:: c:\windows\system32\GfKLSPService.dll c:\programdata\Panda Security Toolbar Antiphishing\panda2_0dn.exe[/color:4e7eb1d2c3][/b:4e7eb1d2c3] Sla dit kladblokbestand op je bureaublad op als [b:4e7eb1d2c3]CFScript.txt[/b:4e7eb1d2c3]. [b:4e7eb1d2c3][color=Red:4e7eb1d2c3]Nu eerst de antivirus deaktiveren![/color:4e7eb1d2c3][/b:4e7eb1d2c3] Sleep CFScript.txt in ComboFix.exe [img:4e7eb1d2c3]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/img:4e7eb1d2c3] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix log dat na het opnieuw starten wordt getoond!
  • ComboFix 11-09-24.04 - Martin 25-09-2011 20:36:35.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1982.1139 [GMT 2:00] Gestart vanuit: c:\users\Martin\Documents\Downloads\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\users\Martin\Desktop\CFScript.txt. - Snelkoppeling.lnk AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-08-25 to 2011-09-25 )))))))))))))))))))))))))))))) . . 2011-09-25 19:04 . 2011-09-25 19:04 -------- d-----w- c:\users\Martin\AppData\Local\temp 2011-09-25 19:04 . 2011-09-25 19:04 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2011-09-25 19:04 . 2011-09-25 19:04 -------- d-----w- c:\users\Petra\AppData\Local\temp 2011-09-25 19:04 . 2011-09-25 19:04 -------- d-----w- c:\users\Laura\AppData\Local\temp 2011-09-25 19:04 . 2011-09-25 19:04 -------- d-----w- c:\users\Jarno\AppData\Local\temp 2011-09-25 19:04 . 2011-09-25 19:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-09-25 14:16 . 2011-09-25 14:16 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E167DA7-CABA-4F33-87B9-B9624255140D}\offreg.dll 2011-09-24 19:38 . 2011-09-24 19:38 -------- d-----w- c:\program files\Common Files\iS3 2011-09-24 19:38 . 2011-09-25 18:11 -------- d-----w- c:\programdata\STOPzilla! 2011-09-23 10:36 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E167DA7-CABA-4F33-87B9-B9624255140D}\mpengine.dll 2011-09-22 06:45 . 2011-09-22 06:45 -------- d-----w- c:\users\Laura\AppData\Roaming\Malwarebytes 2011-09-22 06:44 . 2011-09-22 06:48 -------- d-----w- c:\users\Laura\AppData\Local\panda2_0dn 2011-09-22 00:38 . 2011-09-22 00:41 -------- d-----w- c:\users\Petra\AppData\Local\panda2_0dn 2011-09-21 21:07 . 2011-09-21 21:07 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes 2011-09-21 21:07 . 2011-09-21 21:07 -------- d-----w- c:\programdata\Malwarebytes 2011-09-21 21:07 . 2011-09-21 21:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-09-21 21:07 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-21 20:32 . 2011-09-21 20:32 388096 ----a-r- c:\users\Martin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-09-21 20:32 . 2011-09-21 20:32 -------- d-----w- c:\program files\Trend Micro 2011-09-21 19:35 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-09-21 19:35 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-09-21 19:35 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-09-21 19:35 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-09-21 19:35 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-21 19:35 . 2011-09-06 20:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-09-21 19:34 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr 2011-09-21 19:34 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-09-21 19:34 . 2011-09-21 19:34 -------- d-----w- c:\programdata\AVAST Software 2011-09-21 19:34 . 2011-09-21 19:34 -------- d-----w- c:\program files\AVAST Software 2011-09-21 18:23 . 2011-09-21 18:27 -------- d-----w- c:\users\Martin\AppData\Local\panda2_0dn 2011-09-14 05:01 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-09-08 18:20 . 2011-09-08 18:20 -------- dc----w- C:\logs 2011-09-05 05:39 . 2011-09-05 05:39 913160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-09-04 16:15 . 2011-09-13 06:55 -------- d-----w- c:\users\Martin\AppData\Roaming\vlc 2011-09-04 15:25 . 2011-09-04 15:25 -------- d-----w- c:\users\Martin\AppData\Roaming\CyberLink 2011-09-04 15:24 . 2011-09-04 15:24 -------- d-----w- c:\users\Martin\AppData\Roaming\HP 2011-08-27 22:06 . 2011-08-27 22:06 -------- d-----w- c:\program files\VS Revo Group . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-01 13:09 . 2011-08-12 19:32 326392 ----a-w- c:\windows\system32\GfKLSPService64.dll 2011-08-01 13:09 . 2011-08-12 19:32 3414776 ----a-w- c:\windows\system32\GfKLSPService.exe 2011-08-01 13:08 . 2011-05-22 18:53 269560 ----a-w- c:\windows\system32\GfKLSPService.dll 2011-07-22 02:54 . 2011-08-13 15:34 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-07-22 02:48 . 2011-08-13 15:34 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-07-22 02:44 . 2011-08-13 15:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-19 03:05 . 2010-05-10 17:18 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-11 13:25 . 2011-08-24 07:43 2048 ----a-w- c:\windows\system32\tzres.dll 2011-07-06 15:31 . 2011-08-12 19:14 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-28 15:37 . 2009-11-24 16:33 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Panda Security Toolbar Antiphishing"="c:\programdata\Panda Security Toolbar Antiphishing\panda2_0dn.exe" [2010-12-08 223400] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-29 19:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-09-10 22:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-05-27 12:52 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] 2007-07-16 16:54 311984 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GfK-WatchDog] 2011-08-01 13:08 57592 ----a-w- c:\program files\GfKLSPService\GfK-WatchDog.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-12-16 13:31 135664 ----atw- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler] 2007-03-12 09:54 50696 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-02-16 21:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] 2007-03-01 11:18 472776 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher] 2006-11-07 15:39 44128 ----a-w- c:\windows\SMINST\Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon] 2007-07-16 16:54 25264 ----a-w- c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe] 2007-07-16 16:54 434864 ----a-w- c:\program files\Lexmark 3500-4500 Series\lxdimon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] 2007-02-13 09:38 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] 2007-04-23 16:11 176128 ----a-w- c:\program files\HP\QuickPlay\QPService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 16:38 421888 ----a-w- c:\program files\Final Codecs\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-06-12 20:14 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2010-05-27 20:31 1721640 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TNS NIPO Clicks] 2011-02-02 17:52 874496 ----a-w- c:\users\Martin\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 135664] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 135664] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616] S2 GfK-Reporting-Service;GfK-Reporting-Service;c:\program files\GfK Internet Monitor\GfK-Reporting.exe [2011-01-20 102400] S2 GfK-Update-Service;GfK-Update-Service;c:\program files\GfK Internet Monitor\GfK-Updater.exe [2011-01-20 180224] S2 GfkLSPService;GfkLSPService;c:\program files\GfKLSPService\GfKLSPService.exe [2011-08-01 3414776] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - Lavasoft Kernexplorer . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2011-09-25 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-01 14:01] . 2011-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 18:01] . 2011-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 18:01] . 2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1000Core.job - c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 13:31] . 2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1000UA.job - c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 13:31] . 2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1001Core.job - c:\users\Petra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 19:46] . 2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1001UA.job - c:\users\Petra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 19:46] . 2011-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1002Core.job - c:\users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-02 19:02] . 2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1002UA.job - c:\users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-02 19:02] . 2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1003Core.job - c:\users\Jarno\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-27 11:11] . 2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1003UA.job - c:\users\Jarno\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-27 11:11] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.startpagina.nl/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html LSP: c:\windows\system32\GfKLSPService.DLL Trusted Zone: alysis.nl\loginlight Trusted Zone: alysis.nl\oma00 TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-09-25 21:04 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wxpSvc] "ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2011-09-25 21:10:05 ComboFix-quarantined-files.txt 2011-09-25 19:10 ComboFix2.txt 2011-09-23 19:46 . Pre-Run: 35.563.442.176 bytes beschikbaar Post-Run: 34.949.943.296 bytes beschikbaar . - - End Of File - - 059FDD3BC6F1AEC3CFB5AF112768191D
  • Het script heeft niet gewerkt. Had jij comboFix wel met administratorrechten opgestart? Zo niet, dan de hele handeling opnieuw doen!
  • Bij deze nog een keer: ComboFix 11-09-26.01 - Martin 26-09-2011 15:37:39.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1982.1059 [GMT 2:00] Gestart vanuit: c:\users\Martin\Documents\Downloads\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\users\Martin\Desktop\CFScript.txt. - Snelkoppeling.lnk AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!userinit.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-08-26 to 2011-09-26 )))))))))))))))))))))))))))))) . . 2011-09-26 13:56 . 2011-09-26 14:02 -------- d-----w- c:\users\Martin\AppData\Local\temp 2011-09-26 13:56 . 2011-09-26 13:56 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2011-09-26 13:56 . 2011-09-26 13:56 -------- d-----w- c:\users\Petra\AppData\Local\temp 2011-09-26 13:56 . 2011-09-26 13:56 -------- d-----w- c:\users\Laura\AppData\Local\temp 2011-09-26 13:56 . 2011-09-26 13:56 -------- d-----w- c:\users\Jarno\AppData\Local\temp 2011-09-26 13:56 . 2011-09-26 13:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-09-24 19:38 . 2011-09-24 19:38 -------- d-----w- c:\program files\Common Files\iS3 2011-09-24 19:38 . 2011-09-25 18:11 -------- d-----w- c:\programdata\STOPzilla! 2011-09-22 06:45 . 2011-09-22 06:45 -------- d-----w- c:\users\Laura\AppData\Roaming\Malwarebytes 2011-09-22 06:44 . 2011-09-22 06:48 -------- d-----w- c:\users\Laura\AppData\Local\panda2_0dn 2011-09-22 00:38 . 2011-09-22 00:41 -------- d-----w- c:\users\Petra\AppData\Local\panda2_0dn 2011-09-21 21:07 . 2011-09-21 21:07 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes 2011-09-21 21:07 . 2011-09-21 21:07 -------- d-----w- c:\programdata\Malwarebytes 2011-09-21 21:07 . 2011-09-21 21:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-09-21 21:07 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-21 20:32 . 2011-09-21 20:32 388096 ----a-r- c:\users\Martin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-09-21 20:32 . 2011-09-21 20:32 -------- d-----w- c:\program files\Trend Micro 2011-09-21 19:35 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-09-21 19:35 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-09-21 19:35 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-09-21 19:35 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-09-21 19:35 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-21 19:35 . 2011-09-06 20:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-09-21 19:34 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr 2011-09-21 19:34 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-09-21 19:34 . 2011-09-21 19:34 -------- d-----w- c:\programdata\AVAST Software 2011-09-21 19:34 . 2011-09-21 19:34 -------- d-----w- c:\program files\AVAST Software 2011-09-21 18:23 . 2011-09-21 18:27 -------- d-----w- c:\users\Martin\AppData\Local\panda2_0dn 2011-09-14 05:01 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-09-08 18:20 . 2011-09-08 18:20 -------- dc----w- C:\logs 2011-09-05 05:39 . 2011-09-05 05:39 913160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-09-04 16:15 . 2011-09-13 06:55 -------- d-----w- c:\users\Martin\AppData\Roaming\vlc 2011-09-04 15:25 . 2011-09-04 15:25 -------- d-----w- c:\users\Martin\AppData\Roaming\CyberLink 2011-09-04 15:24 . 2011-09-04 15:24 -------- d-----w- c:\users\Martin\AppData\Roaming\HP 2011-08-27 22:06 . 2011-08-27 22:06 -------- d-----w- c:\program files\VS Revo Group . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-26 13:58 . 2011-09-26 13:58 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E167DA7-CABA-4F33-87B9-B9624255140D}\offreg.dll 2011-09-12 23:14 . 2011-09-23 10:36 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E167DA7-CABA-4F33-87B9-B9624255140D}\mpengine.dll 2011-08-01 13:09 . 2011-08-12 19:32 326392 ----a-w- c:\windows\system32\GfKLSPService64.dll 2011-08-01 13:09 . 2011-08-12 19:32 3414776 ----a-w- c:\windows\system32\GfKLSPService.exe 2011-08-01 13:08 . 2011-05-22 18:53 269560 ----a-w- c:\windows\system32\GfKLSPService.dll 2011-07-22 02:54 . 2011-08-13 15:34 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-07-22 02:48 . 2011-08-13 15:34 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-07-22 02:44 . 2011-08-13 15:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-19 03:05 . 2010-05-10 17:18 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-11 13:25 . 2011-08-24 07:43 2048 ----a-w- c:\windows\system32\tzres.dll 2011-07-06 15:31 . 2011-08-12 19:14 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-28 15:37 . 2009-11-24 16:33 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Panda Security Toolbar Antiphishing"="c:\programdata\Panda Security Toolbar Antiphishing\panda2_0dn.exe" [2010-12-08 223400] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-29 19:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-09-10 22:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-05-27 12:52 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] 2007-07-16 16:54 311984 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GfK-WatchDog] 2011-08-01 13:08 57592 ----a-w- c:\program files\GfKLSPService\GfK-WatchDog.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-12-16 13:31 135664 ----atw- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler] 2007-03-12 09:54 50696 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-02-16 21:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] 2007-03-01 11:18 472776 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher] 2006-11-07 15:39 44128 ----a-w- c:\windows\SMINST\Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon] 2007-07-16 16:54 25264 ----a-w- c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe] 2007-07-16 16:54 434864 ----a-w- c:\program files\Lexmark 3500-4500 Series\lxdimon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] 2007-02-13 09:38 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] 2007-04-23 16:11 176128 ----a-w- c:\program files\HP\QuickPlay\QPService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 16:38 421888 ----a-w- c:\program files\Final Codecs\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-06-12 20:14 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2010-05-27 20:31 1721640 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TNS NIPO Clicks] 2011-02-02 17:52 874496 ----a-w- c:\users\Martin\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 135664] R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 135664] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe [2010-05-02 5027328] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-09 691696] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616] S2 GfK-Reporting-Service;GfK-Reporting-Service;c:\program files\GfK Internet Monitor\GfK-Reporting.exe [2011-01-20 102400] S2 GfK-Update-Service;GfK-Update-Service;c:\program files\GfK Internet Monitor\GfK-Updater.exe [2011-01-20 180224] S2 GfkLSPService;GfkLSPService;c:\program files\GfKLSPService\GfKLSPService.exe [2011-08-01 3414776] S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 517040] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2011-09-26 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-01 14:01] . 2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 18:01] . 2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 18:01] . 2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1000Core.job - c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 13:31] . 2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1000UA.job - c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 13:31] . 2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1001Core.job - c:\users\Petra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 19:46] . 2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1001UA.job - c:\users\Petra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-16 19:46] . 2011-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1002Core.job - c:\users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-02 19:02] . 2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1002UA.job - c:\users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-02 19:02] . 2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1003Core.job - c:\users\Jarno\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-27 11:11] . 2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033497897-1838255974-2562455912-1003UA.job - c:\users\Jarno\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-27 11:11] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.startpagina.nl/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html LSP: c:\windows\system32\GfKLSPService.DLL Trusted Zone: alysis.nl\loginlight Trusted Zone: alysis.nl\oma00 TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-09-26 16:02 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wxpSvc] "ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(4296) c:\programdata\Panda Security Toolbar Antiphishing\panda2_0dn.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\rundll32.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\conime.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Voltooingstijd: 2011-09-26 16:12:25 - machine werd herstart ComboFix-quarantined-files.txt 2011-09-26 14:12 ComboFix2.txt 2011-09-25 19:10 ComboFix3.txt 2011-09-23 19:46 . Pre-Run: 34.846.351.360 bytes beschikbaar Post-Run: 34.905.300.992 bytes beschikbaar . - - End Of File - - 7298D4B295E7D06824159FAB0752BA96
  • Er zijn dus drie gebruikers in deze Windows. Zijn alle accounts met beheerdersrechten? En wie van deze drie gebruikers heeft er voor gezorgd dat van http://www.nurago.com/en er bestanden in de PC staan die feitelijk spyware zijn! Datzelfde geldt voor de Panda securitybar, een van de drie heeft ervoor gezorgd dat dit kreng in Windows is terchtgekomen! En mogelijk - net als met Nurago heb jij geen rechten om een en ander te verwijderen! Maar we proberen het nogmaals: open wederom een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:b6fb463bb8]Kladblok[/b:b6fb463bb8]". Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:b6fb463bb8][COLOR="Blue"]File:: c:\users\Laura\AppData\Local\panda2_0dn c:\users\Petra\AppData\Local\panda2_0dn c:\users\Martin\AppData\Local\panda2_0dn c:\programdata\Panda Security Toolbar Antiphishing\panda2_0dn.dll Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Panda Security Toolbar Antiphishing"="- [/COLOR][/b:b6fb463bb8] Sla dit kladblokbestand op je bureaublad op als [b:b6fb463bb8]CFScript.txt[/b:b6fb463bb8]. [b:b6fb463bb8][COLOR="Red"]Nu eerst de antivirus deaktiveren![/COLOR][/b:b6fb463bb8] Sleep CFScript.txt in ComboFix.exe [img:b6fb463bb8]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/img:b6fb463bb8] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix-log dat na het opnieuw starten wordt getoond via de kleurcodeerder!

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.