Vraag & Antwoord

Beveiliging & privacy

D is niet te openen/benaderbaar

33 antwoorden
  • Op een laptop verschijnen de meldingen: 1. hard drive clusters are partly damaged- segment load failure 2. windows detected a hard disk problem. Laptop is vervolgens niet meer op te starten. In veilige modes heb ik via systeemherstel een oude setting kunnen terughalen. Boel draait nu weer naar behoren ................................ behalve dan dat de D-schijf niet meer benaderbaar is. Windows verkenner geeft wel 34 GB opslag weer, Malwarebyte's en Norton 360 scannen bestanden, maar ik kan ze niet benaderen. Kan iemand eens even naar het volgende overzicht kijken misschien? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:24:48, on 16-2-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe C:\Windows\SysWOW64\msiexec.exe C:\Users\Bert Groen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJFOBQM3\HijackThis.exe C:\Windows\syswow64\MsiExec.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_7715z&r=273611090425l03h4z155t48l2c82o R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_7715z&r=273611090425l03h4z155t48l2c82o R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_7715z&r=273611090425l03h4z155t48l2c82o R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11014 bytes
  • Windows geeft niet voor niks die waarschuwingen! [b:125693c3cf]Welk programma[/b:125693c3cf]: CrystalDiskInfo [b:125693c3cf]Waarvoor/waarom[/b:125693c3cf]: controle van van SMART-gegevens van de harddisk(s) [b:125693c3cf]Moeilijkheidsgraad[/b:125693c3cf]: geen. [b:125693c3cf]Download CrystalDiskInfo[/b:125693c3cf] [url=http://crystalmark.info/software/CrystalDiskInfo/index-e.html][b:125693c3cf]hier[/b:125693c3cf][/url] [img:125693c3cf]http://www.imgdumper.nl/uploads4/4df870efec9f5/4df870efeba86-CrystalDiskInfo.png[/img:125693c3cf] Installeer het tool en start vervolgens CrystalDiskInfo Het tool leest daarop de SMART-gegevens van de aangesloten harddisks. Is de kleur Blauw - dan volledig gezond. Is de kleur Geel - dan zijn er problemen. Is de kleur Rood - dan de HD z.s.m. vervangen. Bij SSD's wordt ook de gezondheidstoestand van de SSD's vermeld (Health)
  • Ga ik proberen. C en D zijn overigens partities op één en dezelfde HD ................ C geeft geen probleem.
  • Indien er clusters kapot zijn, worden deze steeds groter en de inhoud van die kapotte clusters wordt over de rest van de HD uitgesmeerd. Net zolang, totdat de HD het opgeeft!
  • Uitslag = BLAUW
  • Verrassend. [color=#FF0000:1c7e546f56][b:1c7e546f56]Stap •1•[/b:1c7e546f56][/color:1c7e546f56] Sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:1c7e546f56]Fix checked[/b:1c7e546f56] klikt! Start nu HijackThis middels rechtsklik met Administratorrechten (lukt dat niet ga dan naar de installatielokatie van HijackThis en start "hijackthis.exe" vervolgens met administratorrechten.)en klik op de knop [b:1c7e546f56]Do a Scan only, O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) [/b:1c7e546f56] [list:1c7e546f56][*:1c7e546f56] zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen [*:1c7e546f56] Sluit nu de webbrowser en vervolgens klik je daarna op de knop [b:1c7e546f56]Fix checked[/b:1c7e546f56] [*:1c7e546f56] Klik hierna HijackThis op uit.[/list:u:1c7e546f56] [color=#FF0000:1c7e546f56][b:1c7e546f56]Stap •2•[/b:1c7e546f56][/color:1c7e546f56] [b:1c7e546f56]Welk programma[/b:1c7e546f56]: [b:1c7e546f56]TDSSStarter.exe[/b:1c7e546f56] [b:1c7e546f56]Waarvoor/waarom[/b:1c7e546f56]: Rootkitscanner [b:1c7e546f56]Moeilijkheidsgraad[/b:1c7e546f56]: geen Download [b:1c7e546f56][url=http://home.kpn.nl/stefsmeenk/tools/TDSSKStarter.exe]TDSSStarter[/url][/b:1c7e546f56] naar het bureaublad. Tijdelijk downloadlink: [b:1c7e546f56][url=http://www.malwareinfo.nl/tools/TDSSKStarter.exe]TDSSStarter[/url][/b:1c7e546f56] [b:1c7e546f56]"TDSSSStarter.exe" gebruiken[/b:1c7e546f56]: [list:1c7e546f56][*:1c7e546f56] [b:1c7e546f56][color=#0000FF:1c7e546f56]Sluit nu eerst alle nog openstaande programmavensters![/color:1c7e546f56][/b:1c7e546f56] [list:1c7e546f56][*:1c7e546f56][b:1c7e546f56][color=#0000FF:1c7e546f56]Windows 2000[/color:1c7e546f56][/b:1c7e546f56] en [color=#0000FF:1c7e546f56][b:1c7e546f56]Windows XP[/b:1c7e546f56][/color:1c7e546f56]: start het tool middels dubbelklik op "[i:1c7e546f56] TDSSStarter .exe[/i:1c7e546f56]". [*:1c7e546f56][color=#0000FF:1c7e546f56][b:1c7e546f56]Windows Vista[/b:1c7e546f56][/color:1c7e546f56] en [color=#0000FF:1c7e546f56][b:1c7e546f56]Windows 7[/b:1c7e546f56][/color:1c7e546f56]: start het tool middels rechtsklik op "[i:1c7e546f56]TDSSStarter.exe[/i:1c7e546f56]" en dan kiezen voor [i:1c7e546f56][b:1c7e546f56]Als Administrator uitvoeren[/b:1c7e546f56][/i:1c7e546f56].[/list:u:1c7e546f56] [*:1c7e546f56]Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten. [*:1c7e546f56]Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.[/list:u:1c7e546f56] [color=#FF0000:1c7e546f56][b:1c7e546f56]Stap •3•[/b:1c7e546f56][/color:1c7e546f56] [b:1c7e546f56]Welk programma[/b:1c7e546f56]: ComboFix [b:1c7e546f56]Waarvoor/waarom[/b:1c7e546f56]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:1c7e546f56]Moeilijkheidsgraad[/b:1c7e546f56]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:1c7e546f56]Downloadlokatie[/b:1c7e546f56]: Dit programma absoluut naar het bureaublad downloaden! [b:1c7e546f56]Download ComboFix via één van deze locaties[/b:1c7e546f56]: [list:1c7e546f56][*:1c7e546f56][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:1c7e546f56]Bleepingcomputer[/b:1c7e546f56][/url] [*:1c7e546f56][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:1c7e546f56]ForoSpyware[/b:1c7e546f56][/url] [*:1c7e546f56][url=http://subs.geekstogo.com/ComboFix.exe][b:1c7e546f56]Geekstogo[/b:1c7e546f56][/url][/list:u:1c7e546f56] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:1c7e546f56]Hier[/b:1c7e546f56][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:1c7e546f56]Hier[/b:1c7e546f56][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:1c7e546f56]hier[/b:1c7e546f56][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:1c7e546f56]Voor alle duidelijkheid nogmaals[/b:1c7e546f56]: ComboFix dient vanaf het bureaublad gestart te worden. [b:1c7e546f56]Opmerkingen[/b:1c7e546f56]: [list:1c7e546f56][*:1c7e546f56] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).[/list:u:1c7e546f56] [b:1c7e546f56]ComboFix opstarten[/b:1c7e546f56]: [list:1c7e546f56][*:1c7e546f56] [b:1c7e546f56][color=#0000FF:1c7e546f56]Sluit nu eerst alle nog openstaande programmavensters![/color:1c7e546f56][/b:1c7e546f56] [list:1c7e546f56][*:1c7e546f56][b:1c7e546f56][color=#0000FF:1c7e546f56]Windows 2000[/color:1c7e546f56][/b:1c7e546f56] en [color=#0000FF:1c7e546f56][b:1c7e546f56]Windows XP[/b:1c7e546f56][/color:1c7e546f56]: start ComboFix.exe middels dubbelklik op ComboFix.exe. [*:1c7e546f56][color=#0000FF:1c7e546f56][b:1c7e546f56]Windows Vista[/b:1c7e546f56][/color:1c7e546f56] en [color=#0000FF:1c7e546f56][b:1c7e546f56]Windows 7[/b:1c7e546f56][/color:1c7e546f56]: start ComboFix.exe via rechtsklik op ComboFix.exe en kies dan voor [i:1c7e546f56][b:1c7e546f56]Als Administrator uitvoeren[/b:1c7e546f56][/i:1c7e546f56].[/list:u:1c7e546f56][/list:u:1c7e546f56] [b:1c7e546f56]ComboFix is opgestart[/b:1c7e546f56]: [list:1c7e546f56][*:1c7e546f56]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:1c7e546f56]Combofix sluit tijdens de scan de internet verbinding; probeer deze tussentijds niet te herstellen! [*:1c7e546f56]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:1c7e546f56]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:1c7e546f56]Post de inhoud van dit logbestand in je volgende bericht. [*:1c7e546f56]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:1c7e546f56] [b:1c7e546f56]Belangrijke opmerking[/b:1c7e546f56]: [list:1c7e546f56][*:1c7e546f56][b:1c7e546f56][color=Red:1c7e546f56]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:1c7e546f56][/b:1c7e546f56] [*:1c7e546f56][b:1c7e546f56][color=blue:1c7e546f56]Illegal operation attempted on a registery key that has been marked for deletion.[/color:1c7e546f56][/b:1c7e546f56] [*:1c7e546f56][b:1c7e546f56][color=Red:1c7e546f56]Start dan de computer opnieuw op.[/color:1c7e546f56][/b:1c7e546f56][/list:u:1c7e546f56] [color=#FF0000:1c7e546f56][b:1c7e546f56]Stap •4•[/b:1c7e546f56][/color:1c7e546f56] [b:1c7e546f56]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:1c7e546f56] [list:1c7e546f56][*:1c7e546f56] TDSSKStarter-log [*:1c7e546f56] ComboFix.txt-log [/list:u:1c7e546f56]
  • Zo ... duurt even, maar dan heb je ook wat: 19:38:19.0736 4184 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14 19:38:19.0736 4184 ============================================================ 19:38:19.0736 4184 Current date / time: 2012/02/16 19:38:19.0736 19:38:19.0736 4184 SystemInfo: 19:38:19.0736 4184 19:38:19.0736 4184 OS Version: 6.1.7601 ServicePack: 1.0 19:38:19.0736 4184 Product type: Workstation 19:38:19.0736 4184 ComputerName: BERTGROEN-PC 19:38:19.0736 4184 UserName: Bert Groen 19:38:19.0736 4184 Windows directory: C:\Windows 19:38:19.0736 4184 System windows directory: C:\Windows 19:38:19.0736 4184 Running under WOW64 19:38:19.0736 4184 Processor architecture: Intel x64 19:38:19.0736 4184 Number of processors: 2 19:38:19.0736 4184 Page size: 0x1000 19:38:19.0736 4184 Boot type: Normal boot 19:38:19.0736 4184 ============================================================ 19:38:28.0550 4184 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:38:28.0596 4184 Drive \Device\Harddisk1\DR6 - Size: 0x3C780000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 19:38:28.0612 4184 \Device\Harddisk0\DR0: 19:38:28.0643 4184 MBR used 19:38:28.0643 4184 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD 19:38:28.0643 4184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0xDEE4A44 19:38:28.0706 4184 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF71A800, BlocksNum 0xDAAA800 19:38:28.0706 4184 \Device\Harddisk1\DR6: 19:38:28.0706 4184 MBR used 19:38:28.0706 4184 \Device\Harddisk1\DR6\Partition0: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x1E3BC1 19:38:29.0236 4184 Initialize success 19:38:29.0236 4184 ============================================================ 19:38:29.0267 4228 ============================================================ 19:38:29.0267 4228 Scan started 19:38:29.0267 4228 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent; 19:38:29.0267 4228 ============================================================ 19:38:36.0428 4228 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 19:38:37.0130 4228 1394ohci - ok 19:38:38.0066 4228 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 19:38:38.0081 4228 ACPI - ok 19:38:38.0830 4228 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 19:38:39.0236 4228 AcpiPmi - ok 19:38:40.0796 4228 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 19:38:40.0858 4228 adp94xx - ok 19:38:42.0012 4228 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 19:38:42.0090 4228 adpahci - ok 19:38:43.0058 4228 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 19:38:43.0120 4228 adpu320 - ok 19:38:44.0118 4228 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 19:38:44.0290 4228 AFD - ok 19:38:45.0164 4228 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 19:38:45.0195 4228 agp440 - ok 19:38:46.0271 4228 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 19:38:46.0318 4228 aliide - ok 19:38:47.0535 4228 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 19:38:47.0597 4228 amdide - ok 19:38:49.0032 4228 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 19:38:49.0454 4228 AmdK8 - ok 19:38:50.0686 4228 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 19:38:50.0920 4228 AmdPPM - ok 19:38:52.0106 4228 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 19:38:52.0121 4228 amdsata - ok 19:38:53.0026 4228 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 19:38:53.0120 4228 amdsbs - ok 19:38:53.0962 4228 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 19:38:54.0056 4228 amdxata - ok 19:38:55.0257 4228 ApfiltrService (c79c86a0395689045710e24d64e5e086) C:\Windows\system32\DRIVERS\Apfiltr.sys 19:38:56.0708 4228 ApfiltrService - ok 19:38:57.0534 4228 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 19:39:04.0008 4228 AppID - ok 19:39:05.0116 4228 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 19:39:05.0163 4228 arc - ok 19:39:06.0177 4228 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 19:39:06.0208 4228 arcsas - ok 19:39:07.0300 4228 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 19:39:14.0211 4228 AsyncMac - ok 19:39:15.0194 4228 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 19:39:15.0240 4228 atapi - ok 19:39:17.0409 4228 athr (e8e1ae3caa4c7286d40715336d8a11d4) C:\Windows\system32\DRIVERS\athrx.sys 19:39:17.0690 4228 athr - ok 19:39:19.0140 4228 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 19:39:19.0421 4228 b06bdrv - ok 19:39:20.0373 4228 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 19:39:20.0560 4228 b57nd60a - ok 19:39:22.0526 4228 BCM43XX (fb4fda64f2e8552eaeb5986c3f34462c) C:\Windows\system32\DRIVERS\bcmwl664.sys 19:39:22.0635 4228 BCM43XX - ok 19:39:23.0555 4228 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 19:39:23.0758 4228 Beep - ok 19:39:25.0802 4228 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120215.001\BHDrvx64.sys 19:39:25.0911 4228 BHDrvx64 - ok 19:39:26.0722 4228 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 19:39:26.0847 4228 blbdrive - ok 19:39:27.0954 4228 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 19:39:28.0048 4228 bowser - ok 19:39:28.0594 4228 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:39:29.0249 4228 BrFiltLo - ok 19:39:29.0936 4228 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:39:30.0045 4228 BrFiltUp - ok 19:39:30.0887 4228 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 19:39:31.0152 4228 Brserid - ok 19:39:32.0073 4228 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 19:39:32.0198 4228 BrSerWdm - ok 19:39:32.0853 4228 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 19:39:32.0993 4228 BrUsbMdm - ok 19:39:33.0836 4228 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 19:39:33.0960 4228 BrUsbSer - ok 19:39:34.0631 4228 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 19:39:34.0740 4228 BTHMODEM - ok 19:39:35.0770 4228 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 19:39:35.0926 4228 cdfs - ok 19:39:36.0940 4228 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 19:39:37.0158 4228 cdrom - ok 19:39:38.0188 4228 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 19:39:38.0406 4228 circlass - ok 19:39:39.0280 4228 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 19:39:39.0420 4228 CLFS - ok 19:39:40.0824 4228 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 19:39:40.0856 4228 CmBatt - ok 19:39:41.0714 4228 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 19:39:41.0807 4228 cmdide - ok 19:39:42.0884 4228 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 19:39:43.0118 4228 CNG - ok 19:39:44.0116 4228 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 19:39:44.0194 4228 Compbatt - ok 19:39:45.0177 4228 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 19:39:45.0380 4228 CompositeBus - ok 19:39:46.0394 4228 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 19:39:46.0472 4228 crcdisk - ok 19:39:47.0782 4228 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 19:39:47.0923 4228 DfsC - ok 19:39:48.0905 4228 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 19:39:49.0046 4228 discache - ok 19:39:49.0982 4228 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 19:39:50.0013 4228 Disk - ok 19:39:50.0153 4228 DKbFltr - ok 19:39:51.0199 4228 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 19:39:51.0323 4228 drmkaud - ok 19:39:52.0571 4228 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 19:39:52.0665 4228 DXGKrnl - ok 19:39:54.0350 4228 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 19:39:54.0537 4228 ebdrv - ok 19:39:55.0660 4228 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 19:39:55.0723 4228 eeCtrl - ok 19:39:56.0846 4228 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 19:39:56.0924 4228 elxstor - ok 19:39:57.0875 4228 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 19:39:57.0891 4228 EraserUtilRebootDrv - ok 19:39:58.0733 4228 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 19:39:58.0905 4228 ErrDev - ok 19:39:59.0701 4228 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 19:39:59.0872 4228 exfat - ok 19:40:00.0621 4228 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 19:40:00.0808 4228 fastfat - ok 19:40:01.0541 4228 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 19:40:01.0635 4228 fdc - ok 19:40:02.0477 4228 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 19:40:02.0555 4228 FileInfo - ok 19:40:03.0429 4228 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 19:40:03.0554 4228 Filetrace - ok 19:40:04.0381 4228 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 19:40:04.0505 4228 flpydisk - ok 19:40:05.0488 4228 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 19:40:05.0566 4228 FltMgr - ok 19:40:06.0315 4228 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 19:40:06.0409 4228 FsDepends - ok 19:40:07.0313 4228 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys 19:40:07.0345 4228 fssfltr - ok 19:40:08.0265 4228 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 19:40:08.0312 4228 Fs_Rec - ok 19:40:09.0139 4228 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 19:40:09.0185 4228 fvevol - ok 19:40:09.0934 4228 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 19:40:09.0965 4228 gagp30kx - ok 19:40:10.0745 4228 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 19:40:10.0855 4228 GEARAspiWDM - ok 19:40:12.0649 4228 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 19:40:12.0883 4228 hcw85cir - ok 19:40:14.0006 4228 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 19:40:14.0162 4228 HdAudAddService - ok 19:40:15.0160 4228 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 19:40:15.0316 4228 HDAudBus - ok 19:40:16.0096 4228 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 19:40:16.0237 4228 HidBatt - ok 19:40:17.0017 4228 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 19:40:17.0188 4228 HidBth - ok 19:40:17.0953 4228 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 19:40:18.0062 4228 HidIr - ok 19:40:18.0811 4228 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 19:40:18.0904 4228 HidUsb - ok 19:40:19.0700 4228 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 19:40:19.0715 4228 HpSAMD - ok 19:40:20.0527 4228 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 19:40:20.0745 4228 HTTP - ok 19:40:21.0634 4228 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 19:40:21.0697 4228 hwpolicy - ok 19:40:22.0523 4228 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 19:40:22.0570 4228 i8042prt - ok 19:40:23.0600 4228 iaStor (8180a2392e732e8871589b54fab6991f) C:\Windows\system32\DRIVERS\iaStor.sys 19:40:23.0631 4228 iaStor - ok 19:40:24.0926 4228 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 19:40:24.0957 4228 iaStorV - ok 19:40:26.0564 4228 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120215.002\IDSvia64.sys 19:40:26.0657 4228 IDSVia64 - ok 19:40:30.0433 4228 igfx (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys 19:40:30.0838 4228 igfx - ok 19:40:31.0509 4228 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 19:40:31.0681 4228 iirsp - ok 19:40:34.0005 4228 IntcAzAudAddService (f2744fd54be1580be05916d1c755c92a) C:\Windows\system32\drivers\RTKVHD64.sys 19:40:34.0333 4228 IntcAzAudAddService - ok 19:40:34.0925 4228 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 19:40:34.0988 4228 intelide - ok 19:40:35.0612 4228 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 19:40:35.0768 4228 intelppm - ok 19:40:36.0392 4228 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:40:36.0501 4228 IpFilterDriver - ok 19:40:37.0125 4228 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 19:40:37.0234 4228 IPMIDRV - ok 19:40:37.0874 4228 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 19:40:37.0967 4228 IPNAT - ok 19:40:38.0779 4228 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 19:40:39.0153 4228 IRENUM - ok 19:40:39.0777 4228 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 19:40:39.0855 4228 isapnp - ok 19:40:40.0573 4228 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 19:40:40.0666 4228 iScsiPrt - ok 19:40:41.0290 4228 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 19:40:41.0462 4228 kbdclass - ok 19:40:42.0086 4228 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 19:40:42.0304 4228 kbdhid - ok 19:40:42.0913 4228 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 19:40:42.0944 4228 KSecDD - ok 19:40:43.0396 4228 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 19:40:43.0412 4228 KSecPkg - ok 19:40:44.0051 4228 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 19:40:44.0129 4228 ksthunk - ok 19:40:44.0948 4228 L1C (fc010c7814ddac17389a7d87ea2ebb39) C:\Windows\system32\DRIVERS\L1C62x64.sys 19:40:44.0979 4228 L1C - ok 19:40:46.0055 4228 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys 19:40:46.0086 4228 LHidFilt - ok 19:40:47.0116 4228 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 19:40:54.0074 4228 lltdio - ok 19:40:54.0900 4228 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys 19:40:54.0932 4228 LMouFilt - ok 19:40:55.0602 4228 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 19:40:55.0634 4228 LSI_FC - ok 19:40:56.0460 4228 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 19:40:56.0616 4228 LSI_SAS - ok 19:40:57.0287 4228 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:40:57.0334 4228 LSI_SAS2 - ok 19:40:57.0942 4228 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:40:57.0974 4228 LSI_SCSI - ok 19:40:58.0722 4228 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 19:40:58.0878 4228 luafv - ok 19:40:59.0814 4228 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys 19:40:59.0846 4228 MBAMProtector - ok 19:41:01.0156 4228 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 19:41:01.0234 4228 megasas - ok 19:41:02.0186 4228 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 19:41:02.0217 4228 MegaSR - ok 19:41:03.0449 4228 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 19:41:03.0653 4228 Modem - ok 19:41:04.0402 4228 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 19:41:04.0464 4228 monitor - ok 19:41:05.0182 4228 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 19:41:05.0229 4228 mouclass - ok 19:41:06.0274 4228 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 19:41:06.0383 4228 mouhid - ok 19:41:07.0163 4228 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 19:41:07.0272 4228 mountmgr - ok 19:41:07.0990 4228 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 19:41:08.0005 4228 mpio - ok 19:41:08.0817 4228 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 19:41:08.0941 4228 mpsdrv - ok 19:41:09.0612 4228 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 19:41:10.0891 4228 MRxDAV - ok 19:41:11.0718 4228 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 19:41:11.0859 4228 mrxsmb - ok 19:41:12.0935 4228 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:41:13.0107 4228 mrxsmb10 - ok 19:41:14.0089 4228 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:41:14.0136 4228 mrxsmb20 - ok 19:41:15.0571 4228 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 19:41:15.0587 4228 msahci - ok 19:41:16.0273 4228 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 19:41:16.0289 4228 msdsm - ok 19:41:16.0897 4228 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 19:41:16.0960 4228 Msfs - ok 19:41:17.0537 4228 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 19:41:17.0662 4228 mshidkmdf - ok 19:41:18.0301 4228 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 19:41:18.0333 4228 msisadrv - ok 19:41:18.0988 4228 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 19:41:19.0081 4228 MSKSSRV - ok 19:41:19.0971 4228 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 19:41:20.0095 4228 MSPCLOCK - ok 19:41:20.0688 4228 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 19:41:20.0813 4228 MSPQM - ok 19:41:21.0468 4228 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 19:41:21.0515 4228 MsRPC - ok 19:41:22.0155 4228 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 19:41:22.0170 4228 mssmbios - ok 19:41:22.0888 4228 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 19:41:23.0075 4228 MSTEE - ok 19:41:23.0715 4228 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 19:41:23.0824 4228 MTConfig - ok 19:41:24.0417 4228 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 19:41:24.0463 4228 Mup - ok 19:41:25.0072 4228 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 19:41:25.0150 4228 mwlPSDFilter - ok 19:41:25.0821 4228 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 19:41:25.0852 4228 mwlPSDNServ - ok 19:41:26.0507 4228 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 19:41:26.0538 4228 mwlPSDVDisk - ok 19:41:27.0833 4228 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 19:41:27.0927 4228 NativeWifiP - ok 19:41:29.0315 4228 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120216.004\ENG64.SYS 19:41:29.0331 4228 NAVENG - ok 19:41:31.0390 4228 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120216.004\EX64.SYS 19:41:31.0483 4228 NAVEX15 - ok 19:41:32.0451 4228 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 19:41:32.0497 4228 NDIS - ok 19:41:33.0059 4228 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 19:41:33.0199 4228 NdisCap - ok 19:41:33.0901 4228 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 19:41:34.0089 4228 NdisTapi - ok 19:41:34.0993 4228 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 19:41:35.0149 4228 Ndisuio - ok 19:41:35.0883 4228 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 19:41:36.0008 4228 NdisWan - ok 19:41:36.0756 4228 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 19:41:36.0912 4228 NDProxy - ok 19:41:37.0599 4228 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 19:41:37.0724 4228 NetBIOS - ok 19:41:38.0504 4228 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 19:41:38.0613 4228 NetBT - ok 19:41:39.0207 4228 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 19:41:39.0238 4228 nfrd960 - ok 19:41:39.0971 4228 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 19:41:40.0080 4228 Npfs - ok 19:41:40.0798 4228 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 19:41:40.0860 4228 nsiproxy - ok 19:41:42.0405 4228 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 19:41:42.0498 4228 Ntfs - ok 19:41:43.0091 4228 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys 19:41:43.0122 4228 NTIDrvr - ok 19:41:43.0933 4228 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 19:41:44.0152 4228 Null - ok 19:41:45.0025 4228 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 19:41:45.0057 4228 nvraid - ok 19:41:45.0899 4228 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 19:41:45.0915 4228 nvstor - ok 19:41:46.0601 4228 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 19:41:46.0632 4228 nv_agp - ok 19:41:47.0490 4228 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 19:41:47.0553 4228 ohci1394 - ok 19:41:48.0270 4228 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 19:41:48.0333 4228 Parport - ok 19:41:48.0925 4228 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 19:41:48.0957 4228 partmgr - ok 19:41:49.0674 4228 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 19:41:49.0721 4228 pci - ok 19:41:50.0439 4228 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 19:41:50.0485 4228 pciide - ok 19:41:51.0078 4228 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 19:41:51.0109 4228 pcmcia - ok 19:41:51.0936 4228 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 19:41:51.0983 4228 pcw - ok 19:41:52.0857 4228 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 19:41:52.0966 4228 PEAUTH - ok 19:41:53.0808 4228 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 19:41:53.0902 4228 PptpMiniport - ok 19:41:54.0541 4228 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 19:41:54.0619 4228 Processor - ok 19:41:55.0337 4228 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 19:41:55.0555 4228 Psched - ok 19:41:56.0819 4228 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 19:41:56.0975 4228 ql2300 - ok 19:41:57.0708 4228 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 19:41:57.0739 4228 ql40xx - ok 19:41:58.0317 4228 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 19:41:58.0379 4228 QWAVEdrv - ok 19:41:58.0987 4228 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 19:41:59.0097 4228 RasAcd - ok 19:41:59.0861 4228 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 19:41:59.0955 4228 RasAgileVpn - ok 19:42:00.0657 4228 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 19:42:00.0766 4228 Rasl2tp - ok 19:42:01.0624 4228 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 19:42:01.0795 4228 RasPppoe - ok 19:42:02.0419 4228 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 19:42:02.0497 4228 RasSstp - ok 19:42:03.0324 4228 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 19:42:03.0433 4228 rdbss - ok 19:42:03.0964 4228 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 19:42:04.0026 4228 rdpbus - ok 19:42:04.0713 4228 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 19:42:04.0791 4228 RDPCDD - ok 19:42:05.0539 4228 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 19:42:05.0602 4228 RDPENCDD - ok 19:42:06.0397 4228 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 19:42:06.0475 4228 RDPREFMP - ok 19:42:07.0162 4228 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 19:42:07.0224 4228 RDPWD - ok 19:42:07.0739 4228 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 19:42:07.0770 4228 rdyboost - ok 19:42:08.0316 4228 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 19:42:08.0410 4228 rspndr - ok 19:42:09.0205 4228 RSUSBSTOR (fb39af63d6617f028ba0ebc21b83360d) C:\Windows\system32\Drivers\RtsUStor.sys 19:42:09.0408 4228 RSUSBSTOR - ok 19:42:10.0032 4228 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 19:42:10.0048 4228 sbp2port - ok 19:42:10.0719 4228 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 19:42:10.0843 4228 scfilter - ok 19:42:11.0577 4228 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 19:42:11.0670 4228 secdrv - ok 19:42:12.0232 4228 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 19:42:12.0279 4228 Serenum - ok 19:42:12.0981 4228 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 19:42:13.0059 4228 Serial - ok 19:42:13.0745 4228 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 19:42:13.0823 4228 sermouse - ok 19:42:14.0385 4228 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 19:42:14.0525 4228 sffdisk - ok 19:42:15.0024 4228 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 19:42:15.0087 4228 sffp_mmc - ok 19:42:15.0913 4228 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 19:42:16.0007 4228 sffp_sd - ok 19:42:16.0725 4228 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 19:42:16.0756 4228 sfloppy - ok 19:42:17.0442 4228 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:42:17.0489 4228 SiSRaid2 - ok 19:42:18.0238 4228 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 19:42:18.0285 4228 SiSRaid4 - ok 19:42:19.0033 4228 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 19:42:19.0408 4228 Smb - ok 19:42:20.0094 4228 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 19:42:20.0141 4228 spldr - ok 19:42:21.0514 4228 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS 19:42:21.0592 4228 SRTSP - ok 19:42:22.0575 4228 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS 19:42:22.0606 4228 SRTSPX - ok 19:42:23.0448 4228 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 19:42:23.0557 4228 srv - ok 19:42:24.0228 4228 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 19:42:24.0369 4228 srv2 - ok 19:42:24.0930 4228 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 19:42:25.0008 4228 srvnet - ok 19:42:25.0710 4228 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 19:42:25.0773 4228 stexstor - ok 19:42:26.0428 4228 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 19:42:26.0475 4228 swenum - ok 19:42:27.0551 4228 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS 19:42:27.0645 4228 SymDS - ok 19:42:28.0830 4228 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS 19:42:28.0924 4228 SymEFA - ok 19:42:29.0907 4228 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 19:42:30.0000 4228 SymEvent - ok 19:42:30.0921 4228 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS 19:42:30.0999 4228 SymIRON - ok 19:42:32.0106 4228 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS 19:42:32.0309 4228 SymNetS - ok 19:42:33.0713 4228 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 19:42:33.0822 4228 Tcpip - ok 19:42:35.0351 4228 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 19:42:35.0382 4228 TCPIP6 - ok 19:42:36.0193 4228 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 19:42:36.0287 4228 tcpipreg - ok 19:42:37.0067 4228 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 19:42:37.0207 4228 TDPIPE - ok 19:42:37.0847 4228 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 19:42:37.0925 4228 TDTCP - ok 19:42:38.0455 4228 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 19:42:38.0518 4228 tdx - ok 19:42:39.0220 4228 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 19:42:39.0267 4228 TermDD - ok 19:42:40.0140 4228 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 19:42:40.0234 4228 tssecsrv - ok 19:42:40.0889 4228 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 19:42:41.0029 4228 TsUsbFlt - ok 19:42:41.0731 4228 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys 19:42:41.0747 4228 TuneUpUtilitiesDrv - ok 19:42:42.0340 4228 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 19:42:42.0433 4228 tunnel - ok 19:42:43.0089 4228 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 19:42:43.0135 4228 uagp35 - ok 19:42:43.0759 4228 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys 19:42:43.0791 4228 UBHelper - ok 19:42:44.0539 4228 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 19:42:44.0680 4228 udfs - ok 19:42:45.0429 4228 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 19:42:45.0460 4228 uliagpkx - ok 19:42:46.0053 4228 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 19:42:46.0099 4228 umbus - ok 19:42:46.0848 4228 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 19:42:46.0911 4228 UmPass - ok 19:42:47.0301 4228 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 19:42:47.0441 4228 USBAAPL64 - ok 19:42:47.0550 4228 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 19:42:47.0644 4228 usbccgp - ok 19:42:47.0691 4228 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 19:42:47.0753 4228 usbcir - ok 19:42:47.0925 4228 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 19:42:48.0034 4228 usbehci - ok 19:42:48.0330 4228 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 19:42:48.0408 4228 usbhub - ok 19:42:48.0517 4228 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 19:42:48.0580 4228 usbohci - ok 19:42:48.0736 4228 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 19:42:48.0798 4228 usbprint - ok 19:42:48.0861 4228 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 19:42:48.0939 4228 usbscan - ok 19:42:49.0001 4228 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:42:49.0126 4228 USBSTOR - ok 19:42:49.0251 4228 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys 19:42:49.0469 4228 usbuhci - ok 19:42:50.0218 4228 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 19:42:50.0296 4228 usbvideo - ok 19:42:50.0998 4228 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 19:42:51.0045 4228 vdrvroot - ok 19:42:51.0544 4228 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 19:42:51.0591 4228 vga - ok 19:42:52.0152 4228 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 19:42:52.0230 4228 VgaSave - ok 19:42:52.0792 4228 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 19:42:52.0807 4228 vhdmp - ok 19:42:53.0525 4228 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 19:42:53.0603 4228 viaide - ok 19:42:54.0258 4228 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 19:42:54.0305 4228 volmgr - ok 19:42:54.0976 4228 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 19:42:55.0023 4228 volmgrx - ok 19:42:55.0522 4228 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 19:42:55.0553 4228 volsnap - ok 19:42:56.0208 4228 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 19:42:56.0239 4228 vsmraid - ok 19:42:56.0957 4228 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 19:42:57.0082 4228 vwifibus - ok 19:42:57.0737 4228 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 19:42:57.0815 4228 vwififlt - ok 19:42:58.0408 4228 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 19:42:58.0470 4228 WacomPen - ok 19:42:59.0125 4228 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 19:42:59.0203 4228 WANARP - ok 19:42:59.0297 4228 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 19:42:59.0328 4228 Wanarpv6 - ok 19:43:00.0015 4228 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 19:43:00.0061 4228 Wd - ok 19:43:00.0888 4228 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 19:43:00.0982 4228 Wdf01000 - ok 19:43:01.0606 4228 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 19:43:01.0668 4228 WfpLwf - ok 19:43:02.0245 4228 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 19:43:02.0292 4228 WIMMount - ok 19:43:03.0119 4228 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 19:43:03.0291 4228 WinUsb - ok 19:43:04.0008 4228 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 19:43:04.0086 4228 WmiAcpi - ok 19:43:05.0038 4228 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 19:43:05.0178 4228 ws2ifsl - ok 19:43:05.0896 4228 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 19:43:05.0974 4228 WudfPf - ok 19:43:06.0738 4228 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 19:43:06.0879 4228 WUDFRd - ok 19:43:06.0988 4228 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 19:43:15.0053 4228 \Device\Harddisk0\DR0 - ok 19:43:15.0053 4228 MBR (0x1B8) (64f82c03c8d3785a7007db9840da5a8e) \Device\Harddisk1\DR6 19:43:15.0365 4228 \Device\Harddisk1\DR6 - ok 19:43:15.0427 4228 Boot (0x1200) (c5c2cbcf84451ef1ab544031ae942fe8) \Device\Harddisk0\DR0\Partition0 19:43:15.0630 4228 \Device\Harddisk0\DR0\Partition0 - ok 19:43:15.0677 4228 Boot (0x1200) (3ad980bbf1964e453234938613f1eda9) \Device\Harddisk0\DR0\Partition1 19:43:15.0864 4228 \Device\Harddisk0\DR0\Partition1 - ok 19:43:15.0958 4228 Boot (0x1200) (3fce3636f94549fc5fe161a8a6eb18c0) \Device\Harddisk0\DR0\Partition2 19:43:16.0067 4228 \Device\Harddisk0\DR0\Partition2 - ok 19:43:16.0067 4228 Boot (0x1200) (fc46ff570d0a24da4b3ec1d3862e2dcd) \Device\Harddisk1\DR6\Partition0 19:43:16.0067 4228 \Device\Harddisk1\DR6\Partition0 - ok 19:43:16.0067 4228 ============================================================ 19:43:16.0067 4228 Scan finished 19:43:16.0067 4228 ============================================================ 19:43:17.0253 3364 Deinitialize success ============================================== Last Created System Restore Point ============================================== RP625: 16-2-2012 13:24:29 - Installed HiJackThis ============================================== EOF ComboFix 12-02-16.02 - Bert Groen 16-02-2012 19:51:15.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3002.1597 [GMT 1:00] Gestart vanuit: c:\users\Bert Groen\Desktop\ComboFix.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Common Files\Acer GameZone online.ico c:\programdata\~7QTQtCRQmcDZKJ c:\programdata\~7QTQtCRQmcDZKJr c:\programdata\7QTQtCRQmcDZKJ c:\users\Bert Groen\AppData\Roaming\.# c:\windows\system32\GroupPolicy\Machine\Registry.pol . . (((((((((((((((((((( Bestanden Gemaakt van 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))) . . 2012-02-16 19:09 . 2012-02-16 19:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-16 18:38 . 2012-02-16 18:43 -------- d-----w- C:\TDSSStarter 2012-02-16 18:15 . 2012-02-16 18:16 -------- d-----w- c:\program files (x86)\CrystalDiskInfo 2012-02-16 12:44 . 2012-02-16 12:44 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-16 12:27 . 2012-02-16 12:27 -------- d-----w- c:\users\Bert Groen\AppData\Roaming\Malwarebytes 2012-02-16 12:26 . 2012-02-16 12:26 -------- d-----w- c:\programdata\Malwarebytes 2012-02-16 12:26 . 2011-07-06 18:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2012-02-16 12:26 . 2012-02-16 12:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-02-16 12:26 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-16 12:25 . 2012-02-16 12:25 388096 ----a-r- c:\users\Bert Groen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-16 12:25 . 2012-02-16 12:25 -------- d-----w- c:\program files (x86)\Trend Micro 2012-02-15 21:53 . 2012-02-15 21:53 -------- d-----w- c:\program files\iTunes 2012-02-15 21:53 . 2012-02-15 21:53 -------- d-----w- c:\program files (x86)\iTunes 2012-02-15 21:53 . 2012-02-15 21:53 -------- d-----w- c:\program files\iPod 2012-02-15 21:46 . 2011-11-17 06:35 340992 ----a-w- c:\windows\system32\schannel.dll 2012-02-15 21:46 . 2011-11-17 06:49 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-02-15 21:46 . 2011-11-17 06:49 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-02-15 21:46 . 2011-11-17 06:44 459232 ----a-w- c:\windows\system32\drivers\cng.sys 2012-02-15 21:46 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll 2012-02-15 21:46 . 2011-11-17 06:35 1447936 ----a-w- c:\windows\system32\lsasrv.dll 2012-02-15 21:46 . 2011-11-17 06:33 31232 ----a-w- c:\windows\system32\lsass.exe 2012-02-15 21:46 . 2011-11-17 05:35 314880 ----a-w- c:\windows\SysWow64\webio.dll 2012-02-15 21:46 . 2011-11-17 05:34 224768 ----a-w- c:\windows\SysWow64\schannel.dll 2012-02-15 21:46 . 2011-11-17 06:35 28160 ----a-w- c:\windows\system32\secur32.dll 2012-02-15 21:46 . 2011-11-17 05:34 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-02-15 21:42 . 2010-08-21 04:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-02-15 21:42 . 2012-02-15 21:51 -------- d-----w- c:\program files\Symantec 2012-02-15 21:42 . 2012-02-15 21:50 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-02-15 21:42 . 2012-02-15 21:42 -------- d-----w- c:\program files\Common Files\Symantec Shared 2012-02-15 21:41 . 2012-02-15 22:05 -------- d-----w- c:\windows\system32\drivers\N360x64 2012-02-15 21:41 . 2012-02-15 21:41 -------- d-----w- c:\program files (x86)\Norton 360 2012-02-15 21:40 . 2012-02-15 21:40 -------- d-----w- c:\program files (x86)\NortonInstaller 2012-02-15 21:33 . 2012-02-15 21:33 -------- d-----w- c:\users\Bert Groen\AppData\Roaming\Tific 2012-02-15 21:33 . 2012-02-15 21:33 -------- d-----w- c:\users\Bert Groen\AppData\Local\Symantec 2012-02-15 21:32 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F42CE71-6467-4D99-9096-8AD8D76153EF}\mpengine.dll 2012-02-07 19:22 . 2012-02-07 19:22 -------- d-----we c:\windows\system64 2012-01-29 00:04 . 2011-11-17 06:35 29184 ----a-w- c:\windows\system32\sspisrv.dll 2012-01-29 00:04 . 2011-11-17 06:35 136192 ----a-w- c:\windows\system32\sspicli.dll 2012-01-29 00:04 . 2011-11-17 05:28 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-01-17 22:46 . 2012-02-15 21:39 -------- d-----w- c:\program files (x86)\McAfee Security Scan . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-07 09:39 . 2009-11-22 13:23 279096 ----a-w- c:\windows\system32\MpSigStub.exe 2011-12-05 07:43 . 2011-11-20 10:51 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-12-01 23:00 . 2009-11-23 19:41 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2011-12-01 23:00 . 2009-11-23 19:41 882496 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-11-27 14:43 . 2009-11-25 19:00 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll 2011-11-25 16:18 . 2009-11-25 19:00 882496 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2011-11-24 04:52 . 2011-12-14 16:47 3145216 ----a-w- c:\windows\system32\win32k.sys 2011-11-20 10:52 . 2011-11-20 10:52 53248 ----a-r- c:\users\Bert Groen\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-11-19 14:58 . 2012-01-11 16:31 77312 ----a-w- c:\windows\system32\packager.dll 2011-11-19 14:01 . 2012-01-11 16:31 67072 ----a-w- c:\windows\SysWow64\packager.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-03 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2012-02-07 1157240] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120215.002\IDSvia64.sys [2012-02-14 488568] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592] S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-11-07 2072896] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-15 138360] S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-31 11856] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - 97926758 *Deregistered* - 97926758 . Inhoud van de 'Gedeelde Taken' map . 2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 20:14] . 2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 20:14] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.startpagina.nl/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_7715z&r=273611090425l03h4z155t48l2c82o mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-02-16 20:15:32 ComboFix-quarantined-files.txt 2012-02-16 19:15 . Pre-Run: 75.553.112.064 bytes beschikbaar Post-Run: 75.155.779.584 bytes beschikbaar . - - End Of File - - 1979657E1462DC4828C5D9C4510EF7C9
  • D is er weer !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  • hmmmmm iets te vroeg gejuigt. Ik zie op D wel alle mappen maar die schijnen leeg te zijn (hetgeen volgens mij niet zo is)
  • Bij eigenschappen in Verkenner zie ik wel de omvang van de inhoud en het aantal bestanden, maar zichtbaar krijg ik ze nog niet.
  • Ik wacht nog rustig af .............
  • Dan proberen we nu het volgende: het onderstaande te maken "batch" bestand zet de atributen terug waardoor de door de besmetting onzichtbare mappen weer zichtbaar worden. Open kladblok, en kopieer de onderstaande vetgedrukte blauwe tekst daarin en kies opslaan als "alle bestanden" onder de naam fix.bat en klik op opslaan. Plaats dit bestand dus op de partitie D waar de mappen staan. [b:d41d5c54e1][color=#0000FF:d41d5c54e1]@echo off attrib -r -a -s -h /s /d[/color:d41d5c54e1][/b:d41d5c54e1] [b:d41d5c54e1]fix.bat opstarten[/b:d41d5c54e1]: Windows 2000 en Windows XP: middels dubbelklik [b:d41d5c54e1]fix.bat[/b:d41d5c54e1] starten. Windows Vista en Windows 7: middels rechtsklik op de snelkoppeling en dan kiezen voor "Als Administrator uitvoeren" [b:d41d5c54e1]fix.bat[/b:d41d5c54e1] starten.
  • Primaire reactie: BRILJANT Ik ga nog ff dubbelchecken .............
  • Ziet er perfect uit Abraham, heel erg bedankt voor je adequate hulp. Een 10 met een griffel, en een zoen van de juffrouw.
  • Fijn hoor dat je alles terug hebt. Maar ik denk niet dat we er al zijn. Doe daarom het volgende: download de [b:b85a9c76ce][url=http://download11.emsisoft.com/EmsisoftEmergencyKit.zip][color=#FF0000:b85a9c76ce]Emsisoft Emergency Kit[/color:b85a9c76ce][/url][/b:b85a9c76ce] naar het bureaublad en pak het [b:b85a9c76ce]ZIP[/b:b85a9c76ce] bestand uit. [list:b85a9c76ce] [*:b85a9c76ce] Open de map "[b:b85a9c76ce]EmsisoftEmergencyKit[/b:b85a9c76ce]" en dubbelklik op "[b:b85a9c76ce]Start.exe[/b:b85a9c76ce]" [*:b85a9c76ce] Klik nu op "[b:b85a9c76ce]Emergency Kit Scanner[/b:b85a9c76ce]" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "[b:b85a9c76ce]Ja[/b:b85a9c76ce]" [img:b85a9c76ce]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK11.jpg[/img:b85a9c76ce] [*:b85a9c76ce] Als de update gereed is en de melding "[b:b85a9c76ce]Update process is succesvol afgerond[/b:b85a9c76ce]" verschijnt klikt u op "[b:b85a9c76ce]menu[/b:b85a9c76ce]" en dan op "[b:b85a9c76ce]Scan PC[/b:b85a9c76ce]" [*:b85a9c76ce] Selecteer de optie "[b:b85a9c76ce]Diep[/b:b85a9c76ce]" als deze niet standaard al zo is ingesteld. [*:b85a9c76ce] Klik Nu op de knop "[b:b85a9c76ce]Scan[/b:b85a9c76ce]" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af. [*:b85a9c76ce] Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is. Opmerking: Als u deze melding ziet. [b:b85a9c76ce]C:\Documents and Settings\username\Bureaublad\ComboFix.exe/$0\List.bat Verwijderd Virus.Win32.HTML!IK [/b:b85a9c76ce] Wanneer het bestand in het venster met scanresultaten staat kun je rechtsklikken op die detectie en kiezen voor [b:b85a9c76ce] "Versturen als vals alarm (False Positive)".[/b:b85a9c76ce] [*:b85a9c76ce] Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "[b:b85a9c76ce]verwijder geselecteerde[/b:b85a9c76ce]" u zal nu de volgende melding krijgen maar klik hier op "[b:b85a9c76ce]Ja[/b:b85a9c76ce]" [img:b85a9c76ce]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK2.jpg[/img:b85a9c76ce] [*:b85a9c76ce] Als het verwijderen gereed is klikt u op de knop "[b:b85a9c76ce]View report[/b:b85a9c76ce]" en selecteert u het tekstbestand van deze scan met de naam zoals: [b:b85a9c76ce]a2scan_110730-111615.txt[/b:b85a9c76ce] [*:b85a9c76ce] Plaats de inhoud van dit LOG bestand straks in uw volgende bericht. [*:b85a9c76ce] Herstart nu de computer.[/list:u:b85a9c76ce]
  • Oké, ben bezig ..........
  • hmmm, kzie intussen dat munnuh handtekening niet helemaal (lees: helemaal niet meer) klopt. Zal ik binnenkort updaten.
  • Huidige configuratie.
  • [quote:ffa71c7462="Abraham54"]Fijn hoor dat je alles terug hebt. Maar ik denk niet dat we er al zijn. Doe daarom het volgende: download de [b:ffa71c7462][url=http://download11.emsisoft.com/EmsisoftEmergencyKit.zip][color=#FF0000:ffa71c7462]Emsisoft Emergency Kit[/color:ffa71c7462][/url][/b:ffa71c7462] naar het bureaublad en pak het [b:ffa71c7462]ZIP[/b:ffa71c7462] bestand uit. [list:ffa71c7462] [*:ffa71c7462] Open de map "[b:ffa71c7462]EmsisoftEmergencyKit[/b:ffa71c7462]" en dubbelklik op "[b:ffa71c7462]Start.exe[/b:ffa71c7462]" [*:ffa71c7462] Klik nu op "[b:ffa71c7462]Emergency Kit Scanner[/b:ffa71c7462]" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "[b:ffa71c7462]Ja[/b:ffa71c7462]" [img:ffa71c7462]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK11.jpg[/img:ffa71c7462] [*:ffa71c7462] Als de update gereed is en de melding "[b:ffa71c7462]Update process is succesvol afgerond[/b:ffa71c7462]" verschijnt klikt u op "[b:ffa71c7462]menu[/b:ffa71c7462]" en dan op "[b:ffa71c7462]Scan PC[/b:ffa71c7462]" [*:ffa71c7462] Selecteer de optie "[b:ffa71c7462]Diep[/b:ffa71c7462]" als deze niet standaard al zo is ingesteld. [*:ffa71c7462] Klik Nu op de knop "[b:ffa71c7462]Scan[/b:ffa71c7462]" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af. [*:ffa71c7462] Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is. Opmerking: Als u deze melding ziet. [b:ffa71c7462]C:\Documents and Settings\username\Bureaublad\ComboFix.exe/$0\List.bat Verwijderd Virus.Win32.HTML!IK [/b:ffa71c7462] Wanneer het bestand in het venster met scanresultaten staat kun je rechtsklikken op die detectie en kiezen voor [b:ffa71c7462] "Versturen als vals alarm (False Positive)".[/b:ffa71c7462] [*:ffa71c7462] Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "[b:ffa71c7462]verwijder geselecteerde[/b:ffa71c7462]" u zal nu de volgende melding krijgen maar klik hier op "[b:ffa71c7462]Ja[/b:ffa71c7462]" [img:ffa71c7462]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK2.jpg[/img:ffa71c7462] [*:ffa71c7462] Als het verwijderen gereed is klikt u op de knop "[b:ffa71c7462]View report[/b:ffa71c7462]" en selecteert u het tekstbestand van deze scan met de naam zoals: [b:ffa71c7462]a2scan_110730-111615.txt[/b:ffa71c7462] [*:ffa71c7462] Plaats de inhoud van dit LOG bestand straks in uw volgende bericht. [*:ffa71c7462] Herstart nu de computer.[/list:u:ffa71c7462][/quote:ffa71c7462] Ik zou hier eerst nog een stap voor plaatsen: [b:ffa71c7462]Maak eerst een backup! [/b:ffa71c7462] Het is leuk dat smart aangeeft dat er niets aan de hand is, maar dat hoeft niet te betekenen dat de schijf echt betrouwbaar is.
  • Mark schrijft: "Ik zou hier eerst nog een stap voor plaatsen: Maak eerst een backup!". Niet duidelijk is wat hij nu precies bedoeld. Namelijk: een back-up waarvan. Of bedoelt hij een systeem-image. Wat ook niet bekend is: heeft de TS wel een externe opslagmogelijkheid voor die back-up en weet de TS hoe dat moet? En waar Mark geen rekening mee houdt: is er nog steeds malware aktief, dan is de gemaakte back-up of systeem image gewoon waardeloos!

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.