Vraag & Antwoord

Beveiliging & privacy

Schoon? Of toch niet?

16 antwoorden
  • Had laatst last van spyware/malmware in de vorm van SecurityShield. Met behulp van MBAM weggekregen. Heb wel de indruk dat er nog wat restjes rommel op mijn computer rondzwerven.Kan iemand even naar mijn logs kijken (Hijackthis, TDSSKSTARTER, Combofix)? Hijackthis Log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:55:13, on 28-2-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Windows\PixArt\Pac207\Monitor.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [Google Update] "C:\Users\Niels\AppData\Local\Google\Update\GoogleUpdate.exe" /c O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- End of file - 4802 bytes TDSSstarter Log 14:46:12.0510 3660 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02 14:46:12.0511 3660 ============================================================ 14:46:12.0511 3660 Current date / time: 2012/02/28 14:46:12.0511 14:46:12.0511 3660 SystemInfo: 14:46:12.0511 3660 14:46:12.0511 3660 OS Version: 6.1.7601 ServicePack: 1.0 14:46:12.0511 3660 Product type: Workstation 14:46:12.0528 3660 ComputerName: NIELS-LAPTOP 14:46:12.0529 3660 UserName: Niels 14:46:12.0529 3660 Windows directory: C:\Windows 14:46:12.0529 3660 System windows directory: C:\Windows 14:46:12.0529 3660 Processor architecture: Intel x86 14:46:12.0529 3660 Number of processors: 2 14:46:12.0529 3660 Page size: 0x1000 14:46:12.0529 3660 Boot type: Normal boot 14:46:12.0530 3660 ============================================================ 14:46:14.0497 3660 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 14:46:14.0500 3660 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 14:46:14.0501 3660 \Device\Harddisk0\DR0: 14:46:14.0501 3660 MBR used 14:46:14.0502 3660 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x6, StartLBA 0xDAA87C, BlocksNum 0x440A219 14:46:14.0502 3660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x51B4A95, BlocksNum 0x4359A2C 14:46:14.0502 3660 \Device\Harddisk1\DR1: 14:46:14.0502 3660 MBR used 14:46:14.0502 3660 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1D1C0681 14:46:14.0586 3660 Initialize success 14:46:14.0586 3660 ============================================================ 14:46:14.0623 3028 ============================================================ 14:46:14.0623 3028 Scan started 14:46:14.0623 3028 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent; 14:46:14.0623 3028 ============================================================ 14:46:16.0699 3028 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 14:46:16.0840 3028 1394ohci - ok 14:46:16.0934 3028 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 14:46:16.0967 3028 ACPI - ok 14:46:17.0044 3028 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 14:46:17.0097 3028 AcpiPmi - ok 14:46:17.0216 3028 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 14:46:17.0253 3028 adp94xx - ok 14:46:17.0338 3028 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 14:46:17.0362 3028 adpahci - ok 14:46:17.0439 3028 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 14:46:17.0464 3028 adpu320 - ok 14:46:17.0552 3028 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 14:46:17.0613 3028 AFD - ok 14:46:17.0682 3028 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 14:46:17.0706 3028 agp440 - ok 14:46:17.0789 3028 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 14:46:17.0815 3028 aic78xx - ok 14:46:17.0920 3028 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 14:46:17.0942 3028 aliide - ok 14:46:18.0029 3028 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 14:46:18.0054 3028 amdagp - ok 14:46:18.0112 3028 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 14:46:18.0136 3028 amdide - ok 14:46:18.0184 3028 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 14:46:18.0225 3028 AmdK8 - ok 14:46:18.0283 3028 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 14:46:18.0348 3028 AmdPPM - ok 14:46:18.0454 3028 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 14:46:18.0480 3028 amdsata - ok 14:46:18.0563 3028 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 14:46:18.0591 3028 amdsbs - ok 14:46:18.0627 3028 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 14:46:18.0642 3028 amdxata - ok 14:46:18.0815 3028 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 14:46:18.0869 3028 AppID - ok 14:46:19.0046 3028 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 14:46:19.0072 3028 arc - ok 14:46:19.0091 3028 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 14:46:19.0107 3028 arcsas - ok 14:46:19.0139 3028 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 14:46:19.0202 3028 AsyncMac - ok 14:46:19.0324 3028 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 14:46:19.0348 3028 atapi - ok 14:46:19.0421 3028 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys 14:46:19.0521 3028 avgntflt - ok 14:46:19.0652 3028 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys 14:46:19.0675 3028 avipbb - ok 14:46:19.0739 3028 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys 14:46:19.0758 3028 avkmgr - ok 14:46:19.0916 3028 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 14:46:19.0976 3028 b06bdrv - ok 14:46:20.0102 3028 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 14:46:20.0152 3028 b57nd60x - ok 14:46:20.0212 3028 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys 14:46:20.0267 3028 bcm4sbxp - ok 14:46:20.0385 3028 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 14:46:20.0469 3028 Beep - ok 14:46:20.0503 3028 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 14:46:20.0550 3028 blbdrive - ok 14:46:20.0670 3028 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 14:46:20.0718 3028 bowser - ok 14:46:20.0761 3028 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 14:46:20.0817 3028 BrFiltLo - ok 14:46:20.0855 3028 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 14:46:20.0912 3028 BrFiltUp - ok 14:46:21.0023 3028 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 14:46:21.0061 3028 Brserid - ok 14:46:21.0143 3028 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 14:46:21.0184 3028 BrSerWdm - ok 14:46:21.0276 3028 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 14:46:21.0328 3028 BrUsbMdm - ok 14:46:21.0401 3028 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 14:46:21.0460 3028 BrUsbSer - ok 14:46:21.0553 3028 BthAvrcp (db99076533ffb38cbec8ac88e4535850) C:\Windows\system32\DRIVERS\BthAvrcp.sys 14:46:21.0683 3028 BthAvrcp - ok 14:46:21.0956 3028 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys 14:46:22.0015 3028 BthEnum - ok 14:46:22.0057 3028 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 14:46:22.0111 3028 BTHMODEM - ok 14:46:22.0237 3028 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys 14:46:22.0294 3028 BthPan - ok 14:46:22.0367 3028 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys 14:46:22.0417 3028 BTHPORT - ok 14:46:22.0547 3028 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys 14:46:22.0589 3028 BTHUSB - ok 14:46:22.0639 3028 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 14:46:22.0698 3028 cdfs - ok 14:46:22.0836 3028 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys 14:46:22.0886 3028 cdrom - ok 14:46:22.0943 3028 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 14:46:22.0994 3028 circlass - ok 14:46:23.0204 3028 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 14:46:23.0236 3028 CLFS - ok 14:46:23.0831 3028 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 14:46:23.0881 3028 CmBatt - ok 14:46:23.0920 3028 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 14:46:23.0942 3028 cmdide - ok 14:46:23.0989 3028 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys 14:46:24.0017 3028 CNG - ok 14:46:24.0133 3028 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 14:46:24.0157 3028 Compbatt - ok 14:46:24.0217 3028 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 14:46:24.0247 3028 CompositeBus - ok 14:46:24.0364 3028 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 14:46:24.0388 3028 crcdisk - ok 14:46:24.0463 3028 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys 14:46:24.0509 3028 CSC - ok 14:46:24.0637 3028 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 14:46:24.0703 3028 DfsC - ok 14:46:24.0739 3028 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 14:46:24.0798 3028 discache - ok 14:46:24.0945 3028 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 14:46:24.0971 3028 Disk - ok 14:46:25.0020 3028 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 14:46:25.0064 3028 drmkaud - ok 14:46:25.0204 3028 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 14:46:25.0242 3028 DXGKrnl - ok 14:46:25.0379 3028 e.dentifier2 (5d41bfb57fe676fb513f84d23e40e939) C:\Windows\system32\DRIVERS\aabed2.sys 14:46:25.0412 3028 e.dentifier2 - ok 14:46:25.0574 3028 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 14:46:25.0659 3028 ebdrv - ok 14:46:25.0816 3028 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 14:46:25.0844 3028 elxstor - ok 14:46:25.0899 3028 EMSCR (1fa3f9df8983873746fa6b72dd7e3c2c) C:\Windows\system32\DRIVERS\EMS7SK.sys 14:46:25.0923 3028 EMSCR - ok 14:46:26.0024 3028 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 14:46:26.0075 3028 ErrDev - ok 14:46:26.0117 3028 ESDCR (9c7487253aad6bf61f9bc83d50e32ccc) C:\Windows\system32\DRIVERS\ESD7SK.sys 14:46:26.0157 3028 ESDCR - ok 14:46:26.0282 3028 ESMCR (99589d975da04f8bd31f124428fcc797) C:\Windows\system32\DRIVERS\ESM7SK.sys 14:46:26.0319 3028 ESMCR - ok 14:46:26.0376 3028 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 14:46:26.0449 3028 exfat - ok 14:46:26.0568 3028 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 14:46:26.0648 3028 fastfat - ok 14:46:26.0687 3028 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 14:46:26.0721 3028 fdc - ok 14:46:26.0838 3028 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 14:46:26.0864 3028 FileInfo - ok 14:46:26.0887 3028 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 14:46:26.0986 3028 Filetrace - ok 14:46:27.0114 3028 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 14:46:27.0159 3028 flpydisk - ok 14:46:27.0217 3028 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 14:46:27.0244 3028 FltMgr - ok 14:46:27.0389 3028 FNETTHJM (756220289c526ce6780a66a5145f10c6) C:\Windows\system32\drivers\fnetthjm.sys 14:46:27.0414 3028 FNETTHJM ( UnsignedFile.Multi.Generic ) - warning 14:46:27.0415 3028 FNETTHJM - detected UnsignedFile.Multi.Generic (1) 14:46:27.0473 3028 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 14:46:27.0498 3028 FsDepends - ok 14:46:27.0602 3028 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 14:46:27.0631 3028 Fs_Rec - ok 14:46:27.0682 3028 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 14:46:27.0709 3028 fvevol - ok 14:46:27.0822 3028 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 14:46:27.0844 3028 gagp30kx - ok 14:46:27.0910 3028 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 14:46:27.0928 3028 GEARAspiWDM - ok 14:46:28.0050 3028 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys 14:46:28.0069 3028 ggflt - ok 14:46:28.0089 3028 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys 14:46:28.0099 3028 ggsemc - ok 14:46:28.0128 3028 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 14:46:28.0146 3028 hcw85cir - ok 14:46:28.0280 3028 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 14:46:28.0333 3028 HdAudAddService - ok 14:46:28.0369 3028 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 14:46:28.0406 3028 HDAudBus - ok 14:46:28.0510 3028 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 14:46:28.0552 3028 HidBatt - ok 14:46:28.0586 3028 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 14:46:28.0628 3028 HidBth - ok 14:46:28.0655 3028 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 14:46:28.0693 3028 HidIr - ok 14:46:28.0968 3028 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys 14:46:29.0058 3028 HidUsb - ok 14:46:29.0239 3028 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 14:46:29.0265 3028 HpSAMD - ok 14:46:29.0412 3028 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 14:46:29.0473 3028 HTTP - ok 14:46:29.0547 3028 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 14:46:29.0572 3028 hwpolicy - ok 14:46:29.0663 3028 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 14:46:29.0708 3028 i8042prt - ok 14:46:29.0798 3028 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 14:46:29.0827 3028 iaStorV - ok 14:46:30.0098 3028 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys 14:46:30.0206 3028 igfx - ok 14:46:30.0341 3028 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 14:46:30.0367 3028 iirsp - ok 14:46:30.0411 3028 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 14:46:30.0436 3028 intelide - ok 14:46:30.0467 3028 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 14:46:30.0506 3028 intelppm - ok 14:46:30.0624 3028 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:46:30.0697 3028 IpFilterDriver - ok 14:46:30.0735 3028 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 14:46:30.0769 3028 IPMIDRV - ok 14:46:30.0802 3028 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 14:46:30.0862 3028 IPNAT - ok 14:46:31.0008 3028 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 14:46:31.0053 3028 IRENUM - ok 14:46:31.0109 3028 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 14:46:31.0134 3028 isapnp - ok 14:46:31.0258 3028 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 14:46:31.0288 3028 iScsiPrt - ok 14:46:31.0320 3028 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys 14:46:31.0335 3028 kbdclass - ok 14:46:31.0456 3028 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 14:46:31.0502 3028 kbdhid - ok 14:46:31.0554 3028 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys 14:46:31.0580 3028 KSecDD - ok 14:46:31.0601 3028 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys 14:46:31.0618 3028 KSecPkg - ok 14:46:31.0743 3028 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 14:46:31.0762 3028 Lavasoft Kernexplorer - ok 14:46:31.0876 3028 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys 14:46:31.0895 3028 Lbd - ok 14:46:31.0960 3028 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 14:46:32.0040 3028 lltdio - ok 14:46:32.0171 3028 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 14:46:32.0198 3028 LSI_FC - ok 14:46:32.0242 3028 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 14:46:32.0268 3028 LSI_SAS - ok 14:46:32.0314 3028 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 14:46:32.0339 3028 LSI_SAS2 - ok 14:46:32.0454 3028 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 14:46:32.0480 3028 LSI_SCSI - ok 14:46:32.0528 3028 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 14:46:32.0593 3028 luafv - ok 14:46:32.0758 3028 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys 14:46:32.0781 3028 MBAMSwissArmy - ok 14:46:32.0822 3028 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 14:46:32.0847 3028 megasas - ok 14:46:32.0872 3028 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 14:46:32.0891 3028 MegaSR - ok 14:46:32.0917 3028 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 14:46:32.0989 3028 Modem - ok 14:46:33.0116 3028 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 14:46:33.0165 3028 monitor - ok 14:46:33.0220 3028 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys 14:46:33.0242 3028 mouclass - ok 14:46:33.0359 3028 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 14:46:33.0412 3028 mouhid - ok 14:46:33.0456 3028 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 14:46:33.0481 3028 mountmgr - ok 14:46:33.0517 3028 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 14:46:33.0533 3028 mpio - ok 14:46:33.0635 3028 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 14:46:33.0704 3028 mpsdrv - ok 14:46:33.0754 3028 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 14:46:33.0786 3028 MRxDAV - ok 14:46:33.0920 3028 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 14:46:33.0969 3028 mrxsmb - ok 14:46:34.0001 3028 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:46:34.0027 3028 mrxsmb10 - ok 14:46:34.0047 3028 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:46:34.0083 3028 mrxsmb20 - ok 14:46:34.0218 3028 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 14:46:34.0243 3028 msahci - ok 14:46:34.0332 3028 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 14:46:34.0355 3028 msdsm - ok 14:46:34.0485 3028 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 14:46:34.0533 3028 Msfs - ok 14:46:34.0557 3028 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 14:46:34.0614 3028 mshidkmdf - ok 14:46:34.0651 3028 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 14:46:34.0675 3028 msisadrv - ok 14:46:34.0817 3028 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 14:46:34.0878 3028 MSKSSRV - ok 14:46:34.0909 3028 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 14:46:34.0965 3028 MSPCLOCK - ok 14:46:35.0089 3028 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 14:46:35.0165 3028 MSPQM - ok 14:46:35.0201 3028 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 14:46:35.0227 3028 MsRPC - ok 14:46:35.0260 3028 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 14:46:35.0275 3028 mssmbios - ok 14:46:35.0396 3028 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 14:46:35.0470 3028 MSTEE - ok 14:46:35.0499 3028 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 14:46:35.0540 3028 MTConfig - ok 14:46:35.0573 3028 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 14:46:35.0588 3028 Mup - ok 14:46:35.0721 3028 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 14:46:35.0751 3028 NativeWifiP - ok 14:46:35.0807 3028 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 14:46:35.0840 3028 NDIS - ok 14:46:35.0961 3028 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 14:46:36.0013 3028 NdisCap - ok 14:46:36.0052 3028 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 14:46:36.0101 3028 NdisTapi - ok 14:46:36.0147 3028 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 14:46:36.0192 3028 Ndisuio - ok 14:46:36.0303 3028 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 14:46:36.0348 3028 NdisWan - ok 14:46:36.0387 3028 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 14:46:36.0461 3028 NDProxy - ok 14:46:36.0584 3028 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 14:46:36.0661 3028 NetBIOS - ok 14:46:36.0715 3028 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 14:46:36.0769 3028 NetBT - ok 14:46:37.0040 3028 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys 14:46:37.0143 3028 netw5v32 - ok 14:46:37.0283 3028 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 14:46:37.0309 3028 nfrd960 - ok 14:46:37.0369 3028 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 14:46:37.0423 3028 Npfs - ok 14:46:37.0458 3028 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 14:46:37.0532 3028 nsiproxy - ok 14:46:37.0714 3028 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 14:46:37.0905 3028 Ntfs - ok 14:46:38.0030 3028 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 14:46:38.0104 3028 Null - ok 14:46:38.0209 3028 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 14:46:38.0236 3028 nvraid - ok 14:46:38.0444 3028 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 14:46:38.0471 3028 nvstor - ok 14:46:38.0511 3028 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 14:46:38.0527 3028 nv_agp - ok 14:46:38.0567 3028 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 14:46:38.0602 3028 ohci1394 - ok 14:46:38.0784 3028 PAC207 (dca942c0a19a0ad2abcd9acf94eb4b10) C:\Windows\system32\DRIVERS\PFC027.SYS 14:46:38.0836 3028 PAC207 - ok 14:46:38.0948 3028 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 14:46:38.0977 3028 Parport - ok 14:46:39.0016 3028 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 14:46:39.0041 3028 partmgr - ok 14:46:39.0065 3028 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 14:46:39.0096 3028 Parvdm - ok 14:46:39.0149 3028 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 14:46:39.0177 3028 pci - ok 14:46:39.0288 3028 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 14:46:39.0312 3028 pciide - ok 14:46:39.0350 3028 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 14:46:39.0368 3028 pcmcia - ok 14:46:39.0390 3028 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 14:46:39.0406 3028 pcw - ok 14:46:39.0442 3028 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 14:46:39.0500 3028 PEAUTH - ok 14:46:39.0650 3028 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 14:46:39.0726 3028 PptpMiniport - ok 14:46:39.0761 3028 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 14:46:39.0791 3028 Processor - ok 14:46:39.0934 3028 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 14:46:40.0017 3028 Psched - ok 14:46:40.0094 3028 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 14:46:40.0141 3028 ql2300 - ok 14:46:40.0256 3028 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 14:46:40.0283 3028 ql40xx - ok 14:46:40.0309 3028 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 14:46:40.0343 3028 QWAVEdrv - ok 14:46:40.0367 3028 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 14:46:40.0415 3028 RasAcd - ok 14:46:40.0539 3028 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 14:46:40.0600 3028 RasAgileVpn - ok 14:46:40.0638 3028 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 14:46:40.0675 3028 Rasl2tp - ok 14:46:40.0813 3028 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 14:46:40.0867 3028 RasPppoe - ok 14:46:40.0894 3028 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 14:46:40.0946 3028 RasSstp - ok 14:46:40.0995 3028 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 14:46:41.0074 3028 rdbss - ok 14:46:41.0194 3028 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 14:46:41.0224 3028 rdpbus - ok 14:46:41.0252 3028 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 14:46:41.0306 3028 RDPCDD - ok 14:46:41.0356 3028 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys 14:46:41.0382 3028 RDPDR - ok 14:46:41.0505 3028 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 14:46:41.0588 3028 RDPENCDD - ok 14:46:41.0619 3028 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 14:46:41.0654 3028 RDPREFMP - ok 14:46:41.0687 3028 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys 14:46:41.0751 3028 RDPWD - ok 14:46:41.0893 3028 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 14:46:41.0917 3028 rdyboost - ok 14:46:41.0982 3028 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys 14:46:42.0017 3028 RFCOMM - ok 14:46:42.0169 3028 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 14:46:42.0245 3028 rspndr - ok 14:46:42.0279 3028 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys 14:46:42.0320 3028 s3cap - ok 14:46:42.0511 3028 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 14:46:42.0537 3028 sbp2port - ok 14:46:42.0588 3028 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 14:46:42.0642 3028 scfilter - ok 14:46:42.0769 3028 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys 14:46:42.0823 3028 sdbus - ok 14:46:42.0887 3028 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 14:46:42.0967 3028 secdrv - ok 14:46:43.0111 3028 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys 14:46:43.0155 3028 seehcri - ok 14:46:43.0220 3028 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 14:46:43.0248 3028 Serenum - ok 14:46:43.0365 3028 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 14:46:43.0396 3028 Serial - ok 14:46:43.0426 3028 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 14:46:43.0444 3028 sermouse - ok 14:46:43.0486 3028 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 14:46:43.0505 3028 sffdisk - ok 14:46:43.0526 3028 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 14:46:43.0559 3028 sffp_mmc - ok 14:46:43.0668 3028 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 14:46:43.0734 3028 sffp_sd - ok 14:46:43.0772 3028 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 14:46:43.0800 3028 sfloppy - ok 14:46:43.0845 3028 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 14:46:43.0860 3028 sisagp - ok 14:46:43.0981 3028 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 14:46:44.0006 3028 SiSRaid2 - ok 14:46:44.0036 3028 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 14:46:44.0052 3028 SiSRaid4 - ok 14:46:44.0085 3028 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 14:46:44.0122 3028 Smb - ok 14:46:44.0286 3028 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 14:46:44.0317 3028 spldr - ok 14:46:44.0398 3028 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 14:46:44.0398 3028 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 14:46:44.0402 3028 sptd ( LockedFile.Multi.Generic ) - warning 14:46:44.0402 3028 sptd - detected LockedFile.Multi.Generic (1) 14:46:44.0525 3028 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 14:46:44.0581 3028 srv - ok 14:46:44.0627 3028 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 14:46:44.0683 3028 srv2 - ok 14:46:44.0815 3028 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 14:46:44.0868 3028 SrvHsfHDA - ok 14:46:44.0923 3028 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 14:46:44.0956 3028 SrvHsfV92 - ok 14:46:45.0084 3028 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 14:46:45.0125 3028 SrvHsfWinac - ok 14:46:45.0242 3028 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 14:46:45.0293 3028 srvnet - ok 14:46:45.0357 3028 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 14:46:45.0376 3028 ssmdrv - ok 14:46:45.0496 3028 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 14:46:45.0520 3028 stexstor - ok 14:46:45.0548 3028 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys 14:46:45.0563 3028 storflt - ok 14:46:45.0592 3028 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys 14:46:45.0607 3028 storvsc - ok 14:46:45.0623 3028 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 14:46:45.0638 3028 swenum - ok 14:46:45.0804 3028 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys 14:46:45.0847 3028 Tcpip - ok 14:46:46.0015 3028 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys 14:46:46.0057 3028 TCPIP6 - ok 14:46:46.0175 3028 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 14:46:46.0244 3028 tcpipreg - ok 14:46:46.0288 3028 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 14:46:46.0348 3028 TDPIPE - ok 14:46:46.0465 3028 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys 14:46:46.0535 3028 TDTCP - ok 14:46:46.0581 3028 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 14:46:46.0639 3028 tdx - ok 14:46:46.0752 3028 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 14:46:46.0774 3028 TermDD - ok 14:46:46.0832 3028 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 14:46:46.0898 3028 tssecsrv - ok 14:46:47.0023 3028 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 14:46:47.0074 3028 TsUsbFlt - ok 14:46:47.0138 3028 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 14:46:47.0214 3028 tunnel - ok 14:46:47.0336 3028 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 14:46:47.0362 3028 uagp35 - ok 14:46:47.0407 3028 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 14:46:47.0474 3028 udfs - ok 14:46:47.0618 3028 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 14:46:47.0642 3028 uliagpkx - ok 14:46:47.0708 3028 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 14:46:47.0794 3028 umbus - ok 14:46:47.0922 3028 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 14:46:47.0969 3028 UmPass - ok 14:46:48.0032 3028 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 14:46:48.0079 3028 USBAAPL - ok 14:46:48.0209 3028 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 14:46:48.0238 3028 usbccgp - ok 14:46:48.0269 3028 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 14:46:48.0301 3028 usbcir - ok 14:46:48.0328 3028 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys 14:46:48.0367 3028 usbehci - ok 14:46:48.0511 3028 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\drivers\usbhub.sys 14:46:48.0563 3028 usbhub - ok 14:46:48.0597 3028 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys 14:46:48.0637 3028 usbohci - ok 14:46:48.0677 3028 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 14:46:48.0724 3028 usbprint - ok 14:46:48.0847 3028 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys 14:46:48.0873 3028 usbser - ok 14:46:48.0903 3028 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS 14:46:48.0951 3028 USBSTOR - ok 14:46:48.0982 3028 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys 14:46:49.0000 3028 usbuhci - ok 14:46:49.0127 3028 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 14:46:49.0152 3028 vdrvroot - ok 14:46:49.0208 3028 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 14:46:49.0259 3028 vga - ok 14:46:49.0381 3028 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 14:46:49.0454 3028 VgaSave - ok 14:46:49.0496 3028 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 14:46:49.0513 3028 vhdmp - ok 14:46:49.0645 3028 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 14:46:49.0672 3028 viaagp - ok 14:46:49.0709 3028 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 14:46:49.0754 3028 ViaC7 - ok 14:46:49.0788 3028 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 14:46:49.0803 3028 viaide - ok 14:46:49.0921 3028 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys 14:46:49.0950 3028 vmbus - ok 14:46:49.0973 3028 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys 14:46:50.0007 3028 VMBusHID - ok 14:46:50.0040 3028 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 14:46:50.0065 3028 volmgr - ok 14:46:50.0113 3028 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 14:46:50.0145 3028 volmgrx - ok 14:46:50.0272 3028 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 14:46:50.0303 3028 volsnap - ok 14:46:50.0361 3028 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 14:46:50.0384 3028 vsmraid - ok 14:46:50.0495 3028 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 14:46:50.0524 3028 vwifibus - ok 14:46:50.0560 3028 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 14:46:50.0592 3028 WacomPen - ok 14:46:50.0731 3028 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 14:46:50.0776 3028 WANARP - ok 14:46:50.0781 3028 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 14:46:50.0815 3028 Wanarpv6 - ok 14:46:50.0881 3028 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 14:46:50.0896 3028 Wd - ok 14:46:51.0021 3028 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 14:46:51.0062 3028 Wdf01000 - ok 14:46:51.0215 3028 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 14:46:51.0286 3028 WfpLwf - ok 14:46:51.0314 3028 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 14:46:51.0330 3028 WIMMount - ok 14:46:51.0475 3028 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys 14:46:51.0523 3028 WinUsb - ok 14:46:51.0571 3028 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 14:46:51.0610 3028 WmiAcpi - ok 14:46:51.0753 3028 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 14:46:51.0833 3028 ws2ifsl - ok 14:46:51.0878 3028 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 14:46:51.0936 3028 WudfPf - ok 14:46:52.0061 3028 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 14:46:52.0139 3028 WUDFRd - ok 14:46:52.0199 3028 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 14:46:52.0343 3028 \Device\Harddisk0\DR0 - ok 14:46:52.0346 3028 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 14:46:56.0748 3028 \Device\Harddisk1\DR1 - ok 14:46:56.0749 3028 Boot (0x1200) (4d9665321aaf56d56d04187d401b768c) \Device\Harddisk0\DR0\Partition0 14:46:56.0750 3028 \Device\Harddisk0\DR0\Partition0 - ok 14:46:56.0774 3028 Boot (0x1200) (8d8523a7b0fa55ffd486563b5849904f) \Device\Harddisk0\DR0\Partition1 14:46:56.0775 3028 \Device\Harddisk0\DR0\Partition1 - ok 14:46:56.0777 3028 Boot (0x1200) (249a8963b3f08477c69a2a2c7231f2b9) \Device\Harddisk1\DR1\Partition0 14:46:56.0778 3028 \Device\Harddisk1\DR1\Partition0 - ok 14:46:56.0778 3028 ============================================================ 14:46:56.0778 3028 Scan finished 14:46:56.0778 3028 ============================================================ 14:46:57.0489 1160 Deinitialize success ============================================== System Restore Point Check: TDSSKiller Starter Restore Point Created Succesfully ============================================== Older logs ============================================== C:\TDSSKiller.2.7.7.0_24.01.2012_22.43.21_log.txt ============================================== EOF ComboFix 12-02-27.02 - Niels 28-02-2012 15:20:16.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.3062.2235 [GMT 1:00] Gestart vanuit: c:\users\Niels\Desktop\ComboFix.exe AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\test.txt c:\users\Niels\AppData\Roaming\Microsoft\Windows\Recent\Counter-Strike.url c:\users\Niels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check c:\windows\$NtUninstallKB65208$ c:\windows\$NtUninstallKB65208$\2232843182\@ c:\windows\$NtUninstallKB65208$\2232843182\cfg.ini c:\windows\$NtUninstallKB65208$\2232843182\Desktop.ini c:\windows\$NtUninstallKB65208$\2232843182\L\xadqgnnk c:\windows\$NtUninstallKB65208$\2232843182\U\00000001.$ c:\windows\$NtUninstallKB65208$\2232843182\U\00000002.$ c:\windows\$NtUninstallKB65208$\2232843182\U\00000004.$ c:\windows\$NtUninstallKB65208$\2232843182\U\80000000.$ c:\windows\$NtUninstallKB65208$\2232843182\U\80000004.$ c:\windows\$NtUninstallKB65208$\2232843182\U\80000032.$ c:\windows\$NtUninstallKB65208$\3045627119 c:\windows\system32\drivers\etc\hosts.ics . . (((((((((((((((((((( Bestanden Gemaakt van 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))) . . 2012-02-28 14:28 . 2012-02-28 14:30 -------- d-----w- c:\users\Niels\AppData\Local\temp 2012-02-28 14:28 . 2012-02-28 14:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-28 13:46 . 2012-02-28 13:46 -------- d-----w- C:\TDSSStarter 2012-02-28 13:44 . 2012-02-28 13:44 388096 ----a-r- c:\users\Niels\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-28 13:44 . 2012-02-28 13:44 -------- d-----w- c:\program files\Trend Micro 2012-02-28 13:15 . 2012-02-28 13:15 -------- d-----w- c:\users\Niels\AppData\Roaming\Myvyel 2012-02-26 09:36 . 2012-02-28 13:31 -------- d-----w- c:\users\Niels\AppData\Roaming\Texu 2012-02-26 09:36 . 2012-02-28 12:01 -------- d-----w- c:\users\Niels\AppData\Roaming\Erguy 2012-02-25 14:34 . 2012-02-25 14:34 -------- d-----w- c:\program files\ESET 2012-02-25 14:20 . 2012-02-25 14:20 -------- d-----w- c:\users\Niels\AppData\Roaming\Malwarebytes 2012-02-25 14:20 . 2012-02-25 14:20 -------- d-----w- c:\programdata\Malwarebytes 2012-02-25 14:20 . 2012-02-25 14:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-25 14:20 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-25 12:48 . 2012-01-24 21:52 16432 ----a-w- c:\windows\system32\lsdelete.exe 2012-02-15 15:45 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl 2012-02-15 15:45 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-15 15:45 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-15 15:45 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-02-03 12:11 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-02-03 12:11 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-02-03 12:11 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys 2012-02-03 12:11 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll 2012-02-03 12:11 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll 2012-02-03 12:11 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll 2012-02-03 12:11 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll 2012-02-03 12:11 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll 2012-02-03 12:11 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll 2012-02-03 12:11 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-15 15:59 . 2011-10-21 14:08 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-01-24 22:29 . 2011-09-27 12:14 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys 2012-01-24 21:52 . 2012-01-24 21:52 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2012-01-24 21:14 . 2011-05-20 12:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-01-06 04:19 . 2012-01-24 15:18 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{494CB0B0-D8B5-4A23-B2A0-6A8164247FFD}\mpengine.dll 2011-12-23 06:12 . 2012-01-24 21:49 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2012-02-25 13:05 . 2011-03-22 12:26 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528] R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 23040] R3 FNETTHJM;Freecom Turbo HDD USB 2.0;c:\windows\system32\drivers\fnetthjm.sys [2011-08-29 24448] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-06-08 13224] R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2012-01-24 2152152] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-12-23 15232] R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-26 1343400] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-12-23 64512] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-08 691696] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224] S3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-06-08 27632] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] . . Inhoud van de 'Gedeelde Taken' map . 2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1000889604-3478986291-2025876595-1000Core.job - c:\users\Niels\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-03 18:32] . 2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1000889604-3478986291-2025876595-1000UA.job - c:\users\Niels\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-03 18:32] . . ------- Bijkomende Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 213.46.228.196 62.179.104.196 FF - ProfilePath - c:\users\Niels\AppData\Roaming\Mozilla\Firefox\Profiles\kwe789c4.default\ FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHANS VERWIJDERD - - - - . SafeBoot-70141153.sys . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1000889604-3478986291-2025876595-1000\Software\G*e*n*i*e*"!\FM Genie Scout 10] "Currency"=dword:0000001c "GameDir"="" "ShortlistDir"="" "ScreenshotsDir"="" "SaveDir"="" "HistoryDir"="c:\\Users\\Niels\\Desktop\\FM Genie Scout 10\\History Points" "LangDB"="" "LastSaveGame"="c:\\Users\\Niels\\Documents\\Sports Interactive\\Football Manager 2010\\games\\WBA.fm" "Language"="English" "LoadLangDB"=dword:00000000 "CompressHistoryPoints"=dword:00000000 "HighlightedAttributes"=dword:00000000 "MinCondition"=dword:00000050 "GraphStep"=dword:00000000 "SkinName"="Steklo Black" "LastUpdateCheck"=dword:00009d79 "HighQualityGUI"=dword:00000001 "AutomaticallyUpdateCheck"=dword:00000001 "AdvancedGeneration"=dword:00000000 "TranslateStaffSkills"=dword:00000001 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "ShowHistory"=dword:00000001 "Version"=dword:00000074 "UniqueID"="C4-8700-E0EF" "UseProxy"=dword:00000000 "ProxyHost"="" "ProxyPort"="" "UseAuthentication"=dword:00000000 "UserName"="" "UserPassword"="" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\taskhost.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\conhost.exe c:\windows\system32\conhost.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Voltooingstijd: 2012-02-28 15:34:58 - machine werd herstart ComboFix-quarantined-files.txt 2012-02-28 14:34 . Pre-Run: 6.914.052.096 bytes beschikbaar Post-Run: 6.682.513.408 bytes beschikbaar . - - End Of File - - E726B81297FC5BD22D48E0CB073BB594
  • Ik zie niets waarvan ik zeg: Spyware/malware. Geen gekke verwijzingen en opstarten is clean.
  • Het gebruik op eigen houtje van ComboFix wordt ten strengste afgeraden. Een verkeerde handeling met dit sterke tool kan Windows vernielen! Gooi de oude ComboFix in de prullenbak en leeg deze en doe ComboFix conform onderstaande handleiding. [b:3c90b8ed6c]Welk programma[/b:3c90b8ed6c]: ComboFix [b:3c90b8ed6c]Waarvoor/waarom[/b:3c90b8ed6c]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:3c90b8ed6c]Moeilijkheidsgraad[/b:3c90b8ed6c]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:3c90b8ed6c]Downloadlokatie[/b:3c90b8ed6c]: Dit programma absoluut naar het bureaublad downloaden! [b:3c90b8ed6c]Download ComboFix via één van deze locaties[/b:3c90b8ed6c]: [list:3c90b8ed6c][*:3c90b8ed6c][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:3c90b8ed6c]Bleepingcomputer[/b:3c90b8ed6c][/url] [*:3c90b8ed6c][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:3c90b8ed6c]ForoSpyware[/b:3c90b8ed6c][/url] [*:3c90b8ed6c][url=http://subs.geekstogo.com/ComboFix.exe][b:3c90b8ed6c]Geekstogo[/b:3c90b8ed6c][/url][/list:u:3c90b8ed6c] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:3c90b8ed6c]Hier[/b:3c90b8ed6c][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:3c90b8ed6c]Hier[/b:3c90b8ed6c][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:3c90b8ed6c]hier[/b:3c90b8ed6c][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:3c90b8ed6c]Voor alle duidelijkheid nogmaals[/b:3c90b8ed6c]: ComboFix dient vanaf het bureaublad gestart te worden. [b:3c90b8ed6c]ComboFix opstarten[/b:3c90b8ed6c]: [list:3c90b8ed6c][*:3c90b8ed6c] [b:3c90b8ed6c][color=#0000FF:3c90b8ed6c]Sluit nu eerst alle nog openstaande programmavensters![/color:3c90b8ed6c][/b:3c90b8ed6c] [list:3c90b8ed6c][*:3c90b8ed6c][b:3c90b8ed6c][color=#0000FF:3c90b8ed6c]Windows 2000[/color:3c90b8ed6c][/b:3c90b8ed6c] en [color=#0000FF:3c90b8ed6c][b:3c90b8ed6c]Windows XP[/b:3c90b8ed6c][/color:3c90b8ed6c]: start ComboFix.exe middels dubbelklik op ComboFix.exe. [*:3c90b8ed6c][color=#0000FF:3c90b8ed6c][b:3c90b8ed6c]Windows Vista[/b:3c90b8ed6c][/color:3c90b8ed6c] en [color=#0000FF:3c90b8ed6c][b:3c90b8ed6c]Windows 7[/b:3c90b8ed6c][/color:3c90b8ed6c]: start ComboFix.exe via rechtsklik op ComboFix.exe en kies dan voor [i:3c90b8ed6c][b:3c90b8ed6c]Als Administrator uitvoeren[/b:3c90b8ed6c][/i:3c90b8ed6c].[/list:u:3c90b8ed6c][/list:u:3c90b8ed6c] [b:3c90b8ed6c]ComboFix is opgestart[/b:3c90b8ed6c]: [list:3c90b8ed6c][*:3c90b8ed6c]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:3c90b8ed6c]Combofix sluit tijdens de scan de internet verbinding; probeer deze tussentijds niet te herstellen! [*:3c90b8ed6c]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:3c90b8ed6c]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:3c90b8ed6c]Post de inhoud van dit logbestand in je volgende bericht. [*:3c90b8ed6c]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:3c90b8ed6c] [b:3c90b8ed6c]Belangrijke opmerking[/b:3c90b8ed6c]: [list:3c90b8ed6c][*:3c90b8ed6c][b:3c90b8ed6c][color=Red:3c90b8ed6c]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:3c90b8ed6c][/b:3c90b8ed6c] [*:3c90b8ed6c][b:3c90b8ed6c][color=blue:3c90b8ed6c]Illegal operation attempted on a registery key that has been marked for deletion.[/color:3c90b8ed6c][/b:3c90b8ed6c] [*:3c90b8ed6c][b:3c90b8ed6c][color=Red:3c90b8ed6c]Start dan de computer opnieuw op.[/color:3c90b8ed6c][/b:3c90b8ed6c][/list:u:3c90b8ed6c]
  • Nieuwe scanlog van Combofix. ComboFix 12-03-04.02 - Niels 05-03-2012 12:31:56.3.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.3062.2241 [GMT 1:00] Gestart vanuit: c:\users\Niels\Desktop\ComboFix.exe AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\$NtUninstallKB65208$ c:\windows\$NtUninstallKB65208$\2232843182\@ c:\windows\$NtUninstallKB65208$\2232843182\cfg.ini c:\windows\$NtUninstallKB65208$\2232843182\Desktop.ini c:\windows\$NtUninstallKB65208$\2232843182\L\xadqgnnk c:\windows\$NtUninstallKB65208$\2232843182\oemid c:\windows\$NtUninstallKB65208$\2232843182\twl.dll c:\windows\$NtUninstallKB65208$\2232843182\U\00000001.@ c:\windows\$NtUninstallKB65208$\2232843182\U\00000002.@ c:\windows\$NtUninstallKB65208$\2232843182\U\00000004.@ c:\windows\$NtUninstallKB65208$\2232843182\U\80000000.@ c:\windows\$NtUninstallKB65208$\2232843182\U\80000004.@ c:\windows\$NtUninstallKB65208$\2232843182\U\80000032.@ c:\windows\$NtUninstallKB65208$\2232843182\version c:\windows\$NtUninstallKB65208$\916052057 . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))) . . 2012-03-05 09:45 . 2012-03-05 09:45 -------- d-----w- C:\TDSSKiller_Quarantine 2012-03-05 09:35 . 2012-03-05 09:35 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-03-04 19:55 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A69F06D5-D598-41ED-8F71-6E833A960B7D}\mpengine.dll 2012-02-28 13:46 . 2012-03-05 09:46 -------- d-----w- C:\TDSSStarter 2012-02-28 13:44 . 2012-02-28 13:44 388096 ----a-r- c:\users\Niels\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-28 13:44 . 2012-02-28 13:44 -------- d-----w- c:\program files\Trend Micro 2012-02-28 13:15 . 2012-02-28 13:15 -------- d-----w- c:\users\Niels\AppData\Roaming\Myvyel 2012-02-26 09:36 . 2012-02-28 13:31 -------- d-----w- c:\users\Niels\AppData\Roaming\Texu 2012-02-26 09:36 . 2012-02-28 12:01 -------- d-----w- c:\users\Niels\AppData\Roaming\Erguy 2012-02-25 14:34 . 2012-02-25 14:34 -------- d-----w- c:\program files\ESET 2012-02-25 14:20 . 2012-02-25 14:20 -------- d-----w- c:\users\Niels\AppData\Roaming\Malwarebytes 2012-02-25 14:20 . 2012-02-25 14:20 -------- d-----w- c:\programdata\Malwarebytes 2012-02-25 14:20 . 2012-02-25 14:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-25 14:20 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-25 12:48 . 2012-01-24 21:52 16432 ----a-w- c:\windows\system32\lsdelete.exe 2012-02-15 15:45 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl 2012-02-15 15:45 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-15 15:45 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-15 15:45 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-05 09:47 . 2011-09-27 12:14 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys 2012-03-05 09:35 . 2011-05-20 12:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-15 15:59 . 2011-10-21 14:08 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-01-29 04:10 . 2010-04-07 15:21 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-24 21:52 . 2012-01-24 21:52 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-12-23 06:12 . 2012-01-24 21:49 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2012-02-25 13:05 . 2011-03-22 12:26 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528] R3 FNETTHJM;Freecom Turbo HDD USB 2.0;c:\windows\system32\drivers\fnetthjm.sys [2011-08-29 24448] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-06-08 13224] R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2012-01-24 2152152] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-12-23 15232] R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-26 1343400] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-12-23 64512] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-08 691696] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224] S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 23040] S3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-06-08 27632] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] . . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs oracleorahomedatagatherer PCTINDIS5 USBDongle govsrv . Inhoud van de 'Gedeelde Taken' map . 2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1000889604-3478986291-2025876595-1000Core.job - c:\users\Niels\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-03 18:32] . 2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1000889604-3478986291-2025876595-1000UA.job - c:\users\Niels\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-03 18:32] . . ------- Bijkomende Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 213.46.228.196 62.179.104.196 FF - ProfilePath - c:\users\Niels\AppData\Roaming\Mozilla\Firefox\Profiles\kwe789c4.default\ FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHANS VERWIJDERD - - - - . SafeBoot-76245286.sys . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1000889604-3478986291-2025876595-1000\Software\G*e*n*i*e*"!\FM Genie Scout 10] "Currency"=dword:0000001c "GameDir"="" "ShortlistDir"="" "ScreenshotsDir"="" "SaveDir"="" "HistoryDir"="c:\\Users\\Niels\\Desktop\\FM Genie Scout 10\\History Points" "LangDB"="" "LastSaveGame"="c:\\Users\\Niels\\Documents\\Sports Interactive\\Football Manager 2010\\games\\WBA.fm" "Language"="English" "LoadLangDB"=dword:00000000 "CompressHistoryPoints"=dword:00000000 "HighlightedAttributes"=dword:00000000 "MinCondition"=dword:00000050 "GraphStep"=dword:00000000 "SkinName"="Steklo Black" "LastUpdateCheck"=dword:00009d79 "HighQualityGUI"=dword:00000001 "AutomaticallyUpdateCheck"=dword:00000001 "AdvancedGeneration"=dword:00000000 "TranslateStaffSkills"=dword:00000001 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "ShowHistory"=dword:00000001 "Version"=dword:00000074 "UniqueID"="C4-8700-E0EF" "UseProxy"=dword:00000000 "ProxyHost"="" "ProxyPort"="" "UseAuthentication"=dword:00000000 "UserName"="" "UserPassword"="" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\taskhost.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\conhost.exe c:\windows\system32\conhost.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Voltooingstijd: 2012-03-05 12:46:51 - machine werd herstart ComboFix-quarantined-files.txt 2012-03-05 11:46 ComboFix2.txt 2012-02-28 15:05 ComboFix3.txt 2012-02-28 14:34 . Pre-Run: 6.991.400.960 bytes beschikbaar Post-Run: 6.945.804.288 bytes beschikbaar . - - End Of File - - 2E52B11B25294630A596DDAF7D0873CE
  • Verwijder Lavasoft AdAware uit jouw Windows. Dit tool is zo te zien beschadigd; echter zal jouw Windows ook blij zijn als die last er uit is. Daarna doe je [b:81d34886a7][url=http://www.eset.com/onlinescan/]de ESET online scan (Klik).[/url][/b:81d34886a7] [list:81d34886a7] [*:81d34886a7]Klik op de knop [b:81d34886a7]ESET Online Scanner[/b:81d34886a7] [*:81d34886a7]Zet een vinkje bij [b:81d34886a7]YES, I accept the Terms of Use[/b:81d34886a7] [*:81d34886a7]Klik op [b:81d34886a7]Start[/b:81d34886a7] [*:81d34886a7]Sta het ActiveX control toe om te installeren. [*:81d34886a7]Zet een vinkje bij de volgende opties: [list:81d34886a7][*:81d34886a7][b:81d34886a7]Remove found threats[/b:81d34886a7] [*:81d34886a7][b:81d34886a7]Scan archives[/b:81d34886a7][/list:u:81d34886a7] [*:81d34886a7]Klik vervolgens op [b:81d34886a7][color=#0000FF:81d34886a7]"Advanced Settings"[/color:81d34886a7][/b:81d34886a7] [list:81d34886a7][*:81d34886a7][b:81d34886a7]Scan for potentially unwanted applications[/b:81d34886a7] [*:81d34886a7][b:81d34886a7]Scan for potentially unsafe applications[/b:81d34886a7] [*:81d34886a7][b:81d34886a7]Enable Anti-Stealth technology [/b:81d34886a7][/list:u:81d34886a7] [*:81d34886a7]Klik op [b:81d34886a7]Start[/b:81d34886a7] [*:81d34886a7]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld. [*:81d34886a7]is de scan klaar, daarna mag jij het venster sluiten omdat de scan klaar is. [*:81d34886a7]Ga vervolgens naar C:\Program Files\ESET\ESET Online Scanner en klik daar op log.txt [*:81d34886a7]Selekteer, kopieer en plak dan de inhoud van dit log in je volgende bericht.[/list:u:81d34886a7] [color=#0000FF:81d34886a7][b:81d34886a7]N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller![/b:81d34886a7][/color:81d34886a7]
  • Lavasoft Ad-Aware is nu verwijderd. (Via configuratiescherm, software verwijderen etc.) Ben nu ESET online scan aan het uitvoeren. Ik heb trouwens Avira Antivir als gewone virusscanner geïnstalleerd. Lijkt mij normaal gesproken voldoende?
  • Ik schrik me hier even de pleuris! Ben nu met ESET Online Scanner op 30% maar heb al 3 trojans (Java/Exploit.CVE-2011-3544.AU, JS.Agent.NEJ en Win32/Rootkit.Kryptik.JV). Scan duurt nog wel even denk ik, ik post als de scan klaar is een Log-bestand!
  • Ik gebruik ook Avira. Meer info over hoe ik mijn Windows beveiligd heb vindt je hier: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=1474812#1474812
  • Heb net ESET Online Scanner uitgevoerd. Hij heeft 3 zaken verwijderd (Java/Exploit.CVE-2011-3544.AU, JS.Agent.NEJ en Win32/Rootkit.Kryptik.JV) en het zou nu allemaal clean moeten zijn. Een log posten kan ik niet doen, aangezien in het Logbestand een oud log stond, van een vorige scan die ik ooit al had uitgevoerd. Ik snap niet hoe dit kan, maar het is niet anders. Zou het nu goed moeten zijn? Voor de zekerheid een scan met HijackThis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:33:56, on 5-3-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Last.fm\LastFM.exe C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- End of file - 4138 bytes
  • Doe nu het volgende: [b:dbcbdeed07]Welk programma[/b:dbcbdeed07]: Malwarebytes MBAM [b:dbcbdeed07]Waarvoor/waarom[/b:dbcbdeed07]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware. [b:dbcbdeed07]Moeilijkheidsgraad[/b:dbcbdeed07]: geen. [b:dbcbdeed07]Download Malwarebytes MBAM via één van deze locaties[/b:dbcbdeed07]: [list:dbcbdeed07][*:dbcbdeed07][url=http://www.softpedia.com/result.php?sid=&pid=1-423&r=Z2V0L0FudGl2aXJ1cy9NYWx3YXJlYnl0ZXMtQW50aS1NYWx3YXJlLnNodG1s][b:dbcbdeed07]Softpedia.com[/b:dbcbdeed07][/url][*:dbcbdeed07][url=http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html][b:dbcbdeed07]Majorgeeks.com[/b:dbcbdeed07][/url][/list:u:dbcbdeed07] [b:dbcbdeed07]Allereerst[/b:dbcbdeed07]:[list:dbcbdeed07][*:dbcbdeed07] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus. [*:dbcbdeed07] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:dbcbdeed07] [b:dbcbdeed07]Malwarebytes MBAM opstarten[/b:dbcbdeed07]: [list:dbcbdeed07][*:dbcbdeed07] [b:dbcbdeed07][color=#0000FF:dbcbdeed07]Sluit nu eerst alle nog openstaande programmavensters![/color:dbcbdeed07][/b:dbcbdeed07] [list:dbcbdeed07][*:dbcbdeed07][b:dbcbdeed07][color=#0000FF:dbcbdeed07]Windows 2000[/color:dbcbdeed07][/b:dbcbdeed07] en [color=#0000FF:dbcbdeed07][b:dbcbdeed07]Windows XP[/b:dbcbdeed07][/color:dbcbdeed07]: start MBAM middels dubbelklik op de snelkoppeling. [*:dbcbdeed07][color=#0000FF:dbcbdeed07][b:dbcbdeed07]Windows Vista[/b:dbcbdeed07][/color:dbcbdeed07] en [color=#0000FF:dbcbdeed07][b:dbcbdeed07]Windows 7[/b:dbcbdeed07][/color:dbcbdeed07]: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.[/list:u:dbcbdeed07][/list:u:dbcbdeed07] [list:dbcbdeed07][*:dbcbdeed07][b:dbcbdeed07]Let op:[/b:dbcbdeed07] [list:dbcbdeed07][*:dbcbdeed07]Malwarebytes verstrekt nu de volledige versie van MBAM. [*:dbcbdeed07]Bij de eerstse start kijg je de mogelijkheid de volledige versie tijdelijk te gebruiken of de gratis versie. [*:dbcbdeed07]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken. [*:dbcbdeed07]Zodoende zal MBAM als gratis versie verder te gebruiken zijn[/list:u:dbcbdeed07][/list:u:dbcbdeed07] [img:dbcbdeed07]http://img30.imageshack.us/img30/3928/mbam2.png[/img:dbcbdeed07] [list:dbcbdeed07][*:dbcbdeed07][b:dbcbdeed07]Doe ook nog het volgende:[/b:dbcbdeed07] [list:dbcbdeed07][*:dbcbdeed07]Zodra het programma gestart is, ga dan naar het tabblad "[b:dbcbdeed07]Instellingen[/b:dbcbdeed07]". [*:dbcbdeed07]Vink hier aan: "[b:dbcbdeed07]Sluit Internet Explorer tijdens verwijdering van malware[/b:dbcbdeed07]".[/list:u:dbcbdeed07][/list:u:dbcbdeed07] [b:dbcbdeed07]Scannen[/b:dbcbdeed07]: [list:dbcbdeed07][*:dbcbdeed07] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'. [*:dbcbdeed07]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'. [*:dbcbdeed07]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:dbcbdeed07] [b:dbcbdeed07]Infecties gevonden[/b:dbcbdeed07]: [list:dbcbdeed07][*:dbcbdeed07]Klik nu eerst op OK om de melding weg te klikken [*:dbcbdeed07]Klik vervolgens rechtsonder op de knop Bekijk resultaten. [*:dbcbdeed07]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde. [*:dbcbdeed07]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [*:dbcbdeed07]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken! [*:dbcbdeed07]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:dbcbdeed07] [b:dbcbdeed07]MBAM-Log[/b:dbcbdeed07]: [list:dbcbdeed07][*:dbcbdeed07] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:dbcbdeed07] [b:dbcbdeed07]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:dbcbdeed07]
  • Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Databaseversie: v2012.02.28.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Niels :: NIELS-LAPTOP [administrator] 5-3-2012 19:12:52 mbam-log-2012-03-05 (19-12-52).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 181371 Verstreken tijd: 4 minuut/minuten, 27 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde)
  • We gaan opruimen. Maar eerst dit: hou MBAM en de Eset Onlinescanner in jouw Windows erbij. Navigeer naar [b:61a043eaea]C:\Program Files\ESET\ESET Online Scanner[/b:61a043eaea] en klik met rechts op [color=#0000FF:61a043eaea][b:61a043eaea]OnlineScannerApp.exe[/b:61a043eaea][/color:61a043eaea] en kies dan voor Snelkoppeling op het bureaublad plaatsen. Gebruik MBAM 1x wekelijks - na upaten kies je voor snelle scan. Gebruik OnlineScannerApp.exe ix maandelijks. Eset zal nu als App opstarten, dan kan je de scan-instellingen aanvinken en vervolgens zal het updateproces beginnen en daarna de scan starten. En nog een tip: hier - [url]http://www.jawwi.nl/artikelen/cookies.html[/url] - vindt je info over cookies en hoe in je browser(s) AdAware cookies te weren. [color=#FF0000:61a043eaea][b:61a043eaea]Stap •1•[/b:61a043eaea][/color:61a043eaea] [b:61a043eaea]C:\TDSSstarter[/b:61a043eaea] mag je handmatig verwijderen. [color=#FF0000:61a043eaea][b:61a043eaea]Stap •2•[/b:61a043eaea][/color:61a043eaea] ComboFix mag nu verwijderd worden: [list:61a043eaea][*:61a043eaea] ga daarvoor naar Start - Uitvoeren [*:61a043eaea] kopieer en plak hierin het volgende: [b:61a043eaea]Combofix /Uninstall[/b:61a043eaea] [*:61a043eaea] klik daarna op [b:61a043eaea]OK[/b:61a043eaea]. [*:61a043eaea] ComboFix start op en het lijkt erop dat het tool zich installeert, maar dat is niet zo; [*:61a043eaea] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:61a043eaea] Voorbeeld: [img:61a043eaea]http://www.emphyrio.be/images/SMUninstall_combofix.png[/img:61a043eaea] Uitvoeren kan ook gestart worden door de toetsen "Windowstoets + R" gelijktijdig in te drukken. [i:61a043eaea]Dit zal Combofix verwijderen inclusief gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.[/i:61a043eaea] [color=#FF0000:61a043eaea][b:61a043eaea]Stap •3•[/b:61a043eaea][/color:61a043eaea] [b:61a043eaea]Welk programma[/b:61a043eaea]: TFC. [b:61a043eaea]Waarvoor/waarom[/b:61a043eaea]:grondige reiniging van Windows. [b:61a043eaea]Moeilijkheidsgraad[/b:61a043eaea]: geen. Windows Vista en Windows 7 gebruikers starten dit tool via rechtsklik erop met administratorrechten. [b:61a043eaea]Download: [url=http://oldtimer.geekstogo.com/TFC.exe][color=#0000FF:61a043eaea]Download TFC naar je bureaublad (klick)[/color:61a043eaea] [/b:61a043eaea][/url] [b:61a043eaea]TFC opstarten[/b:61a043eaea]: Windows 2000 en Windows XP: start TFC.exe middels dubbelklik op de snelkoppeling. Windows Vista en Windows 7: start TFC.exe middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren. [list:61a043eaea][*:61a043eaea] Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen! [*:61a043eaea] Vervolgens klik je op de knop [b:61a043eaea]Start[/b:61a043eaea] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is. [*:61a043eaea] Indien TFC klaar is, dan komt de melding dat de computer opnieuw opgestart wordt. [*:61a043eaea] Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op. [*:61a043eaea] Noot: TFC vertoont geen log![/list:u:61a043eaea] [color=#FF0000:61a043eaea][b:61a043eaea]Stap •4•[/b:61a043eaea][/color:61a043eaea] Doe ook nog een test, om te kijken hoe goed de huidige veiligheidssituatie in Windows is. Download naar je bureaublad [url=http://screen317.spywareinfoforum.org/SecurityCheck.exe][b:61a043eaea][color=#0000FF:61a043eaea]Security Check[/color:61a043eaea][/b:61a043eaea][/url]. [list:61a043eaea][*:61a043eaea] Klik/dubbelklik op [b:61a043eaea]SecurityCheck.exe[/b:61a043eaea] en let op de instrukties in het zwarte venster. [*:61a043eaea] Een Kladblok document genaamd [b:61a043eaea]checkup.txt[/b:61a043eaea] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad. [*:61a043eaea] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:61a043eaea] Post de inhoud van [b:61a043eaea]checkup.txt [/b:61a043eaea]in je volgende post.
  • Stap 1 - Gedaan Stap 2 - Gedaan Stap 3 - Gedaan Stap 4 Results of screen317's Security Check version 0.99.31 Windows 7 Service Pack 1 x86 Internet Explorer 9 [b:501a63cb00]`````````````````````````````` [u:501a63cb00]Antivirus/Firewall Check:[/u:501a63cb00][/b:501a63cb00] [color=red:501a63cb00][b:501a63cb00]Windows Security Center service is not running! This report may not be accurate![/b:501a63cb00][/color:501a63cb00] Avira Free Antivirus ESET Online Scanner v3 [size=1:501a63cb00]WMI entry may not exist for antivirus; attempting automatic update.[/size:501a63cb00] Avira successfully updated! [b:501a63cb00]``````````````````````````````` [u:501a63cb00]Anti-malware/Other Utilities Check:[/u:501a63cb00][/b:501a63cb00] CCleaner Java(TM) 6 Update 26 [color=red:501a63cb00][b:501a63cb00]Java version out of date![/b:501a63cb00][/color:501a63cb00] Adobe Flash Player 11.1.102.55 Mozilla Firefox (4.0b7.) [b:501a63cb00]```````````````````````````````` Process Check: [u:501a63cb00]objlist.exe by Laurent[/u:501a63cb00][/b:501a63cb00] Avira Antivir avgnt.exe Avira Antivir avguard.exe [b:501a63cb00]``````````End of Log````````````[/b:501a63cb00]
  • Java is verouderd, download daarom nu eerst [url=http://javadl.sun.com/webapps/download/AutoDL?BundleId=60336][b:bd08dac12d]Java 6 Update 31 (x86) voor Windows 7/XP/Vista/2000/2003/2008 Offline[/b:bd08dac12d][/url] naar jouw bureaublad. [b:bd08dac12d]Echter nog niet de nieuwe versie installeren![/b:bd08dac12d] Je gaat daarna eerst naar Configuratiescherm [list:bd08dac12d][*:bd08dac12d][b:bd08dac12d]Software[/b:bd08dac12d] - Windows 2000/Windows XP [*:bd08dac12d][b:bd08dac12d]Programma's en onderdelen[/b:bd08dac12d] - Windows Vista en Windows 7[/list:u:bd08dac12d] en je verwijdert daar [b:bd08dac12d]Java(TM) 6 Update 26[/b:bd08dac12d] Vervolgens start jij je PC opnieuw op. Dan mag je daarna de nieuwste Java versie installeren. Adobe Flasplayer is net vernieuwd: http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=216449
  • Heb de volgende programma's geupdate: [list:f0ec7a4d32]Java[/list:u:f0ec7a4d32] [list:f0ec7a4d32]Adobe Flashplayer[/list:u:f0ec7a4d32] [list:f0ec7a4d32]Adobe Shockwave[/list:u:f0ec7a4d32] Ik ga ervan uit dat het nu allemaal goed is?
  • In principe waarschijnlijk wel. Maar via mijn laatste tip weet je het zeker: ga meermaals per jaar naar [b:76c7a47084][url=http://secunia.com/vulnerability_scanning/online/]Secunia PSI (klik)[/url][/b:76c7a47084] om te controleren of ook alles binnen Windows uptodate is. Want alleen dan is Windows op zijn veiligst! Klik op de Secunia site eerst op de knop [b:76c7a47084]Start Scanner[/b:76c7a47084] en zet vervolgens op de nieuwe pagina eerst een vinkje bij [b:76c7a47084]Enable thorough system inspection[/b:76c7a47084] aleer op [b:76c7a47084]Start[/b:76c7a47084] te klikken! Gebruik je geen Java, dan zal de site niet werken. Dan kan je de [b:76c7a47084]Secunia Personal Software Inspector (PSI)[/b:76c7a47084] downloaden en installeren. N.B.: na installatie start dit tool automatisch met Windows, maar dat is echt niet nodig en kan uitgescakeld worden! [url]http://secunia.com/vulnerability_scanning/personal/[/url]

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.