Vraag & Antwoord

Beveiliging & privacy

computer soms traag

33 antwoorden
  • Mijn computer is altijd supersnel, ik heb er veel geheugen in gedaan. Maar de laatste tijd is ie soms erg traag, vooral youtubefilmpjes willen maar niet op gang komen. Misschien willen jullie even mijn hijackthislog bekijken, ik vind er vreemde dingen tussenstaan. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:10:27, on 2-3-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ezSP_Px.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Brownie\BrstsWnd.exe C:\Program Files\Andrea Electronics\AudioCommander\AudioCommander.exe C:\Program Files\Andrea Electronics\AudioCommander\AEFltrs.exe C:\Program Files\Andrea Electronics\VoiceCenter\AndreaVC.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Brownie\brpjp04a.exe C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe C:\Program Files\Creative\Software Update 3\SoftAuto.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun O4 - HKLM\..\Run: [AudioCommander] "C:\Program Files\Andrea Electronics\AudioCommander\AudioCommander.exe" /tray O4 - HKLM\..\Run: [AEFltrs] "C:\Program Files\Andrea Electronics\AudioCommander\AEFltrs.exe" /NoDlg O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Andrea Electronics\VoiceCenter\AndreaVC.exe" /tray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [JWOSetup] JWOSetup.exe -en O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [CTZDetec.exe] "C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [JWOSetup] JWOSetup.exe -u O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: PHOTOfunSTUDIO 5.0 HD Edition.lnk = C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} - http://static.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.com/scan8/oscan8.cab O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124110007421 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15111/CTPID.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe -- End of file - 10575 bytes Alvast zeer bedankt.
  • Hallo Diana, zo te zien zit er inderdaad een behoorlijke besmetting in jouw Windows. [b:fee81d1106]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:fee81d1106] [color=#0000FF:fee81d1106][list:fee81d1106][*:fee81d1106]Lees telkens elke instruktie eerst goed door. [*:fee81d1106]De gegeven instrukties gelden alleen jouw Windows. [*:fee81d1106]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat mogelijk serieuze problemen in Windows veroorzaken. [*:fee81d1106][b:fee81d1106]Installeer geen nieuwe programma's, updates of nieuwe hardware terwijl we met de fix bezig zijn. [*:fee81d1106]Gebruik ook geen andere programma's of tools dan diegenen waartoe ik opdracht geef.[/b:fee81d1106] [*:fee81d1106] Emoticons (smileys) a.u.b. uitzetten, wanneer je een log post. [*:fee81d1106]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken. [*:fee81d1106]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht. [*:fee81d1106]Ook indien je iets niet begrijpt, meldt dat dan. [*:fee81d1106]De fix, eenmaal gestart, dient afgewerkt te worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:fee81d1106][/color:fee81d1106] [color=#FF0000:fee81d1106][b:fee81d1106]Stap •1•[/b:fee81d1106][/color:fee81d1106] Sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:fee81d1106]Fix checked[/b:fee81d1106] klikt! Start nu HijackThis en klik op de knop [b:fee81d1106]Do a Scan only, O4 - HKLM\..\Run: [AudioCommander] "C:\Program Files\Andrea Electronics\AudioCommander\AudioCommander.exe" /tray O4 - HKLM\..\Run: [AEFltrs] "C:\Program Files\Andrea Electronics\AudioCommander\AEFltrs.exe" /NoDlg O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Andrea Electronics\VoiceCenter\AndreaVC.exe" /tray O4 - HKCU\..\Run: [CTZDetec.exe] "C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" [/b:fee81d1106] [list:fee81d1106][*:fee81d1106] zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen [*:fee81d1106] Sluit nu de webbrowser en vervolgens klik je daarna op de knop [b:fee81d1106]Fix checked[/b:fee81d1106] [*:fee81d1106] Klik hierna HijackThis op uit.[/list:u:fee81d1106] [b:fee81d1106] Start de computer na de fix opnieuw op[/b:fee81d1106] [color=#FF0000:fee81d1106][b:fee81d1106]Stap •2•[/b:fee81d1106][/color:fee81d1106] [b:fee81d1106]Welk programma[/b:fee81d1106]: Malwarebytes MBAM [b:fee81d1106]Waarvoor/waarom[/b:fee81d1106]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware. [b:fee81d1106]Moeilijkheidsgraad[/b:fee81d1106]: geen. [b:fee81d1106]Download Malwarebytes MBAM via één van deze locaties[/b:fee81d1106]: [list:fee81d1106][*:fee81d1106][url=http://www.softpedia.com/result.php?sid=&pid=1-423&r=Z2V0L0FudGl2aXJ1cy9NYWx3YXJlYnl0ZXMtQW50aS1NYWx3YXJlLnNodG1s][b:fee81d1106]Softpedia.com[/b:fee81d1106][/url][*:fee81d1106][url=http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html][b:fee81d1106]Majorgeeks.com[/b:fee81d1106][/url][/list:u:fee81d1106] [b:fee81d1106]Allereerst[/b:fee81d1106]:[list:fee81d1106][*:fee81d1106] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus. [*:fee81d1106] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'! [/list:u:fee81d1106] [b:fee81d1106]Malwarebytes MBAM opstarten[/b:fee81d1106]: [list:fee81d1106][*:fee81d1106] [b:fee81d1106][color=#0000FF:fee81d1106]Sluit nu eerst alle nog openstaande programmavensters![/color:fee81d1106][/b:fee81d1106] [list:fee81d1106][*:fee81d1106][b:fee81d1106][color=#0000FF:fee81d1106]Windows 2000[/color:fee81d1106][/b:fee81d1106] en [color=#0000FF:fee81d1106][b:fee81d1106]Windows XP[/b:fee81d1106][/color:fee81d1106]: start MBAM middels dubbelklik op de snelkoppeling. [*:fee81d1106][color=#0000FF:fee81d1106][b:fee81d1106]Windows Vista[/b:fee81d1106][/color:fee81d1106] en [color=#0000FF:fee81d1106][b:fee81d1106]Windows 7[/b:fee81d1106][/color:fee81d1106]: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.[/list:u:fee81d1106][/list:u:fee81d1106] [list:fee81d1106][*:fee81d1106][b:fee81d1106]Let op:[/b:fee81d1106] [list:fee81d1106][*:fee81d1106]Malwarebytes verstrekt nu de volledige versie van MBAM. [*:fee81d1106]Bij de eerstse start kijg je de mogelijkheid de volledige versie te gebruiken of de gratis versie. [*:fee81d1106]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken. [*:fee81d1106]Zodoende zal MBAM als gratis versie verder te gebruiken zijn[/list:u:fee81d1106][/list:u:fee81d1106] [img:fee81d1106]http://img30.imageshack.us/img30/3928/mbam2.png[/img:fee81d1106] [list:fee81d1106][*:fee81d1106][b:fee81d1106]Doe ook nog het volgende:[/b:fee81d1106] [list:fee81d1106][*:fee81d1106]Zodra het programma gestart is, ga dan naar het tabblad "[b:fee81d1106]Instellingen[/b:fee81d1106]". [*:fee81d1106]Vink hier aan: "[b:fee81d1106]Sluit Internet Explorer tijdens verwijdering van malware[/b:fee81d1106]".[/list:u:fee81d1106][/list:u:fee81d1106] [b:fee81d1106]Scannen[/b:fee81d1106]: [list:fee81d1106][*:fee81d1106] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'. [*:fee81d1106]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'. [*:fee81d1106]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:fee81d1106] [b:fee81d1106]Infecties gevonden[/b:fee81d1106]: [list:fee81d1106][*:fee81d1106]Klik nu eerst op OK om de melding weg te klikken [*:fee81d1106]Klik vervolgens rechtsonder op de knop Bekijk resultaten. [*:fee81d1106]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde. [*:fee81d1106]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [*:fee81d1106]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken! [*:fee81d1106]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:fee81d1106] [b:fee81d1106]MBAM-Log[/b:fee81d1106]: [list:fee81d1106][*:fee81d1106] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:fee81d1106] [b:fee81d1106]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:fee81d1106] [color=#FF0000:fee81d1106][b:fee81d1106]Stap •3•[/b:fee81d1106][/color:fee81d1106] [b:fee81d1106]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:fee81d1106] [list:fee81d1106][*:fee81d1106] een Hijackthis-log [*:fee81d1106] MBAM scanlog[/list:u:fee81d1106] Tevens een Uninstall-lijst posten: [list:fee81d1106][*:fee81d1106] start HijackThis, [*:fee81d1106] klik op de knop Open the Misc Tools section, [*:fee81d1106] klik op de knop Open Uninstall Manager, [*:fee81d1106] Klik op de knop Save.[/list:u:fee81d1106]
  • Hoi Abraham, Ik denk dat je je vergist, de dingen die je aanvinkt zijn namelijk betrouwbare fabrikanten. De ene is Andrea electronics, dat is een externe geluidskaart die ik gebruik voor een spraakprogramma van Naturally Speaking. Wordt aanbevolen door Naturally Speaking. De andere is van Creative, dat is het merk van mijn mp3-speler. Creative Light is een programma om muzieknummers mee te beheren. Ik hoor graag je reactie, groet Diana
  • Hallo Diana, Die Creative software hoeft niet met Windows op te starten. En wat betreft dat Andrea Electronics, dat had ik iets beter moeten onderzoeken inderdaad. Maar waar blijft nu dat MBAM-log?
  • Ik heb eergisteren nog de mbamlog gedaan en hij had niks gevonden.
  • Dan gaan we dieper kijken: [color=#FF0000:cb00897f1c][b:cb00897f1c]Stap •1•[/b:cb00897f1c][/color:cb00897f1c] [b:cb00897f1c]Welk programma[/b:cb00897f1c]: [b:cb00897f1c]TDSSStarter.exe[/b:cb00897f1c] [b:cb00897f1c]Waarvoor/waarom[/b:cb00897f1c]: Rootkitscanner [b:cb00897f1c]Moeilijkheidsgraad[/b:cb00897f1c]: geen Download [b:cb00897f1c][url=http://home.kpn.nl/stefsmeenk/tools/TDSSKStarter.exe]TDSSStarter[/url][/b:cb00897f1c] naar het bureaublad. [b:cb00897f1c]"TDSSSStarter.exe" gebruiken[/b:cb00897f1c]: [list:cb00897f1c][*:cb00897f1c] [b:cb00897f1c][color=#0000FF:cb00897f1c]Sluit nu eerst alle nog openstaande programmavensters![/color:cb00897f1c][/b:cb00897f1c] [list:cb00897f1c][*:cb00897f1c][b:cb00897f1c][color=#0000FF:cb00897f1c]Windows 2000[/color:cb00897f1c][/b:cb00897f1c] en [color=#0000FF:cb00897f1c][b:cb00897f1c]Windows XP[/b:cb00897f1c][/color:cb00897f1c]: start het tool middels dubbelklik op "[i:cb00897f1c] TDSSStarter .exe[/i:cb00897f1c]". [*:cb00897f1c][color=#0000FF:cb00897f1c][b:cb00897f1c]Windows Vista[/b:cb00897f1c][/color:cb00897f1c] en [color=#0000FF:cb00897f1c][b:cb00897f1c]Windows 7[/b:cb00897f1c][/color:cb00897f1c]: start het tool middels rechtsklik op "[i:cb00897f1c]TDSSStarter.exe[/i:cb00897f1c]" en dan kiezen voor [i:cb00897f1c][b:cb00897f1c]Als Administrator uitvoeren[/b:cb00897f1c][/i:cb00897f1c].[/list:u:cb00897f1c] [*:cb00897f1c]Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten. [*:cb00897f1c]Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.[/list:u:cb00897f1c] [color=#FF0000:cb00897f1c][b:cb00897f1c]Stap •2•[/b:cb00897f1c][/color:cb00897f1c] [b:cb00897f1c]Welk programma[/b:cb00897f1c]: ComboFix [b:cb00897f1c]Waarvoor/waarom[/b:cb00897f1c]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:cb00897f1c]Moeilijkheidsgraad[/b:cb00897f1c]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:cb00897f1c]Downloadlokatie[/b:cb00897f1c]: Dit programma absoluut naar het bureaublad downloaden! [b:cb00897f1c]Download ComboFix via één van deze locaties[/b:cb00897f1c]: [list:cb00897f1c][*:cb00897f1c][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:cb00897f1c]Bleepingcomputer[/b:cb00897f1c][/url] [*:cb00897f1c][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:cb00897f1c]ForoSpyware[/b:cb00897f1c][/url] [*:cb00897f1c][url=http://subs.geekstogo.com/ComboFix.exe][b:cb00897f1c]Geekstogo[/b:cb00897f1c][/url][/list:u:cb00897f1c] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:cb00897f1c]Hier[/b:cb00897f1c][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:cb00897f1c]Hier[/b:cb00897f1c][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:cb00897f1c]hier[/b:cb00897f1c][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:cb00897f1c]Voor alle duidelijkheid nogmaals[/b:cb00897f1c]: ComboFix dient vanaf het bureaublad gestart te worden. [b:cb00897f1c]Opmerkingen[/b:cb00897f1c]: [list:cb00897f1c][*:cb00897f1c] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).[/list:u:cb00897f1c] [b:cb00897f1c]ComboFix opstarten[/b:cb00897f1c]: [list:cb00897f1c][*:cb00897f1c] [b:cb00897f1c][color=#0000FF:cb00897f1c]Sluit nu eerst alle nog openstaande programmavensters![/color:cb00897f1c][/b:cb00897f1c] [list:cb00897f1c][*:cb00897f1c][b:cb00897f1c][color=#0000FF:cb00897f1c]Windows 2000[/color:cb00897f1c][/b:cb00897f1c] en [color=#0000FF:cb00897f1c][b:cb00897f1c]Windows XP[/b:cb00897f1c][/color:cb00897f1c]: start ComboFix.exe middels dubbelklik op ComboFix.exe. [*:cb00897f1c][color=#0000FF:cb00897f1c][b:cb00897f1c]Windows Vista[/b:cb00897f1c][/color:cb00897f1c] en [color=#0000FF:cb00897f1c][b:cb00897f1c]Windows 7[/b:cb00897f1c][/color:cb00897f1c]: start ComboFix.exe via rechtsklik op ComboFix.exe en kies dan voor [i:cb00897f1c][b:cb00897f1c]Als Administrator uitvoeren[/b:cb00897f1c][/i:cb00897f1c].[/list:u:cb00897f1c][/list:u:cb00897f1c] [b:cb00897f1c]ComboFix is opgestart[/b:cb00897f1c]: [list:cb00897f1c][*:cb00897f1c]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:cb00897f1c]Combofix sluit tijdens de scan de internet verbinding; probeer deze tussentijds niet te herstellen! [*:cb00897f1c]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:cb00897f1c]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:cb00897f1c]Post de inhoud van dit logbestand in je volgende bericht. [*:cb00897f1c]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:cb00897f1c] [b:cb00897f1c]Belangrijke opmerking[/b:cb00897f1c]: [list:cb00897f1c][*:cb00897f1c][b:cb00897f1c][color=Red:cb00897f1c]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:cb00897f1c][/b:cb00897f1c] [*:cb00897f1c][b:cb00897f1c][color=blue:cb00897f1c]Illegal operation attempted on a registery key that has been marked for deletion.[/color:cb00897f1c][/b:cb00897f1c] [*:cb00897f1c][b:cb00897f1c][color=Red:cb00897f1c]Start dan de computer opnieuw op.[/color:cb00897f1c][/b:cb00897f1c][/list:u:cb00897f1c] [color=#FF0000:cb00897f1c][b:cb00897f1c]Stap •3•[/b:cb00897f1c][/color:cb00897f1c] [b:cb00897f1c]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:cb00897f1c] [list:cb00897f1c][*:cb00897f1c] TDSSKStarter-log [*:cb00897f1c] ComboFix.txt-log [/list:u:cb00897f1c]
  • Resultaat killer starter (kon ik overigens niet op bureaublad krijgen) 14:12:26.0046 2368 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39 14:12:26.0062 2368 ============================================================ 14:12:26.0062 2368 Current date / time: 2012/03/05 14:12:26.0062 14:12:26.0062 2368 SystemInfo: 14:12:26.0062 2368 14:12:26.0062 2368 OS Version: 5.1.2600 ServicePack: 3.0 14:12:26.0062 2368 Product type: Workstation 14:12:26.0062 2368 ComputerName: UW-C5C0C24F5CAE 14:12:26.0062 2368 UserName: gebruiker 14:12:26.0062 2368 Windows directory: C:\WINDOWS 14:12:26.0062 2368 System windows directory: C:\WINDOWS 14:12:26.0062 2368 Processor architecture: Intel x86 14:12:26.0062 2368 Number of processors: 2 14:12:26.0062 2368 Page size: 0x1000 14:12:26.0062 2368 Boot type: Normal boot 14:12:26.0062 2368 ============================================================ 14:12:27.0515 2368 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 14:12:27.0515 2368 Drive \Device\Harddisk1\DR5 - Size: 0xF456200 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 14:12:27.0531 2368 \Device\Harddisk0\DR0: 14:12:27.0531 2368 MBR used 14:12:27.0531 2368 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3FFAC5, BlocksNum 0x62C5E6F 14:12:27.0546 2368 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x66C5973, BlocksNum 0x9C39D56 14:12:27.0562 2368 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x102FF708, BlocksNum 0x27193B9 14:12:27.0562 2368 \Device\Harddisk1\DR5: 14:12:27.0578 2368 MBR used 14:12:27.0578 2368 \Device\Harddisk1\DR5\Partition0: MBR, Type 0x6, StartLBA 0x30, BlocksNum 0x7A280 14:12:27.0843 2368 Initialize success 14:12:27.0843 2368 ============================================================ 14:12:27.0890 2560 ============================================================ 14:12:27.0890 2560 Scan started 14:12:27.0890 2560 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent; 14:12:27.0890 2560 ============================================================ 14:12:28.0718 2560 Abiosdsk - ok 14:12:28.0750 2560 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 14:12:29.0609 2560 abp480n5 - ok 14:12:29.0734 2560 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 14:12:30.0046 2560 ACPI - ok 14:12:30.0093 2560 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys 14:12:30.0218 2560 ACPIEC - ok 14:12:30.0250 2560 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 14:12:30.0390 2560 adpu160m - ok 14:12:30.0421 2560 aeaudio2 (35186fe2b4d9b5fe5c52bcdf7dbda3a6) C:\WINDOWS\system32\drivers\aeaudio2.sys 14:12:30.0468 2560 aeaudio2 - ok 14:12:30.0484 2560 aeaudiol (18de69e6fafe3503fcfa2fef552a2228) C:\WINDOWS\system32\drivers\aeaudiol.sys 14:12:30.0515 2560 aeaudiol - ok 14:12:30.0562 2560 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 14:12:30.0687 2560 aec - ok 14:12:30.0718 2560 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 14:12:30.0765 2560 AFD - ok 14:12:30.0796 2560 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 14:12:30.0937 2560 agp440 - ok 14:12:30.0953 2560 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 14:12:31.0093 2560 agpCPQ - ok 14:12:31.0125 2560 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 14:12:31.0187 2560 Aha154x - ok 14:12:31.0203 2560 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 14:12:31.0328 2560 aic78u2 - ok 14:12:31.0343 2560 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 14:12:31.0468 2560 aic78xx - ok 14:12:31.0515 2560 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS 14:12:31.0625 2560 ALCXSENS - ok 14:12:31.0671 2560 ALCXWDM (391344370018a87a6c478ab76c7a47a8) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 14:12:31.0734 2560 ALCXWDM - ok 14:12:31.0765 2560 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 14:12:31.0890 2560 AliIde - ok 14:12:32.0000 2560 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 14:12:32.0140 2560 alim1541 - ok 14:12:32.0156 2560 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 14:12:32.0296 2560 amdagp - ok 14:12:32.0328 2560 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 14:12:32.0390 2560 amsint - ok 14:12:32.0421 2560 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 14:12:32.0562 2560 Arp1394 - ok 14:12:32.0578 2560 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 14:12:32.0718 2560 asc - ok 14:12:32.0734 2560 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 14:12:32.0796 2560 asc3350p - ok 14:12:32.0812 2560 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 14:12:32.0953 2560 asc3550 - ok 14:12:32.0968 2560 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 14:12:33.0125 2560 AsyncMac - ok 14:12:33.0140 2560 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 14:12:33.0281 2560 atapi - ok 14:12:33.0296 2560 Atdisk - ok 14:12:33.0359 2560 ati2mtag (aae41c74db4dd34e8e97cb3a7a92c0b6) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 14:12:33.0484 2560 ati2mtag - ok 14:12:33.0500 2560 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 14:12:33.0640 2560 Atmarpc - ok 14:12:33.0671 2560 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 14:12:33.0812 2560 audstub - ok 14:12:33.0843 2560 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 14:12:48.0984 2560 AVGIDSDriver - ok 14:12:49.0062 2560 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 14:12:49.0078 2560 AVGIDSEH - ok 14:12:49.0109 2560 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 14:12:49.0125 2560 AVGIDSFilter - ok 14:12:49.0156 2560 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 14:12:49.0171 2560 AVGIDSShim - ok 14:12:49.0203 2560 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 14:12:49.0234 2560 Avgldx86 - ok 14:12:49.0265 2560 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 14:12:49.0281 2560 Avgmfx86 - ok 14:12:49.0296 2560 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 14:12:49.0312 2560 Avgrkx86 - ok 14:12:49.0343 2560 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 14:12:49.0375 2560 Avgtdix - ok 14:12:49.0406 2560 b57w2k (b9543b0c771feab7ca095303007a159c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 14:12:49.0453 2560 b57w2k - ok 14:12:49.0500 2560 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 14:12:49.0640 2560 Beep - ok 14:12:49.0671 2560 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys 14:12:49.0828 2560 BthEnum - ok 14:12:49.0843 2560 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys 14:12:50.0000 2560 BthPan - ok 14:12:50.0046 2560 BTHPORT (29ff6a865782d0f5b8e7fa1ffab4182b) C:\WINDOWS\system32\Drivers\BTHport.sys 14:12:50.0125 2560 BTHPORT - ok 14:12:50.0156 2560 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys 14:12:50.0296 2560 BTHUSB - ok 14:12:50.0296 2560 catchme - ok 14:12:50.0343 2560 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 14:12:50.0468 2560 cbidf - ok 14:12:50.0484 2560 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 14:12:50.0609 2560 cbidf2k - ok 14:12:50.0656 2560 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 14:12:50.0781 2560 CCDECODE - ok 14:12:50.0812 2560 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 14:12:50.0875 2560 cd20xrnt - ok 14:12:50.0906 2560 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 14:12:51.0031 2560 Cdaudio - ok 14:12:51.0046 2560 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 14:12:51.0187 2560 Cdfs - ok 14:12:51.0218 2560 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 14:12:51.0343 2560 Cdrom - ok 14:12:51.0343 2560 Changer - ok 14:12:51.0359 2560 CmdIde (026ba1f2d9c9f742ec3823d0214cd67c) C:\WINDOWS\system32\DRIVERS\cmdide.sys 14:12:51.0484 2560 CmdIde - ok 14:12:51.0500 2560 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 14:12:51.0625 2560 Cpqarray - ok 14:12:51.0656 2560 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 14:12:51.0781 2560 dac2w2k - ok 14:12:51.0812 2560 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 14:12:51.0953 2560 dac960nt - ok 14:12:51.0984 2560 DCamUSBSQTECH (100ff3d9e16afb3163bd6f9aaaab7c55) C:\WINDOWS\system32\Drivers\SQcaptur.sys 14:12:52.0015 2560 DCamUSBSQTECH ( UnsignedFile.Multi.Generic ) - warning 14:12:52.0015 2560 DCamUSBSQTECH - detected UnsignedFile.Multi.Generic (1) 14:12:52.0031 2560 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 14:12:52.0171 2560 Disk - ok 14:12:52.0234 2560 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys 14:12:52.0421 2560 dmboot - ok 14:12:52.0453 2560 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys 14:12:52.0734 2560 dmio - ok 14:12:52.0859 2560 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 14:12:53.0000 2560 dmload - ok 14:12:53.0046 2560 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 14:12:53.0171 2560 DMusic - ok 14:12:53.0203 2560 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys 14:12:53.0328 2560 Dot4 - ok 14:12:53.0390 2560 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys 14:12:53.0515 2560 Dot4Print - ok 14:12:53.0546 2560 dot4usb (f48841c737d7dc9610bf5f49a76c2ed1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys 14:12:53.0671 2560 dot4usb - ok 14:12:53.0703 2560 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 14:12:53.0843 2560 dpti2o - ok 14:12:53.0859 2560 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 14:12:54.0000 2560 drmkaud - ok 14:12:54.0031 2560 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys 14:12:54.0171 2560 EL90XBC - ok 14:12:54.0187 2560 EMCR (48a85c0a5151c21be2dbaa3fc3a9c389) C:\WINDOWS\system32\DRIVERS\EMCR7SK.SYS 14:12:54.0203 2560 EMCR ( UnsignedFile.Multi.Generic ) - warning 14:12:54.0203 2560 EMCR - detected UnsignedFile.Multi.Generic (1) 14:12:54.0234 2560 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 14:12:54.0343 2560 Fastfat - ok 14:12:54.0359 2560 fasttrak (f0196b7a8fe3098099721675db361272) C:\WINDOWS\system32\DRIVERS\FASTTRAK.SYS 14:12:54.0390 2560 fasttrak ( UnsignedFile.Multi.Generic ) - warning 14:12:54.0390 2560 fasttrak - detected UnsignedFile.Multi.Generic (1) 14:12:54.0421 2560 fasttx2k (3acbc73531dedd69837fe73b1623d49c) C:\WINDOWS\system32\DRIVERS\FASTTX2K.SYS 14:12:54.0437 2560 fasttx2k ( UnsignedFile.Multi.Generic ) - warning 14:12:54.0437 2560 fasttx2k - detected UnsignedFile.Multi.Generic (1) 14:12:54.0453 2560 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 14:12:54.0593 2560 Fdc - ok 14:12:54.0609 2560 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys 14:12:54.0750 2560 Fips - ok 14:12:54.0765 2560 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 14:12:54.0890 2560 Flpydisk - ok 14:12:54.0937 2560 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 14:12:55.0078 2560 FltMgr - ok 14:12:55.0078 2560 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 14:12:55.0203 2560 Fs_Rec - ok 14:12:55.0218 2560 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 14:12:55.0343 2560 Ftdisk - ok 14:12:55.0390 2560 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 14:12:55.0406 2560 GEARAspiWDM - ok 14:12:55.0421 2560 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 14:12:55.0578 2560 Gpc - ok 14:12:55.0609 2560 HidBth (d8cc702bb02ad520c3379e7ecb009ae1) C:\WINDOWS\system32\DRIVERS\hidbth.sys 14:12:55.0734 2560 HidBth - ok 14:12:55.0750 2560 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 14:12:55.0890 2560 HidUsb - ok 14:12:55.0906 2560 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 14:12:56.0031 2560 hpn - ok 14:12:56.0078 2560 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 14:12:56.0187 2560 HTTP - ok 14:12:56.0203 2560 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 14:12:56.0328 2560 i2omgmt - ok 14:12:56.0359 2560 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 14:12:56.0500 2560 i2omp - ok 14:12:56.0515 2560 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 14:12:56.0640 2560 i8042prt - ok 14:12:56.0671 2560 iaStor (50b56e7de809be4b8f4d24b3f0381520) C:\WINDOWS\system32\DRIVERS\IASTOR.SYS 14:12:56.0687 2560 iaStor ( UnsignedFile.Multi.Generic ) - warning 14:12:56.0687 2560 iaStor - detected UnsignedFile.Multi.Generic (1) 14:12:56.0703 2560 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 14:12:56.0843 2560 Imapi - ok 14:12:56.0859 2560 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 14:12:56.0984 2560 ini910u - ok 14:12:57.0000 2560 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys 14:12:57.0125 2560 IntelIde - ok 14:12:57.0156 2560 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys 14:12:57.0281 2560 intelppm - ok 14:12:57.0312 2560 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 14:12:57.0437 2560 Ip6Fw - ok 14:12:57.0453 2560 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 14:12:57.0578 2560 IpFilterDriver - ok 14:12:57.0593 2560 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 14:12:57.0718 2560 IpInIp - ok 14:12:57.0750 2560 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 14:12:57.0875 2560 IpNat - ok 14:12:57.0906 2560 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 14:12:58.0046 2560 IPSec - ok 14:12:58.0062 2560 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 14:12:58.0140 2560 IRENUM - ok 14:12:58.0171 2560 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys 14:12:58.0296 2560 isapnp - ok 14:12:58.0312 2560 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 14:12:58.0437 2560 Kbdclass - ok 14:12:58.0468 2560 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 14:12:58.0593 2560 kbdhid - ok 14:12:58.0609 2560 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 14:12:58.0734 2560 kmixer - ok 14:12:58.0765 2560 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 14:12:58.0828 2560 KSecDD - ok 14:12:58.0843 2560 lbrtfdc - ok 14:12:58.0859 2560 LHidFlt2 - ok 14:12:58.0875 2560 LHidUsbK - ok 14:12:58.0890 2560 LMouKE - ok 14:12:58.0890 2560 LUsbKbd - ok 14:12:58.0921 2560 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 14:12:59.0062 2560 mnmdd - ok 14:12:59.0093 2560 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys 14:12:59.0234 2560 Modem - ok 14:12:59.0281 2560 motmodem (5023875a94b0766d98a62a72bc4cb055) C:\WINDOWS\system32\DRIVERS\motmodem.sys 14:12:59.0390 2560 motmodem - ok 14:12:59.0421 2560 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys 14:12:59.0546 2560 Mouclass - ok 14:12:59.0578 2560 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys 14:12:59.0703 2560 mouhid - ok 14:12:59.0734 2560 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 14:12:59.0859 2560 MountMgr - ok 14:12:59.0890 2560 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 14:13:00.0015 2560 mraid35x - ok 14:13:00.0031 2560 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 14:13:00.0140 2560 MRxDAV - ok 14:13:00.0203 2560 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 14:13:00.0250 2560 MRxSmb - ok 14:13:00.0281 2560 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 14:13:00.0406 2560 Msfs - ok 14:13:00.0437 2560 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 14:13:00.0562 2560 MSKSSRV - ok 14:13:00.0593 2560 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 14:13:00.0734 2560 MSPCLOCK - ok 14:13:00.0750 2560 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 14:13:00.0875 2560 MSPQM - ok 14:13:00.0906 2560 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 14:13:01.0046 2560 mssmbios - ok 14:13:01.0062 2560 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 14:13:01.0203 2560 MSTEE - ok 14:13:01.0234 2560 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 14:13:01.0265 2560 Mup - ok 14:13:01.0281 2560 MusCAudio (5d91f3641f1bf88ca9a9d558db82b87c) C:\WINDOWS\system32\drivers\MusCAudio.sys 14:13:12.0531 2560 MusCAudio ( UnsignedFile.Multi.Generic ) - warning 14:13:12.0531 2560 MusCAudio - detected UnsignedFile.Multi.Generic (1) 14:13:12.0609 2560 MusCVideo (dc1f5f9b241159d8de5e2d494dc1ba77) C:\WINDOWS\system32\DRIVERS\MusCVideo.sys 14:13:12.0625 2560 MusCVideo ( UnsignedFile.Multi.Generic ) - warning 14:13:12.0625 2560 MusCVideo - detected UnsignedFile.Multi.Generic (1) 14:13:12.0656 2560 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys 14:13:12.0687 2560 MxlW2k ( UnsignedFile.Multi.Generic ) - warning 14:13:12.0687 2560 MxlW2k - detected UnsignedFile.Multi.Generic (1) 14:13:12.0718 2560 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 14:13:12.0828 2560 NABTSFEC - ok 14:13:12.0859 2560 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 14:13:12.0984 2560 NDIS - ok 14:13:13.0000 2560 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 14:13:13.0125 2560 NdisIP - ok 14:13:13.0156 2560 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 14:13:13.0187 2560 NdisTapi - ok 14:13:13.0218 2560 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 14:13:13.0328 2560 Ndisuio - ok 14:13:13.0359 2560 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 14:13:13.0484 2560 NdisWan - ok 14:13:13.0515 2560 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 14:13:13.0593 2560 NDProxy - ok 14:13:13.0609 2560 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 14:13:13.0734 2560 NetBIOS - ok 14:13:13.0750 2560 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 14:13:13.0875 2560 NetBT - ok 14:13:13.0937 2560 NETMDUSB (55621d89ce500092cb3f136bed3c2854) C:\WINDOWS\system32\Drivers\NETMD052.sys 14:13:13.0984 2560 NETMDUSB - ok 14:13:14.0015 2560 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 14:13:14.0156 2560 NIC1394 - ok 14:13:14.0171 2560 Nmpdrv_N - ok 14:13:14.0171 2560 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 14:13:14.0296 2560 Npfs - ok 14:13:14.0328 2560 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 14:13:14.0468 2560 Ntfs - ok 14:13:14.0515 2560 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 14:13:14.0625 2560 Null - ok 14:13:14.0640 2560 nvatabus (06f86506555644cba020cd2cffe28668) C:\WINDOWS\system32\DRIVERS\NVATABUS.SYS 14:13:14.0656 2560 nvatabus ( UnsignedFile.Multi.Generic ) - warning 14:13:14.0656 2560 nvatabus - detected UnsignedFile.Multi.Generic (1) 14:13:14.0671 2560 nvraid (e182f94d65deda3668c23ee5bc8e980f) C:\WINDOWS\system32\DRIVERS\NVRAID.SYS 14:13:14.0703 2560 nvraid ( UnsignedFile.Multi.Generic ) - warning 14:13:14.0703 2560 nvraid - detected UnsignedFile.Multi.Generic (1) 14:13:14.0734 2560 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 14:13:14.0843 2560 NwlnkFlt - ok 14:13:14.0875 2560 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 14:13:15.0000 2560 NwlnkFwd - ok 14:13:15.0015 2560 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 14:13:15.0125 2560 ohci1394 - ok 14:13:15.0156 2560 P3 (c6547b4d2394c254030299761ec97259) C:\WINDOWS\system32\DRIVERS\p3.sys 14:13:15.0281 2560 P3 - ok 14:13:15.0296 2560 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys 14:13:15.0421 2560 Parport - ok 14:13:15.0437 2560 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 14:13:15.0546 2560 PartMgr - ok 14:13:15.0578 2560 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys 14:13:15.0687 2560 ParVdm - ok 14:13:15.0718 2560 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys 14:13:15.0843 2560 PCI - ok 14:13:15.0843 2560 PCIDump - ok 14:13:15.0859 2560 PCIIde - ok 14:13:15.0890 2560 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys 14:13:16.0015 2560 Pcmcia - ok 14:13:16.0046 2560 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys 14:13:16.0062 2560 pcouffin ( UnsignedFile.Multi.Generic ) - warning 14:13:16.0062 2560 pcouffin - detected UnsignedFile.Multi.Generic (1) 14:13:16.0078 2560 PDCOMP - ok 14:13:16.0078 2560 PDFRAME - ok 14:13:16.0093 2560 PDRELI - ok 14:13:16.0109 2560 PDRFRAME - ok 14:13:16.0125 2560 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\penclass.sys 14:13:16.0140 2560 PenClass ( UnsignedFile.Multi.Generic ) - warning 14:13:16.0140 2560 PenClass - detected UnsignedFile.Multi.Generic (1) 14:13:16.0171 2560 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 14:13:16.0281 2560 perc2 - ok 14:13:16.0296 2560 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 14:13:16.0406 2560 perc2hib - ok 14:13:16.0453 2560 Point32 (b4f59a953ef9e507f0d00c3a68580b8b) C:\WINDOWS\system32\DRIVERS\point32.sys 14:13:16.0531 2560 Point32 - ok 14:13:16.0546 2560 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 14:13:16.0671 2560 PptpMiniport - ok 14:13:16.0703 2560 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 14:13:16.0812 2560 PSched - ok 14:13:16.0828 2560 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 14:13:16.0968 2560 Ptilink - ok 14:13:16.0984 2560 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys 14:13:17.0000 2560 PxHelp20 - ok 14:13:17.0015 2560 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 14:13:17.0140 2560 ql1080 - ok 14:13:17.0156 2560 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 14:13:17.0281 2560 Ql10wnt - ok 14:13:17.0296 2560 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 14:13:17.0406 2560 ql12160 - ok 14:13:17.0421 2560 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 14:13:17.0531 2560 ql1240 - ok 14:13:17.0562 2560 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 14:13:17.0687 2560 ql1280 - ok 14:13:17.0703 2560 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 14:13:17.0828 2560 RasAcd - ok 14:13:17.0843 2560 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 14:13:17.0968 2560 Rasl2tp - ok 14:13:17.0984 2560 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 14:13:18.0093 2560 RasPppoe - ok 14:13:18.0109 2560 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 14:13:18.0234 2560 Raspti - ok 14:13:18.0250 2560 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 14:13:18.0375 2560 Rdbss - ok 14:13:18.0375 2560 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 14:13:18.0500 2560 RDPCDD - ok 14:13:18.0531 2560 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 14:13:18.0656 2560 rdpdr - ok 14:13:18.0703 2560 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 14:13:18.0750 2560 RDPWD - ok 14:13:18.0765 2560 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys 14:13:18.0890 2560 redbook - ok 14:13:18.0921 2560 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys 14:13:19.0046 2560 RFCOMM - ok 14:13:19.0093 2560 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 14:13:19.0187 2560 Secdrv - ok 14:13:19.0203 2560 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 14:13:19.0328 2560 serenum - ok 14:13:19.0343 2560 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys 14:13:19.0468 2560 Serial - ok 14:13:19.0500 2560 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 14:13:19.0625 2560 Sfloppy - ok 14:13:19.0640 2560 Simbad - ok 14:13:19.0671 2560 SiS300i (c1e381b6e480dd936d92e1aed5be29c4) C:\WINDOWS\system32\DRIVERS\sis300ip.sys 14:13:19.0812 2560 SiS300i - ok 14:13:19.0843 2560 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 14:13:19.0953 2560 sisagp - ok 14:13:19.0984 2560 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys 14:13:20.0109 2560 SISNIC - ok 14:13:20.0125 2560 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 14:13:20.0250 2560 SLIP - ok 14:13:20.0281 2560 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 14:13:20.0343 2560 Sparrow - ok 14:13:20.0359 2560 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 14:13:20.0484 2560 splitter - ok 14:13:20.0546 2560 sptd (a7ab75cd9a97bd06b82c8359a86907d6) C:\WINDOWS\system32\Drivers\sptd.sys 14:13:20.0640 2560 sptd ( UnsignedFile.Multi.Generic ) - warning 14:13:20.0640 2560 sptd - detected UnsignedFile.Multi.Generic (1) 14:13:20.0656 2560 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys 14:13:20.0718 2560 sr - ok 14:13:20.0765 2560 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 14:13:20.0843 2560 Srv - ok 14:13:20.0875 2560 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 14:13:21.0000 2560 streamip - ok 14:13:21.0031 2560 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 14:13:21.0140 2560 swenum - ok 14:13:21.0156 2560 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 14:13:21.0281 2560 swmidi - ok 14:13:21.0312 2560 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 14:13:21.0421 2560 symc810 - ok 14:13:21.0437 2560 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 14:13:21.0578 2560 symc8xx - ok 14:13:21.0578 2560 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 14:13:21.0703 2560 sym_hi - ok 14:13:21.0718 2560 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 14:13:21.0843 2560 sym_u3 - ok 14:13:21.0859 2560 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 14:13:21.0984 2560 sysaudio - ok 14:13:22.0015 2560 tap0901 (11d34fc869f5bda29949fe3858380894) C:\WINDOWS\system32\DRIVERS\tap0901.sys 14:13:22.0046 2560 tap0901 ( UnsignedFile.Multi.Generic ) - warning 14:13:22.0046 2560 tap0901 - detected UnsignedFile.Multi.Generic (1) 14:13:22.0078 2560 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys 14:13:22.0093 2560 taphss - ok 14:13:22.0140 2560 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 14:13:22.0218 2560 Tcpip - ok 14:13:22.0250 2560 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 14:13:22.0390 2560 TDPIPE - ok 14:13:22.0421 2560 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 14:13:22.0546 2560 TDTCP - ok 14:13:22.0562 2560 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 14:13:22.0687 2560 TermDD - ok 14:13:22.0734 2560 TosIde (5bc2144ab4f6090f12e49e9648b5a702) C:\WINDOWS\system32\DRIVERS\toside.sys 14:13:22.0843 2560 TosIde - ok 14:13:22.0875 2560 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 14:13:23.0000 2560 Udfs - ok 14:13:23.0015 2560 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 14:13:23.0078 2560 ultra - ok 14:13:23.0125 2560 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 14:13:23.0250 2560 Update - ok 14:13:23.0312 2560 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys 14:13:23.0359 2560 USBAAPL - ok 14:13:23.0390 2560 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 14:13:23.0500 2560 usbaudio - ok 14:13:23.0531 2560 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 14:13:23.0640 2560 usbccgp - ok 14:13:23.0671 2560 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 14:13:23.0781 2560 usbehci - ok 14:13:23.0812 2560 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 14:13:23.0937 2560 usbhub - ok 14:13:23.0968 2560 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 14:13:24.0093 2560 usbohci - ok 14:13:24.0125 2560 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 14:13:24.0250 2560 usbprint - ok 14:13:24.0281 2560 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 14:13:24.0406 2560 usbscan - ok 14:13:24.0453 2560 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys 14:13:24.0578 2560 usbser - ok 14:13:24.0593 2560 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 14:13:24.0718 2560 USBSTOR - ok 14:13:24.0734 2560 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 14:13:24.0859 2560 usbuhci - ok 14:13:24.0906 2560 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys 14:13:24.0937 2560 vaxscsi - ok 14:13:24.0984 2560 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 14:13:25.0109 2560 VgaSave - ok 14:13:25.0140 2560 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 14:13:25.0265 2560 viaagp - ok 14:13:25.0281 2560 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 14:13:25.0390 2560 ViaIde - ok 14:13:25.0406 2560 viasraid (ebe101c01d80a42868f57b327be1b564) C:\WINDOWS\system32\DRIVERS\VIASRAID.SYS 14:13:25.0421 2560 viasraid ( UnsignedFile.Multi.Generic ) - warning 14:13:25.0421 2560 viasraid - detected UnsignedFile.Multi.Generic (1) 14:13:25.0453 2560 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys 14:13:25.0578 2560 VolSnap - ok 14:13:25.0625 2560 vsdatant (3b169081214c8c39e0a36e590d934c32) C:\WINDOWS\system32\vsdatant.sys 14:13:25.0921 2560 vsdatant - ok 14:13:26.0046 2560 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 14:13:26.0171 2560 Wanarp - ok 14:13:26.0218 2560 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 14:13:26.0265 2560 Wdf01000 - ok 14:13:26.0281 2560 WDICA - ok 14:13:26.0312 2560 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 14:13:26.0437 2560 wdmaud - ok 14:13:26.0500 2560 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 14:13:26.0625 2560 WSTCODEC - ok 14:13:26.0671 2560 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 14:13:26.0750 2560 WudfPf - ok 14:13:26.0765 2560 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 14:13:26.0781 2560 WudfRd - ok 14:13:26.0812 2560 MBR (0x1B8) (318a7e11ce7d042a1572dc86d676a542) \Device\Harddisk0\DR0 14:13:26.0921 2560 \Device\Harddisk0\DR0 - ok 14:13:26.0968 2560 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR5 14:13:42.0109 2560 \Device\Harddisk1\DR5 - ok 14:13:42.0109 2560 Boot (0x1200) (0740b193e745b233abf2a47e5a8496d9) \Device\Harddisk0\DR0\Partition0 14:13:42.0109 2560 \Device\Harddisk0\DR0\Partition0 - ok 14:13:42.0140 2560 Boot (0x1200) (942e7527b3cb7d95a373ea52eab6e0b6) \Device\Harddisk0\DR0\Partition1 14:13:42.0140 2560 \Device\Harddisk0\DR0\Partition1 - ok 14:13:42.0156 2560 Boot (0x1200) (280936318516fa5fac4c30777de99c37) \Device\Harddisk0\DR0\Partition2 14:13:42.0156 2560 \Device\Harddisk0\DR0\Partition2 - ok 14:13:42.0171 2560 Boot (0x1200) (b7efd5567098e5f75e87d4003fc40dbf) \Device\Harddisk1\DR5\Partition0 14:13:42.0171 2560 \Device\Harddisk1\DR5\Partition0 - ok 14:13:42.0171 2560 ============================================================ 14:13:42.0171 2560 Scan finished 14:13:42.0171 2560 ============================================================ 14:13:43.0062 1900 Deinitialize success ============================================== System Restore Point Check: TDSSKiller Starter Restore Point Created Succesfully ============================================== Older logs ============================================== C:\TDSSKiller.2.6.18.0_14.11.2011_10.16.28_log.txt ============================================== EOF
  • Mooi, nu ComboFix gaan doen.
  • ComboFix 12-03-04.02 - gebruiker 05-03-2012 14:54:13.27.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1521 [GMT 1:00] Gestart vanuit: d:\downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\gebruiker\Local Settings\Application Data\assembly\tmp c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\SET121.tmp c:\windows\system32\SET126.tmp c:\windows\system32\SET12D.tmp c:\windows\system32\SET174.tmp c:\windows\system32\SET175.tmp c:\windows\system32\setb0.tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))) . . 2012-03-05 13:11 . 2012-03-05 13:13 -------- dc----w- C:\TDSSStarter 2012-03-02 19:42 . 2012-03-02 19:44 -------- dc-h--w- c:\windows\ie8 2012-03-02 18:07 . 2012-03-05 12:59 -------- d--h--r- c:\documents and settings\gebruiker\Onlangs geopend 2012-03-01 11:00 . 2012-03-01 11:00 -------- d-----w- c:\program files\Microsoft Silverlight 2012-02-16 10:09 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-02-16 10:09 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-12 17:20 . 2005-03-01 20:21 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl 2011-12-17 19:42 . 2005-03-01 20:21 916992 ----a-w- c:\windows\system32\wininet.dll 2011-12-17 19:42 . 2005-03-01 20:19 43520 ------w- c:\windows\system32\licmgr10.dll 2011-12-17 19:42 . 2005-03-01 20:19 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-12-16 12:23 . 2005-03-01 20:18 385024 ------w- c:\windows\system32\html.iec 2011-12-10 14:24 . 2011-06-18 06:03 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-16 15:12 . 2011-07-18 05:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2008-04-24 368640] "SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JWOSetup"="JWOSetup.exe -en" [X] "SoundMan"="SOUNDMAN.EXE" [2003-12-19 65024] "ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256] "AudioCommander"="c:\program files\Andrea Electronics\AudioCommander\AudioCommander.exe" [2008-08-29 888832] "AEFltrs"="c:\program files\Andrea Electronics\AudioCommander\AEFltrs.exe" [2008-08-29 741376] "VoiceCenter"="c:\program files\Andrea Electronics\VoiceCenter\AndreaVC.exe" [2008-07-31 1134592] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ PHOTOfunSTUDIO 5.0 HD Edition.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-8-4 170480] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk backup=c:\windows\pss\Google Updater.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^TabUserW.exe.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\TabUserW.exe.lnk backup=c:\windows\pss\TabUserW.exe.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^gebruiker^Menu Start^Programma's^Opstarten^Last.fm Helper.lnk] path=c:\documents and settings\gebruiker\Menu Start\Programma's\Opstarten\Last.fm Helper.lnk backup=c:\windows\pss\Last.fm Helper.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] 2007-08-31 10:01 1037736 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2005-02-16 15:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2005-02-16 15:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-04-26 23:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype] 2007-08-31 19:13 988584 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2004-04-28 13:10 73728 ------w- c:\program files\Logitech\MediaLife\MediaLifeService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck] 2003-11-10 14:06 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 15:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Soulseek\\slsk.exe"= "c:\\Program Files\\DropUpload\\DropUpLoad.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\GigaTribe\\gigatribe.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4210:TCP"= 4210:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22-2-2011 7:13 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16-3-2011 15:03 32592] R0 fasttrak;fasttrak;c:\windows\system32\drivers\fasttrak.sys [11-11-2004 16:52 70656] R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [11-11-2004 16:53 77312] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-1-2011 5:41 230608] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4-4-2011 23:59 295248] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12-10-2011 6:25 4433248] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2-8-2011 5:09 192776] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14-4-2011 20:28 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10-2-2011 6:53 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10-2-2011 6:53 16720] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384] S2 Nmpdrv_N;Nmpdrv_N USB Controller Service; [x] S3 aeaudio2;AE USB Audio Driver2 (WDM);c:\windows\system32\drivers\AEAudio2.sys [21-12-2009 16:18 113664] S3 aeaudiol;AE USB Audio Driver-Lower (WDM);c:\windows\system32\drivers\AEAudioL.sys [21-12-2009 16:18 15104] S3 EMCR;EMCR;c:\windows\system32\drivers\emcr7sk.sys [11-11-2004 16:52 68224] S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [31-10-2008 16:11 23096] S3 MusCVideo;MusCVideo;c:\windows\system32\drivers\MusCVideo.sys [31-10-2008 16:11 3768] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [21-9-2008 15:19 47360] S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [21-9-2008 16:06 223128] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21-9-2008 16:00 642560] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - 25251062 *Deregistered* - 25251062 . Inhoud van de 'Gedeelde Taken' map . 2012-01-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = localhost;*.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: DhcpNameServer = 213.46.228.196 62.179.104.196 DPF: {1D185838-009D-47C8-824B-B65B4854430E} - hxxp://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} - hxxp://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab FF - ProfilePath - c:\documents and settings\gebruiker\Application Data\Mozilla\Firefox\Profiles\0a42b5n7.Standaardgebruiker\ FF - prefs.js: browser.startup.homepage - www.google.nl . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) MSConfigStartUp-{0228e555-4f9c-4e35-a3ec-b109a192b4c2} - c:\program files\Google\Gmail Notifier\gnotify.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-05 15:01 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•¤|ÿÿÿÿ•¤|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1228) c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2012-03-05 15:04:11 ComboFix-quarantined-files.txt 2012-03-05 14:04 ComboFix2.txt 2011-11-17 13:06 . Pre-Run: 17.387.540.480 bytes beschikbaar Post-Run: 17.414.328.320 bytes beschikbaar . - - End Of File - - 549FEC9FFDDF50B300D5A353F4C276F4
  • Laat ook weten hoe jouw Windows inmiddels draait. Doe nu [b:57177f5aeb][url=http://www.eset.com/onlinescan/]de ESET online scan (Klik).[/url][/b:57177f5aeb] [list:57177f5aeb] [*:57177f5aeb]Klik op de knop [b:57177f5aeb]ESET Online Scanner[/b:57177f5aeb] [*:57177f5aeb]Zet een vinkje bij [b:57177f5aeb]YES, I accept the Terms of Use[/b:57177f5aeb] [*:57177f5aeb]Klik op [b:57177f5aeb]Start[/b:57177f5aeb] [*:57177f5aeb]Sta het ActiveX control toe om te installeren. [*:57177f5aeb]Zet een vinkje bij de volgende opties: [list:57177f5aeb][*:57177f5aeb][b:57177f5aeb]Remove found threats[/b:57177f5aeb] [*:57177f5aeb][b:57177f5aeb]Scan archives[/b:57177f5aeb][/list:u:57177f5aeb] [*:57177f5aeb]Klik vervolgens op [b:57177f5aeb][color=#0000FF:57177f5aeb]"Advanced Settings"[/color:57177f5aeb][/b:57177f5aeb] [list:57177f5aeb][*:57177f5aeb][b:57177f5aeb]Scan for potentially unwanted applications[/b:57177f5aeb] [*:57177f5aeb][b:57177f5aeb]Scan for potentially unsafe applications[/b:57177f5aeb] [*:57177f5aeb][b:57177f5aeb]Enable Anti-Stealth technology [/b:57177f5aeb][/list:u:57177f5aeb] [*:57177f5aeb]Klik op [b:57177f5aeb]Start[/b:57177f5aeb] [*:57177f5aeb]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld. [*:57177f5aeb]is de scan klaar, daarna mag jij het venster sluiten omdat de scan klaar is. [*:57177f5aeb]Ga vervolgens naar C:\Program Files\ESET\ESET Online Scanner en klik daar op log.txt [*:57177f5aeb]Selekteer, kopieer en plak dan de inhoud van dit log in je volgende bericht.[/list:u:57177f5aeb] [color=#0000FF:57177f5aeb][b:57177f5aeb]N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller![/b:57177f5aeb][/color:57177f5aeb]
  • Het surfen gaat nog steeds traag, gek genoeg sommige websites niet. Heb even geduld met de volgende opdracht.
  • Eset geeft een foutmelding: 'Cannot get update, is proxy configured?' Ik heb hokje aangevinkt bij 'use custom proxy settings' maar het helpt niet.
  • Ben jij alleen via proxy met het internet verbonden dan?
  • Ik weet het niet, maar via Explorer lukte het wel, hierbij de logfile: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=eb622b1f313ed4408a9bb3806b7bc241 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-03-05 05:27:01 # local_time=2012-03-05 06:27:01 (+0100, West-Europa (standaardtijd)) # country="Netherlands" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 142659164 142659164 0 0 # compatibility_mode=1024 16777191 100 0 11250972 11250972 0 0 # compatibility_mode=8192 67108863 100 0 54090066 54090066 0 0 # scanned=96324 # found=2 # cleaned=2 # scan_time=4804 C:\Documents and Settings\gebruiker\Local Settings\Application Data\{167B9073-5929-4AAD-AE87-68A9BEB3D796}\Pando.msi probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{C58A4D17-03AA-4271-B93C-2EC0745D0B29}\RP30\A0008103.msi probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
  • De systeemherstelpunten dienen alle geflushed te worden, want deze zijn niet meer te vertrouwen. [b:2c9833a675]Systeemherstelpunten opschonen[/b:2c9833a675] Klik met rechts op [b:2c9833a675]Deze computer [/b:2c9833a675]en klik op [b:2c9833a675]Eigenschappen[/b:2c9833a675]. [list:2c9833a675][*:2c9833a675] In het venster Systeemeigenschappen klik je op de tab [b:2c9833a675]Systeemherstel[/b:2c9833a675] [*:2c9833a675] Zet nu een vinkje bij [b:2c9833a675]Systeemherstel op alle statons uitschakelen[/b:2c9833a675] [*:2c9833a675] Klik vervolgens op de knoppen [b:2c9833a675]Toepassen[/b:2c9833a675] en [b:2c9833a675]OK[/b:2c9833a675] [*:2c9833a675] Herstart nu je computer, daardoor worden alle herstelpunten, dus ook de vervuilde, gewist. [*:2c9833a675] Na de herstart van jouw PC ga je via dezelfde weg Systeemherstel weer inschakelen. [/list:u:2c9833a675] Laat ook weten hoe jouw Windows inmiddels draait.
  • [quote:9ed1a0775e="Abraham54"]De systeemherstelpunten dienen alle geflushed te worden, want deze zijn niet meer te vertrouwen. [b:9ed1a0775e]Systeemherstelpunten opschonen[/b:9ed1a0775e] Klik met rechts op [b:9ed1a0775e]Deze computer [/b:9ed1a0775e]en klik op [b:9ed1a0775e]Eigenschappen[/b:9ed1a0775e]. [list:9ed1a0775e][*:9ed1a0775e] In het venster Systeemeigenschappen klik je op de tab [b:9ed1a0775e]Systeemherstel[/b:9ed1a0775e] [*:9ed1a0775e] Zet nu een vinkje bij [b:9ed1a0775e]Systeemherstel op alle statons uitschakelen[/b:9ed1a0775e] [*:9ed1a0775e] Klik vervolgens op de knoppen [b:9ed1a0775e]Toepassen[/b:9ed1a0775e] en [b:9ed1a0775e]OK[/b:9ed1a0775e] [*:9ed1a0775e] Herstart nu je computer, daardoor worden alle herstelpunten, dus ook de vervuilde, gewist. [*:9ed1a0775e] Na de herstart van jouw PC ga je via dezelfde weg Systeemherstel weer inschakelen. [/list:u:9ed1a0775e] Laat ook weten hoe jouw Windows inmiddels draait.[/quote:9ed1a0775e] Het lijkt sneller te gaan, maar 's avonds gaat het altijd sneller. Fijn dat er twee zaken zijn gevonden. Zal ik die uit de quarantaine deleten?
  • Nope. Alle herstelpunten zoals al aangaf!
  • [quote:1c722feb32="Abraham54"]Nope. Alle herstelpunten zoals al aangaf![/quote:1c722feb32] Is al gebeurd. De eerste 'trojan' is trouwens een 'false positive': http://www.pando.com/phpbb/viewtopic.php?f=25&t=10716
  • Wat ik nu weet van Pando, is dat het een filesharing programma is. Dus P2P. En P2P-programma's zijn altijd verdacht! Vermoedelijk ook dat je via dit netwerk besmet bent geraakt.
  • [quote:6389e10050="Abraham54"]Wat ik nu weet van Pando, is dat het een filesharing programma is. Dus P2P. En P2P-programma's zijn altijd verdacht! Vermoedelijk ook dat je via dit netwerk besmet bent geraakt.[/quote:6389e10050] Ik heb het programma al een tijd geleden verwijderd.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.