Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Bootsector is vernaggelt door virus/trojan?

Anoniem
None
24 antwoorden
  • Sinds afgelopen dinsdag krijg ik na het opstarten een progamma op mijn scherm HHDrecovery die ik nooit heb geïnstalleerd en dat onding kan je ook niet afbreken. Sterker nog daarna is het onmogelijk nog normaal te kunnen werken.

    Als ik HitmanPro 3.5 draai krijg ik als eerste de volgende melding:

    "Mogelijke variant van TDL3(alias Alureon) rootkit gevonden.
    Deze device-stack van de harde schijf bevat een verwijzing naar een onzichtbaar stuurprogramma. Dit heeft wellicht effect op de ontdekking van schadelijke software."

    Daarna krijg ik een opsomming van de nodige malware en tracking cookie en ook de volgende melding:
    "Master Boot Sector (0) C:$MBR"

    Ik laat alles door HitmanPro verwijderen maar adtmd.com (tracking cookie) kan niet worden verwijderd.

    Naast deze actie ben ik ook bij MS op bezoek geweest en hun oplossingen (fix bootsector) etc. uitgevoerd maar helaas zonder resultaat.

    Ook valt het mij op dat steeds Java 6 wordt geladen als ik opstart.

    Ik werk met Windows 7 home premium en gebruik de meest recente versie van McAfee met de laatste update van vandaag.

    Feitelijk heb ik geen behoefte aan een nieuwe installatie dus weet iemand nog een andere oplossing?

    Ook alle hier gedeponeerde mogelijke oplossingen gezocht maar helaas niets mocht baten.
  • Je kan maar beter je computer scannen met MBAM en HijackThis, en allebei de logs opnieuw posten bij beveiliging ,een expert kan je dan wellicht verder helpen. Wel MBAM eerst updaten.

    http://www.idealsoftware.nl/MBAM/

    http://free.antivirus.com/hijackthis/
  • Hier nog wat info over je Rootkit.
    http://www.nucia.eu/forum/blog.php?b=124

    Ik zou de stappen ondernemen in mijn vorige post. Op dit forum hebben we gelukkig een prima helper voor dit erg moeilijke probleem :)
  • Hijack This

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 19:23:53, on 12-12-2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.7930.16406)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    C:\Program Files\SweetIM\Messenger\SweetIM.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Users\ADMINI~1\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
    C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
    C:\Program Files\Sitecom\MFP Server Control Center\Control Center.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform
    mctxth.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Pure Networks\Network Magic
    mapp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101210032845.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [Acronis Scheduler2Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
    O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1043
    O4 - HKLM\..\Run: [Control Center] C:\Program Files\Sitecom\MFP Server Control Center\Control Center.exe -mini
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform
    mctxth.exe"
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe"
    unkey
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic
    mapp.exe" -autorun -nosplash
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-795674311-2136773904-2841572789-1000\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (User 'Piet')
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform
    msrvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
    vvsvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


    End of file - 13061 bytes






  • Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Databaseversie: 5302

    Windows 6.1.7600
    Internet Explorer 9.0.7930.16406

    12-12-2010 18:50:03
    mbam-log-2010-12-12 (18-49-52).txt

    Scantype: Snelle scan
    Objecten gescand: 165604
    Verstreken tijd: 8 minuut/minuten, 34 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 1
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 24

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ykege (Trojan.Agent.U) -> Value: Ykege -> No action taken.

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    c:\Users\Piet\AppData\Local\Temp\err.log13000514 (Spyware.Passwords.XGen) -> No action taken.
    c:\Users\Piet\AppData\Local\Temp\err.log136204 (Spyware.Passwords.XGen) -> No action taken.
    c:\Users\Piet\AppData\Local\Temp\err.log137343 (Spyware.Passwords.XGen) -> No action taken.
    c:\Users\Piet\AppData\Local\Temp\err.log151851 (Spyware.Passwords.XGen) -> No action taken.
    c:\Users\Piet\AppData\Local\Temp\err.log1528372 (Spyware.Passwords.XGen) -> No action taken.
    c:\Users\Piet\AppData\Local\Temp\err.log1621521 (Spyware.Passwords.XGen) -> No action taken.
    c:\Users\Piet\AppData\Local\Temp\err.log181943 (Spyware.Passwords.XGen) -> No action taken.
    c:\Users\Piet\AppData\Local\Temp\err.log463775 (Spyware.Passwords.XGen) -> No action taken.
    c:\Users\Piet\AppData\Local\Temp\err.log606407 (Spyware.Passwords.XGen) -> No action taken.
    c:\Users\Piet\AppData\Local\Temp\err.log89669 (Spyware.Passwords.XGen) -> No action taken.
    c:\Users\Piet\AppData\Local\Temp\err.log1016003 (Spyware.Passwords.XGen) -> No action taken.
    c:\Users\Piet\AppData\Roaming\Adobe\plugs\KB637279.exe (Trojan.Agent) -> No action taken.
    c:\Users\Piet\AppData\Roaming\Adobe\plugs\KB682114.exe (Trojan.Agent) -> No action taken.
    c:\Users\Piet\AppData\Local\Temp\0.29279884445233395.exe (Trojan.Dropper) -> No action taken.
    c:\Users\Piet\AppData\Local\Temp\0.2604116642795291.exe (Trojan.Dropper) -> No action taken.
    c:\Users\Piet\AppData\Local\Temp\0.5213648957273006.exe (Trojan.Dropper) -> No action taken.
    c:\Users\Piet\AppData\Local\Temp\0.5311300156693285.exe (Trojan.Dropper) -> No action taken.
    c:\Users\Piet\AppData\Local\Temp\0.6148942065960424.exe (Trojan.Dropper) -> No action taken.
    c:\Users\Piet\AppData\Local\Temp\0.6663112971671306.exe (Trojan.Dropper) -> No action taken.
    c:\Users\Piet\AppData\Local\Temp\0.6875283992978448.exe (Trojan.Dropper) -> No action taken.
    c:\Users\Piet\AppData\Local\Temp\0.9178433867496623.exe (Trojan.Dropper) -> No action taken.
    c:\Users\Piet\AppData\Local\Temp\0.9810876469100616.exe (Trojan.Dropper) -> No action taken.
    c:\Users\Piet\AppData\Local\Temp\0.192726657213096.exe (Trojan.Dropper) -> No action taken.
    c:\Users\Piet\AppData\Local\Temp\0.570459100573628.exe (Trojan.Dropper) -> No action taken.
  • Dank je TheDragon. Ik hoop echt dat iemand mij kan helpen. Want hier wordt ik niet vrolijk van.

    Gamakshalve heb ik beide logs maar in apart posten gezet, lijkt mij makkelijk voor diegene(n) die hier iets van begrijpen.
  • Hoi PC1 - je hebt vergeten de verwijderknop van MBAM te gebruiken!

    Vraag: heb jij software geïnstalleerd, welke is geaktiveerd met keygen of crack?


    Doe nu eerst het volgende: [b:e7dd294abc]download tdsskiller naar je bureaublad (klik)[/b:e7dd294abc]
    [list:e7dd294abc][*:e7dd294abc] pak het bestand uit en klik\dubbelkik erop om het op te starten
    [*:e7dd294abc] Vista en Win 7 gebruikers gebruiken dit tool via rechtsklik en kiezen voor Als Administrator uitvoeren.
    [*:e7dd294abc] indien de scan klaar is, vindt je het log in de C:\ partitie
    [*:e7dd294abc] Post de inhoud van dat log[/list:u:e7dd294abc]


    En in het vervolg, mag je de logs gewoon in één post posten!
  • Ok gedaan maar er zijn geen infecties gevonden? En als adm. uitgevoerd!
  • Wel PC1, post toch maar dat TDDSkiller-log!
  • 2010/12/13 16:41:06.0648 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
    2010/12/13 16:41:06.0648 ================================================================================
    2010/12/13 16:41:06.0648 SystemInfo:
    2010/12/13 16:41:06.0648
    2010/12/13 16:41:06.0648 OS Version: 6.1.7600 ServicePack: 0.0
    2010/12/13 16:41:06.0648 Product type: Workstation
    2010/12/13 16:41:06.0648 ComputerName: LAPTOP_VAN_PIET
    2010/12/13 16:41:06.0648 UserName: Piet
    2010/12/13 16:41:06.0648 Windows directory: C:\Windows
    2010/12/13 16:41:06.0648 System windows directory: C:\Windows
    2010/12/13 16:41:06.0648 Processor architecture: Intel x86
    2010/12/13 16:41:06.0648 Number of processors: 2
    2010/12/13 16:41:06.0648 Page size: 0x1000
    2010/12/13 16:41:06.0648 Boot type: Normal boot
    2010/12/13 16:41:06.0648 ================================================================================
    2010/12/13 16:41:07.0210 Initialize success
    2010/12/13 16:41:12.0748 ================================================================================
    2010/12/13 16:41:12.0748 Scan started
    2010/12/13 16:41:12.0748 Mode: Manual;
    2010/12/13 16:41:12.0748 ================================================================================
    2010/12/13 16:41:13.0809 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2010/12/13 16:41:13.0887 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2010/12/13 16:41:13.0934 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2010/12/13 16:41:14.0027 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2010/12/13 16:41:14.0074 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2010/12/13 16:41:14.0121 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2010/12/13 16:41:14.0168 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
    2010/12/13 16:41:14.0214 afcdp (4bda0a1a340d2787e0dd3f61276a36a2) C:\Windows\system32\DRIVERS\afcdp.sys
    2010/12/13 16:41:14.0277 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2010/12/13 16:41:14.0308 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2010/12/13 16:41:14.0370 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2010/12/13 16:41:14.0433 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2010/12/13 16:41:14.0464 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2010/12/13 16:41:14.0495 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2010/12/13 16:41:14.0542 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2010/12/13 16:41:14.0573 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2010/12/13 16:41:14.0620 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    2010/12/13 16:41:14.0651 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2010/12/13 16:41:14.0682 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    2010/12/13 16:41:14.0729 AnyDVD (40c279a23bd43553bfba6e88a9b38ae2) C:\Windows\system32\Drivers\AnyDVD.sys
    2010/12/13 16:41:14.0776 ApfiltrService (db8ea68e5864adf61b73516788659e71) C:\Windows\system32\DRIVERS\Apfiltr.sys
    2010/12/13 16:41:14.0823 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2010/12/13 16:41:14.0870 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2010/12/13 16:41:14.0916 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2010/12/13 16:41:14.0994 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/12/13 16:41:15.0026 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2010/12/13 16:41:15.0104 athr (8b412ddc62a0510767c5d48192ee1324) C:\Windows\system32\DRIVERS\athr.sys
    2010/12/13 16:41:15.0213 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2010/12/13 16:41:15.0260 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2010/12/13 16:41:15.0322 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2010/12/13 16:41:15.0369 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2010/12/13 16:41:15.0400 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
    2010/12/13 16:41:15.0447 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2010/12/13 16:41:15.0478 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2010/12/13 16:41:15.0525 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2010/12/13 16:41:15.0556 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2010/12/13 16:41:15.0603 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2010/12/13 16:41:15.0618 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2010/12/13 16:41:15.0665 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2010/12/13 16:41:15.0728 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/12/13 16:41:15.0790 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/12/13 16:41:15.0884 cfwids (7e6f7da1c4de5680820f964562548949) C:\Windows\system32\drivers\cfwids.sys
    2010/12/13 16:41:15.0946 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2010/12/13 16:41:16.0008 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2010/12/13 16:41:16.0086 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2010/12/13 16:41:16.0133 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2010/12/13 16:41:16.0180 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2010/12/13 16:41:16.0227 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2010/12/13 16:41:16.0274 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2010/12/13 16:41:16.0305 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2010/12/13 16:41:16.0414 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2010/12/13 16:41:16.0461 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2010/12/13 16:41:16.0508 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2010/12/13 16:41:16.0554 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
    2010/12/13 16:41:16.0617 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
    2010/12/13 16:41:16.0648 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    2010/12/13 16:41:16.0679 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
    2010/12/13 16:41:16.0788 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\Program Files\Launch Manager\DPortIO.sys
    2010/12/13 16:41:16.0835 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2010/12/13 16:41:16.0898 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/12/13 16:41:17.0054 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2010/12/13 16:41:17.0163 ElbyCDIO (fba15c1dd6d7c106a3ac519d97778b7b) C:\Windows\system32\Drivers\ElbyCDIO.sys
    2010/12/13 16:41:17.0210 ElRawDisk (9c64c2a950195f9bc3a09a499648b01c) C:\Windows\system32\drivers\elrawdsk.sys
    2010/12/13 16:41:17.0256 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2010/12/13 16:41:17.0303 enecir (29dcaeb81dde6f154aa4d36b18ecbb1f) C:\Windows\system32\DRIVERS\enecir.sys
    2010/12/13 16:41:17.0366 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2010/12/13 16:41:17.0444 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2010/12/13 16:41:17.0490 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2010/12/13 16:41:17.0537 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2010/12/13 16:41:17.0584 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2010/12/13 16:41:17.0615 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2010/12/13 16:41:17.0662 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2010/12/13 16:41:17.0693 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2010/12/13 16:41:17.0756 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2010/12/13 16:41:17.0787 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/12/13 16:41:17.0834 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    2010/12/13 16:41:17.0880 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2010/12/13 16:41:17.0974 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys
    2010/12/13 16:41:18.0021 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2010/12/13 16:41:18.0052 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/12/13 16:41:18.0099 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2010/12/13 16:41:18.0130 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2010/12/13 16:41:18.0161 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2010/12/13 16:41:18.0224 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2010/12/13 16:41:18.0302 hitmanpro35 (30b90793a568281bef70fa57dde305a2) C:\Windows\system32\drivers\hitmanpro35.sys
    2010/12/13 16:41:18.0364 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2010/12/13 16:41:18.0442 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    2010/12/13 16:41:18.0489 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    2010/12/13 16:41:18.0551 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2010/12/13 16:41:18.0582 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2010/12/13 16:41:18.0629 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/12/13 16:41:18.0660 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    2010/12/13 16:41:18.0738 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2010/12/13 16:41:18.0894 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
    2010/12/13 16:41:18.0988 IntcAzAudAddService (6f62bafe6150f3952f877051c65786fe) C:\Windows\system32\drivers\RTKVHDA.sys
    2010/12/13 16:41:19.0066 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2010/12/13 16:41:19.0144 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/12/13 16:41:19.0191 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/12/13 16:41:19.0238 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2010/12/13 16:41:19.0269 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2010/12/13 16:41:19.0316 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2010/12/13 16:41:19.0347 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2010/12/13 16:41:19.0394 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2010/12/13 16:41:19.0440 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/12/13 16:41:19.0487 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2010/12/13 16:41:19.0534 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2010/12/13 16:41:19.0581 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2010/12/13 16:41:19.0643 KUSBusByTCP (71b30834bb096cedd06e1b6095825811) C:\Windows\system32\Drivers\KUSBusByTCP.sys
    2010/12/13 16:41:19.0690 KUSBusByTCPMasterBus (f1124610c00fd0bc12bc76e3fb51269d) C:\Windows\system32\Drivers\KUSBusByTCPMasterBus.sys
    2010/12/13 16:41:19.0737 L8042Kbd (0f5ae6805ef05dbbe205e5b196cadf31) C:\Windows\system32\DRIVERS\L8042Kbd.sys
    2010/12/13 16:41:19.0799 L8042mou (ee1c6c057a83f93ad9ae7cdf12f0baa0) C:\Windows\system32\DRIVERS\L8042mou.Sys
    2010/12/13 16:41:19.0877 LHidFilt (23d84187822a0020b9f1ea71c7db3193) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    2010/12/13 16:41:19.0940 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2010/12/13 16:41:19.0986 LMouFilt (596499c81cb4b5841f91cfe3f514d202) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    2010/12/13 16:41:20.0018 LMouKE (d1fd76ea56cd653d7b55a0fac96ee416) C:\Windows\system32\DRIVERS\LMouKE.Sys
    2010/12/13 16:41:20.0080 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2010/12/13 16:41:20.0111 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2010/12/13 16:41:20.0142 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2010/12/13 16:41:20.0189 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2010/12/13 16:41:20.0236 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2010/12/13 16:41:20.0361 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2010/12/13 16:41:20.0408 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2010/12/13 16:41:20.0454 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2010/12/13 16:41:20.0517 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\Windows\system32\drivers\mfeapfk.sys
    2010/12/13 16:41:20.0595 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\Windows\system32\drivers\mfeavfk.sys
    2010/12/13 16:41:20.0673 mfebopk (19161b1796cf74a6a326abde309062ba) C:\Windows\system32\drivers\mfebopk.sys
    2010/12/13 16:41:20.0751 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\Windows\system32\drivers\mfefirek.sys
    2010/12/13 16:41:20.0798 mfehidk (0efab2b91b27543fe589de700de07136) C:\Windows\system32\drivers\mfehidk.sys
    2010/12/13 16:41:20.0829 mfenlfk (b4022e16569bbd1a85e68e7e78e68880) C:\Windows\system32\DRIVERS\mfenlfk.sys
    2010/12/13 16:41:20.0891 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\Windows\system32\drivers\mferkdet.sys
    2010/12/13 16:41:20.0969 mfewfpk (183f32c79d1693170df3baecec611125) C:\Windows\system32\drivers\mfewfpk.sys
    2010/12/13 16:41:21.0032 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2010/12/13 16:41:21.0078 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2010/12/13 16:41:21.0125 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/12/13 16:41:21.0172 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2010/12/13 16:41:21.0219 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2010/12/13 16:41:21.0250 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2010/12/13 16:41:21.0281 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2010/12/13 16:41:21.0344 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2010/12/13 16:41:21.0406 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/12/13 16:41:21.0437 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/12/13 16:41:21.0468 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/12/13 16:41:21.0500 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2010/12/13 16:41:21.0531 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2010/12/13 16:41:21.0593 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2010/12/13 16:41:21.0640 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2010/12/13 16:41:21.0671 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2010/12/13 16:41:21.0749 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/12/13 16:41:21.0780 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/12/13 16:41:21.0827 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2010/12/13 16:41:21.0858 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2010/12/13 16:41:21.0905 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/12/13 16:41:21.0936 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2010/12/13 16:41:21.0968 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2010/12/13 16:41:21.0999 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2010/12/13 16:41:22.0077 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS
    wifi.sys
    2010/12/13 16:41:22.0155 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers
    dis.sys
    2010/12/13 16:41:22.0202 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS
    discap.sys
    2010/12/13 16:41:22.0248 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS
    distapi.sys
    2010/12/13 16:41:22.0295 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS
    disuio.sys
    2010/12/13 16:41:22.0342 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS
    diswan.sys
    2010/12/13 16:41:22.0373 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2010/12/13 16:41:22.0420 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS
    etbios.sys
    2010/12/13 16:41:22.0451 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS
    etbt.sys
    2010/12/13 16:41:22.0560 netr28u (972e4066510017fd59e2806cff99fa16) C:\Windows\system32\DRIVERS
    etr28u.sys
    2010/12/13 16:41:22.0623 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS
    frd960.sys
    2010/12/13 16:41:22.0685 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2010/12/13 16:41:22.0716 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers
    siproxy.sys
    2010/12/13 16:41:22.0794 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    2010/12/13 16:41:22.0904 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
    2010/12/13 16:41:22.0935 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2010/12/13 16:41:22.0997 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS
    vm62x32.sys
    2010/12/13 16:41:23.0356 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS
    vlddmkm.sys
    2010/12/13 16:41:23.0684 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS
    vraid.sys
    2010/12/13 16:41:23.0730 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS
    vsmu.sys
    2010/12/13 16:41:23.0762 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS
    vstor.sys
    2010/12/13 16:41:23.0824 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS
    v_agp.sys
    2010/12/13 16:41:23.0871 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2010/12/13 16:41:23.0933 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2010/12/13 16:41:23.0964 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2010/12/13 16:41:23.0996 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2010/12/13 16:41:24.0042 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2010/12/13 16:41:24.0089 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2010/12/13 16:41:24.0136 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2010/12/13 16:41:24.0183 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2010/12/13 16:41:24.0245 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2010/12/13 16:41:24.0370 pnarp (8092d881311b313c99099870f663f888) C:\Windows\system32\DRIVERS\pnarp.sys
    2010/12/13 16:41:24.0510 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/12/13 16:41:24.0620 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2010/12/13 16:41:24.0791 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2010/12/13 16:41:24.0963 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
    2010/12/13 16:41:25.0088 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
    2010/12/13 16:41:25.0134 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
    2010/12/13 16:41:25.0181 purendis (9715050608550825b23507213cae0208) C:\Windows\system32\DRIVERS\purendis.sys
    2010/12/13 16:41:25.0228 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
    2010/12/13 16:41:25.0306 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2010/12/13 16:41:25.0353 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2010/12/13 16:41:25.0384 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2010/12/13 16:41:25.0415 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/12/13 16:41:25.0462 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2010/12/13 16:41:25.0509 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/12/13 16:41:25.0571 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/12/13 16:41:25.0602 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2010/12/13 16:41:25.0680 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/12/13 16:41:25.0727 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2010/12/13 16:41:25.0758 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/12/13 16:41:25.0821 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2010/12/13 16:41:25.0852 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2010/12/13 16:41:25.0899 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2010/12/13 16:41:25.0961 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2010/12/13 16:41:26.0039 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
    2010/12/13 16:41:26.0070 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
    2010/12/13 16:41:26.0102 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
    2010/12/13 16:41:26.0180 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2010/12/13 16:41:26.0242 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2010/12/13 16:41:26.0273 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2010/12/13 16:41:26.0351 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
    2010/12/13 16:41:26.0398 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2010/12/13 16:41:26.0492 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2010/12/13 16:41:26.0523 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2010/12/13 16:41:26.0554 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2010/12/13 16:41:26.0632 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2010/12/13 16:41:26.0710 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2010/12/13 16:41:26.0741 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2010/12/13 16:41:26.0788 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2010/12/13 16:41:26.0835 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    2010/12/13 16:41:26.0897 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2010/12/13 16:41:26.0928 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2010/12/13 16:41:26.0975 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2010/12/13 16:41:27.0053 snapman (ffd9b64db2cd7b74b766c3a8452a5816) C:\Windows\system32\DRIVERS\snapman.sys
    2010/12/13 16:41:27.0162 SNP2UVC (ef1f141a83c61503333569d2862f3999) C:\Windows\system32\DRIVERS\snp2uvc.sys
    2010/12/13 16:41:27.0209 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2010/12/13 16:41:27.0303 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
    2010/12/13 16:41:27.0350 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
    2010/12/13 16:41:27.0381 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/12/13 16:41:27.0443 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2010/12/13 16:41:27.0490 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2010/12/13 16:41:27.0615 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    2010/12/13 16:41:27.0740 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/12/13 16:41:27.0802 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2010/12/13 16:41:27.0849 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2010/12/13 16:41:27.0927 tdrpman255 (dc1ba6e904491a46124cb90c401e8a31) C:\Windows\system32\DRIVERS\tdrpm255.sys
    2010/12/13 16:41:27.0974 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2010/12/13 16:41:28.0005 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2010/12/13 16:41:28.0036 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2010/12/13 16:41:28.0130 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/12/13 16:41:28.0176 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/12/13 16:41:28.0223 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2010/12/13 16:41:28.0270 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    2010/12/13 16:41:28.0348 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2010/12/13 16:41:28.0395 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2010/12/13 16:41:28.0442 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2010/12/13 16:41:28.0488 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    2010/12/13 16:41:28.0535 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    2010/12/13 16:41:28.0566 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/12/13 16:41:28.0613 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/12/13 16:41:28.0644 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2010/12/13 16:41:28.0707 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2010/12/13 16:41:28.0738 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2010/12/13 16:41:28.0769 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    2010/12/13 16:41:28.0816 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2010/12/13 16:41:28.0878 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2010/12/13 16:41:28.0910 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2010/12/13 16:41:28.0956 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    2010/12/13 16:41:29.0003 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    2010/12/13 16:41:29.0034 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2010/12/13 16:41:29.0066 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    2010/12/13 16:41:29.0112 vmm (817da66b1b889fad1dbf669e0e2f3228) C:\Windows\system32\Drivers\vmm.sys
    2010/12/13 16:41:29.0159 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2010/12/13 16:41:29.0190 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2010/12/13 16:41:29.0237 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    2010/12/13 16:41:29.0284 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2010/12/13 16:41:29.0331 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    2010/12/13 16:41:29.0393 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2010/12/13 16:41:29.0456 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/12/13 16:41:29.0471 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/12/13 16:41:29.0549 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2010/12/13 16:41:29.0612 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2010/12/13 16:41:29.0752 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2010/12/13 16:41:29.0783 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2010/12/13 16:41:29.0846 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    2010/12/13 16:41:29.0970 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2010/12/13 16:41:30.0080 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/12/13 16:41:30.0142 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2010/12/13 16:41:30.0189 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2010/12/13 16:41:30.0267 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
    2010/12/13 16:41:30.0392 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
    2010/12/13 16:41:30.0657 ================================================================================
    2010/12/13 16:41:30.0657 Scan finished
    2010/12/13 16:41:30.0657 ================================================================================
















  • Hoi PC1, doe het volgende:


    [b:6af7b62d5a]N.B.: Vista- en Windows 7 gebruik(st)ers starten alle hier vermelde tools middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.[/b:6af7b62d5a]

  • Uninstalllist:

    Aangifte inkomstenbelasting 2009
    Acer Arcade Deluxe
    Acer Crystal Eye webcam
    Acer Crystal Eye Webcam Video Class Camera
    Acer eAudio Management
    Acer eDataSecurity Management
    Acer eLock Management
    Acer Empowering Technology
    Acer eNet Management
    Acer ePower Management
    Acer ePresentation Management
    Acer eSettings Management
    Acer GridVista
    Acer Mobility Center Plug-In
    Acer ScreenSaver
    Acer Tour
    Acronis True Image Home
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.2
    ALDI Print Software
    ALPS Touch Pad Driver
    AnyDVD
    ArcSoft PhotoImpression 6
    Ask Toolbar
    Atheros for Acer Driver v7.3.1.42_Foxconn Installation Program
    AusLogics Registry Defrag
    Batch Image Watermarker 3.5
    Big Kahuna Reef 2
    BUFFALO NAS Navigator
    Cake Mania
    CCleaner
    CDDRV_Installer
    ConvertXtoDVD 3.6.12.174c
    D3DX10
    Davilex Bank Offline Deluxe
    DriverMax 4
    DVD Shrink 3.2
    Dynasty
    EasyBCD 1.7.2
    Feedback Tool
    File Recover 8.0
    Galapago
    Garmin Communicator Plugin
    Garmin USB Drivers
    Garmin WebUpdater
    HDAUDIO Soft Data Fax Modem with SmartCP
    High-Definition Video Playback 10
    HiJackThis
    Hitman Pro 3.5
    Installation of File Sharing Security Level Change Tool
    Java(TM) 6 Update 15
    Junk Mail filter update
    KhalInstallWrapper
    Launch Manager
    Linksys Wireless Manager
    Logitech SetPoint
    Luxor 2
    Malwarebytes' Anti-Malware
    McAfee Internet Security
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile NLD Language Pack
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (Dutch) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (Dutch) 2007
    Microsoft Office Groove MUI (Dutch) 2007
    Microsoft Office InfoPath MUI (Dutch) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (Dutch) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (Dutch) 2007
    Microsoft Office PowerPoint MUI (Dutch) 2007
    Microsoft Office PowerPoint Viewer 2003
    Microsoft Office Proof (Dutch) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proofing (Dutch) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (Dutch) 2007
    Microsoft Office Shared MUI (Dutch) 2007
    Microsoft Office Word MUI (Dutch) 2007
    Microsoft Outlook Reservekopie van persoonlijke mappen
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Virtual PC 2007 SP1
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.13)
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery Case Files - Prime Suspects
    Mystery Case Files Ravenhearst
    Nero 10 ClipartPack
    Nero 10 Menu TemplatePack 1
    Nero 10 Menu TemplatePack 2
    Nero 10 Menu TemplatePack 3
    Nero 10 Menu TemplatePack Basic
    Nero 10 Movie ThemePack 1
    Nero 10 Movie ThemePack 2
    Nero 10 Movie ThemePack Basic
    Nero 10 Sample ImagePack
    Nero 10 Sample Videos
    Nero BackItUp 10
    Nero BackItUp 10 Help (CHM)
    Nero Burning ROM 10
    Nero BurningROM 10 Help (CHM)
    Nero BurnRights 10
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero Core Components 10
    Nero CoverDesigner 10
    Nero CoverDesigner 10 Help (CHM)
    Nero DiscCopy Gadget 10
    Nero DiscCopyGadget 10 Help (CHM)
    Nero DiscSpeed 10
    Nero DiscSpeed 10 Help (CHM)
    Nero Dolby Files 10
    Nero Express 10
    Nero Express 10 Help (CHM)
    Nero InfoTool 10
    Nero InfoTool 10 Help (CHM)
    Nero MediaHub 10
    Nero MediaHub 10 Help (CHM)
    Nero Multimedia Suite 10
    Nero Recode 10
    Nero Recode 10 Help (CHM)
    Nero RescueAgent 10
    Nero RescueAgent 10 Help (CHM)
    Nero SoundTrax 10
    Nero SoundTrax 10 Help (CHM)
    Nero StartSmart 10
    Nero StartSmart 10 Help (CHM)
    Nero Update
    Nero Vision 10
    Nero Vision 10 Help (CHM)
    Nero WaveEditor 10
    Nero WaveEditor 10 Help (CHM)
    neroxml
    Network Magic
    NTI Backup NOW! 4.7
    NTI CD & DVD-Maker
    NVIDIA Display Control Panel
    NVIDIA Drivers
    OVT Scanner X86
    Palm Desktop
    PDF to Word 3
    Picasa 2
    PowerProducer 3.72
    Realtek High Definition Audio Driver
    Recuva
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Sitecom Multi-Function Printserver Control Center
    SIW version 2010.02.10
    SmartFTP Client 3.0 Setup Files (remove only)
    Spelling Dictionaries Support For Adobe Reader 8
    Star Defender 3
    Studio Webdesign 5
    SweetIM for Messenger 2.7
    SweetIM Toolbar for Internet Explorer 3.4
    Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
    Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
    Teletekstbrowser versie 3.4
    The Virtual Forbidden City
    The Virtual Forbidden City
    TheBatchWatermarks
    Treasures of the Deep
    uMark Professional 1.3
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Outlook 2007 Junk Email Filter (KB2443839)
    Update voor Microsoft Office Excel 2007 Help (KB963678)
    Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
    Update voor Microsoft Office Word 2007 Help (KB963665)
    Vopt 9
    Watermark Factory 2
    Windows 7 Upgrade Advisor
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mail
    Windows Live Messenger
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR
    WinUtilities 6.4
    Ziggo Live Televisie Player 1.1.4
    Zuma Deluxe

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 23:18:17, on 13-12-2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.7930.16406)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    C:\Program Files\SweetIM\Messenger\SweetIM.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Users\ADMINI~1\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
    C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
    C:\Program Files\Sitecom\MFP Server Control Center\Control Center.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform
    mctxth.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Pure Networks\Network Magic
    mapp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\System32
    otepad.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101210032845.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [Acronis Scheduler2Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
    O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1043
    O4 - HKLM\..\Run: [Control Center] C:\Program Files\Sitecom\MFP Server Control Center\Control Center.exe -mini
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform
    mctxth.exe"
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe"
    unkey
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic
    mapp.exe" -autorun -nosplash
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform
    msrvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
    vvsvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


    End of file - 12077 bytes

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5308

    Windows 6.1.7600
    Internet Explorer 9.0.7930.16406

    13-12-2010 23:07:45
    mbam-log-2010-12-13 (23-07-45).txt

    Scan type: Quick scan
    Objects scanned: 168761
    Time elapsed: 9 minute(s), 54 second(s)

    Memory Processes Infected: 2
    Memory Modules Infected: 1
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 14

    Memory Processes Infected:
    c:\Users\Piet\AppData\Local\Temp\wlfdduigur.exe (Trojan.Agent) -> 6092 -> Unloaded process successfully.
    c:\Windows\Temp\_ex-08.exe (Trojan.Dropper) -> 736 -> Unloaded process successfully.

    Memory Modules Infected:
    c:\Users\Piet\AppData\Local\Temp\bslvtrkqbl.dll (Trojan.Crypt) -> Delete on reboot.

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\Piet\AppData\Local\Temp\bslvtrkqbl.dll (Trojan.Crypt) -> Delete on reboot.
    c:\Users\Piet\AppData\Local\Temp\wlfdduigur.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Piet\AppData\Local\Temp\tmp15C1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Piet\AppData\Local\Temp\err.log195952 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\Users\Piet\AppData\Local\Temp\err.log662536 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\Users\Piet\AppData\Local\Temp\err.log671256 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\Users\Piet\local settings\temporary internet files\Content.IE5\M7P0Y3NX\setup[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Piet\AppData\Roaming\Adobe\plugs\KB693596.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Piet\AppData\Roaming\Adobe\plugs\KB706918.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Piet\AppData\Roaming\Adobe\plugs\KB734452.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Piet\AppData\Local\Temp\0.35371178479778753.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:\Users\Piet\AppData\Local\Temp\0.5560431250346242.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:\Users\Piet\AppData\Local\Temp\0.8535109944097633.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:\Windows\Temp\_ex-08.exe (Trojan.Dropper) -> Quarantined and deleted successfully.


    Abrahmam54, hier de gevraagde logs. Alles uitgevoerd onder de admin. account en je instructies stap voor stap gevolgd.

    Ik ben je al heel dankbaar dat je mij tot dusver hebt geholpen.







  • Helaas ging het weer fout dus. :cry:
  • Wat ging nu weer fout?

    En de volgende vraag: gezien wat MBAM heeft verwijderd:

    heb jij software in jouw Windows welke jij geactiveerd hebt met keygens en of cracks?
  • Ik kreeg weer dus weer dezelfde problemen na alle acties die je mij had geadviseerd. Zit nu weer voor de zesde keer te herstarten want ik wordt er dus steeds uitgegooid, uit Windows dus en dan krijg een automatische restart.

    En neen, ik heb geen software met cracks o.i.d., alles netjes legaal dus en dat juist om ellende te voorkomen.

    Die verwijdering van MBAM verbaasde mij ook in hoge mate en ik snap daar niks van dus.

    Is het toch niet verstandiger om alles maar opnieuw te installerem? Maar hoe krijg ik die rotzooi dan van schijf af? Want de root wordt toch niet schoongemaakt als je de schijf formatteerd? Of zit ik er nu echt naast?
  • http://www.computer-booster.com/malware-removal
    emove-spyware-passwords-xgen-virus/

    Hier wat meer informatie over het xgen virus, en het verwijderen ervan. Weet niet of het helpt, maar je weet maar nooit. Verder zou je kunnen checken in taakbeheer of er verdachte bestanden actief zijn die heel veel ruimte innemen in het geheugen. Als je geheugen volloopt, kan dat de oorzaak zijn van je reboots. Kijk ook even in de windows logboeken of er wellicht een oorzaak te vinden is voor de reboots.
  • Dank je deep purple, maar ook heeft dit helaas niet kunnen baten.
  • Wat mij opgevallen is dat je gebruik maakt van Acronis. Heb je niet een image beschikbaar, die "schoon" is? Zal wel niet, maar misschien heb je daar niet aan gedacht.
  • Ik ben benieuwd, probeer het volgende:


    Laat Combofix jouw Windows scannen (klik).

    [b:352c1f9454]Hoe Combofix goed te gebruiken (klik)[/b:352c1f9454]
    [list:352c1f9454][*:352c1f9454][b:352c1f9454] Om Combofix te kunnen gebruiken geldt het volgende:[/b:352c1f9454]

    [*:352c1f9454][b:352c1f9454]Vista- en Windows 7 gebruikers starten Combofix op met Administratorrechten!

    [*:352c1f9454]
  • Deep Purple

    Ik had de oudeste image al teruggezet maar die was ook besmet zal ik maar zeggen. Ik maak wekelijks een image en de voorgaande verwijder ik ivm schijfruimtegebrek.

    Abraham54

    Met zeer veel dank, maar ik ben toch overgegaan op een schone install. Ik heb eerst Ubuntu op de laptop gezet en daarna weer Windows 7 dus en tot op heden heb ik geen problemen ondervonden.

    Het spijt mij dat ik laat reageer maar we hadden hier een storing.

    In ieder geval allemaal dank voor de hulp.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.