Vraag & Antwoord
controle HijackThis
18 antwoorden
- Kan iemand deze controleren
vast bedankt
yib
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:56, on 02-05-2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
E:\Program Files\Fraps\fraps.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Program Files\hyjack\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TrueImageMonitor.exe] E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Verzenden naar OneNote - res://E:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - SOURCENEXT - C:\Windows\SysWOW64\bgsvcgen.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - E:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 9038 bytes - Hoi Yibbeda, waarom wil je dat log gecontroleerd hebben - zijn er problemen?
En: ben je van AVG overgestapt naar Avira? - [quote:2459de7af3="Abraham54"]Hoi Yibbeda, waarom wil je dat log gecontroleerd hebben - zijn er problemen?
En: ben je van AVG overgestapt naar Avira?[/quote:2459de7af3]
Altijd avira gehad
maar ik zie steeds wat vreemde lege mappen
enwel in C:\Users\hans\AppData\Local\Microsoft
met als namen
IME12
IMJP8_1
IMJP9_0
IMJP12
staan ook in C:\Users\Hans\AppData\LocalLow\Microsoft
heb ze al een aantal keer verwijder maar komen steeds terug
dus ik vertrouw dit zo erg - Dan heb je denk een probleem inderdaad, niet zozeer wat betreft die aangemerkte mappen overigens.
Daarom nu eerst:
[b:c9209f7c87]Welk programma[/b:c9209f7c87]: Malwarebytes MBAM
[b:c9209f7c87]Waarvoor/waarom[/b:c9209f7c87]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
[b:c9209f7c87]Moeilijkheidsgraad[/b:c9209f7c87]: geen.
[b:c9209f7c87]Download Malwarebytes MBAM via één van deze locaties[/b:c9209f7c87]:
[list:c9209f7c87] [*:c9209f7c87][b:c9209f7c87]Download.com[/b:c9209f7c87]
[*:c9209f7c87][b:c9209f7c87]Softpedia.com[/b:c9209f7c87][*:c9209f7c87][b:c9209f7c87]Majorgeeks.com[/b:c9209f7c87][/list:u:c9209f7c87]
[b:c9209f7c87]Allereerst[/b:c9209f7c87]:[list:c9209f7c87][*:c9209f7c87] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
[*:c9209f7c87] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:c9209f7c87]
[b:c9209f7c87]Malwarebytes MBAM opstarten[/b:c9209f7c87]:
Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
[b:c9209f7c87]Scannen[/b:c9209f7c87]:
[list:c9209f7c87][*:c9209f7c87] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
[*:c9209f7c87]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
[*:c9209f7c87]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:c9209f7c87]
[b:c9209f7c87]Infecties gevonden[/b:c9209f7c87]:
[list:c9209f7c87][*:c9209f7c87]Klik nu eerst op OK om de melding weg te klikken
[*:c9209f7c87]Klik vervolgens rechtsonder op de knop Bekijk resultaten.
[*:c9209f7c87]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
[*:c9209f7c87]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
[*:c9209f7c87]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
[*:c9209f7c87]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:c9209f7c87]
[b:c9209f7c87]MBAM-Log[/b:c9209f7c87]:
[list:c9209f7c87][*:c9209f7c87] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:c9209f7c87]
[b:c9209f7c87]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:c9209f7c87]
En doe ook het volgende:
[b:c9209f7c87]Welk programma[/b:c9209f7c87]: Kaspersky [b:c9209f7c87]TDSSKiller[/b:c9209f7c87]
[b:c9209f7c87]Waarvoor/waarom[/b:c9209f7c87]: Rootkitscanner
[b:c9209f7c87]Moeilijkheidsgraad[/b:c9209f7c87]: geen
[b:c9209f7c87]Downloadlokatie[/b:c9209f7c87]: Dit programma absoluut naar het bureaublad downloaden!
[b:c9209f7c87]Download[/b:c9209f7c87] [b:c9209f7c87]TDSSKiller[/b:c9209f7c87] [b:c9209f7c87]hier[/b:c9209f7c87].
[b:c9209f7c87]Installatie[/b:c9209f7c87]:
[list:c9209f7c87][*:c9209f7c87] pak het bestand uit op je bureaublad.[/list:u:c9209f7c87]
[b:c9209f7c87]TDSSKiller gebruiken[/b:c9209f7c87]:
[list:c9209f7c87][*:c9209f7c87]Windows 2000 en Windows XP: start TDSSKiller middels dubbelklik op TDSSKiller.exe.
[*:c9209f7c87]Windows Vista en Windows 7: start TDSSKiller middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:c9209f7c87]Als Administrator uitvoeren[/b:c9209f7c87].
[*:c9209f7c87] Nadat de scan klaar is, vindt je het log in de C:\ partitie
[*:c9209f7c87] Post de inhoud van dat log[/list:u:c9209f7c87]
[b:c9209f7c87]Samenvattend: hierna post je de inhoud van de volgende logs:[/b:c9209f7c87]
[list:c9209f7c87][*:c9209f7c87] MBAM scanlog
[*:c9209f7c87] TDSSKiller scanlog[/list:u:c9209f7c87] - [quote:97bd267817="Abraham54"]Dan heb je denk een probleem inderdaad, niet zozeer wat betreft die aangemerkte mappen overigens.
[/quote:97bd267817]
eh wat voor probleem dan ???
yib - Post nu maar eerst de logs!
- [quote:a7a1ebfbc9="Abraham54"]Post nu maar eerst de logs![/quote:a7a1ebfbc9]
de eerste log
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Databaseversie: 6493
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
02-05-2011 22:16:09
mbam-log-2011-05-02 (22-16-09).txt
Scantype: Snelle scan
Objecten gescand: 185815
Verstreken tijd: 2 minuut/minuten, 21 seconde(n)
Geheugenprocessen geïnfecteerd: 1
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1
Geheugenprocessen geïnfecteerd:
c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> 2504 -> Unloaded process successfully.
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
en de 2e
daar heeft ie niets gevonden
2011/05/02 22:22:21.0148 4456 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/05/02 22:22:21.0458 4456 ================================================================================
2011/05/02 22:22:21.0458 4456 SystemInfo:
2011/05/02 22:22:21.0458 4456
2011/05/02 22:22:21.0458 4456 OS Version: 6.1.7601 ServicePack: 1.0
2011/05/02 22:22:21.0458 4456 Product type: Workstation
2011/05/02 22:22:21.0458 4456 ComputerName: HANS-PC
2011/05/02 22:22:21.0458 4456 UserName: Hans
2011/05/02 22:22:21.0458 4456 Windows directory: C:\Windows
2011/05/02 22:22:21.0458 4456 System windows directory: C:\Windows
2011/05/02 22:22:21.0458 4456 Running under WOW64
2011/05/02 22:22:21.0458 4456 Processor architecture: Intel x64
2011/05/02 22:22:21.0458 4456 Number of processors: 2
2011/05/02 22:22:21.0458 4456 Page size: 0x1000
2011/05/02 22:22:21.0458 4456 Boot type: Normal boot
2011/05/02 22:22:21.0458 4456 ================================================================================
2011/05/02 22:22:22.0218 4456 Initialize success
2011/05/02 22:22:37.0828 3108 ================================================================================
2011/05/02 22:22:37.0828 3108 Scan started
2011/05/02 22:22:37.0828 3108 Mode: Manual;
2011/05/02 22:22:37.0828 3108 ================================================================================
2011/05/02 22:22:39.0458 3108 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/05/02 22:22:39.0518 3108 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/05/02 22:22:39.0548 3108 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/05/02 22:22:39.0598 3108 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/02 22:22:39.0658 3108 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/02 22:22:39.0698 3108 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/02 22:22:39.0748 3108 afcdp (769b6f7dee0e943712a6316129d4bb0e) C:\Windows\system32\DRIVERS\afcdp.sys
2011/05/02 22:22:39.0798 3108 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/05/02 22:22:39.0828 3108 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/05/02 22:22:39.0868 3108 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/05/02 22:22:39.0888 3108 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/05/02 22:22:39.0918 3108 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/02 22:22:39.0948 3108 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/02 22:22:39.0988 3108 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/05/02 22:22:40.0028 3108 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/02 22:22:40.0058 3108 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/05/02 22:22:40.0108 3108 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/05/02 22:22:40.0158 3108 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/02 22:22:40.0178 3108 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/02 22:22:40.0208 3108 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/02 22:22:40.0228 3108 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/05/02 22:22:40.0268 3108 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/02 22:22:40.0288 3108 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/02 22:22:40.0328 3108 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/02 22:22:40.0378 3108 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/02 22:22:40.0418 3108 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/02 22:22:40.0508 3108 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/02 22:22:40.0548 3108 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/02 22:22:40.0578 3108 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/02 22:22:40.0588 3108 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/02 22:22:40.0628 3108 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/02 22:22:40.0658 3108 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/02 22:22:40.0678 3108 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/02 22:22:40.0688 3108 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/02 22:22:40.0718 3108 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/02 22:22:40.0748 3108 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/02 22:22:40.0778 3108 cdrbsdrv (9456fae4bf8abf6316405724e7ea597e) C:\Windows\system32\drivers\cdrbsdrv.sys
2011/05/02 22:22:40.0808 3108 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/05/02 22:22:40.0848 3108 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/02 22:22:40.0888 3108 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/02 22:22:40.0948 3108 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/02 22:22:40.0988 3108 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/05/02 22:22:41.0038 3108 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/05/02 22:22:41.0068 3108 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/02 22:22:41.0108 3108 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/05/02 22:22:41.0138 3108 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/02 22:22:41.0178 3108 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/05/02 22:22:41.0248 3108 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/05/02 22:22:41.0268 3108 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/02 22:22:41.0308 3108 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/02 22:22:41.0358 3108 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/02 22:22:41.0398 3108 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/02 22:22:41.0478 3108 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/02 22:22:41.0558 3108 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/02 22:22:41.0618 3108 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
2011/05/02 22:22:41.0658 3108 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/05/02 22:22:41.0708 3108 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
2011/05/02 22:22:41.0748 3108 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/02 22:22:41.0778 3108 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/02 22:22:41.0818 3108 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/02 22:22:41.0848 3108 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/02 22:22:41.0878 3108 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/02 22:22:41.0898 3108 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/02 22:22:41.0938 3108 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/05/02 22:22:41.0978 3108 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/02 22:22:42.0008 3108 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/02 22:22:42.0038 3108 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/02 22:22:42.0088 3108 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/02 22:22:42.0148 3108 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/02 22:22:42.0198 3108 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/05/02 22:22:42.0238 3108 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/05/02 22:22:42.0258 3108 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/02 22:22:42.0288 3108 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/02 22:22:42.0318 3108 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/02 22:22:42.0368 3108 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/02 22:22:42.0398 3108 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/05/02 22:22:42.0438 3108 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/05/02 22:22:42.0478 3108 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/02 22:22:42.0538 3108 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/05/02 22:22:42.0578 3108 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/05/02 22:22:42.0618 3108 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/02 22:22:42.0658 3108 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/05/02 22:22:42.0698 3108 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/02 22:22:42.0728 3108 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/02 22:22:42.0778 3108 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/05/02 22:22:42.0818 3108 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/02 22:22:42.0878 3108 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/02 22:22:42.0908 3108 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/05/02 22:22:42.0938 3108 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/05/02 22:22:42.0978 3108 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/02 22:22:42.0988 3108 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/02 22:22:43.0048 3108 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/02 22:22:43.0078 3108 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/02 22:22:43.0108 3108 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/02 22:22:43.0168 3108 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/05/02 22:22:43.0208 3108 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/02 22:22:43.0238 3108 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/05/02 22:22:43.0268 3108 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/02 22:22:43.0298 3108 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/02 22:22:43.0318 3108 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/02 22:22:43.0328 3108 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/02 22:22:43.0368 3108 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/02 22:22:43.0398 3108 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/02 22:22:43.0418 3108 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/02 22:22:43.0458 3108 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/02 22:22:43.0498 3108 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/02 22:22:43.0518 3108 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/02 22:22:43.0558 3108 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/02 22:22:43.0588 3108 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/05/02 22:22:43.0618 3108 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/05/02 22:22:43.0638 3108 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/02 22:22:43.0678 3108 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/05/02 22:22:43.0718 3108 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/02 22:22:43.0738 3108 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/02 22:22:43.0788 3108 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/02 22:22:43.0808 3108 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/05/02 22:22:43.0838 3108 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/05/02 22:22:43.0868 3108 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/02 22:22:43.0898 3108 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/02 22:22:43.0918 3108 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/05/02 22:22:43.0958 3108 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/02 22:22:43.0978 3108 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/02 22:22:43.0988 3108 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/02 22:22:44.0028 3108 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/05/02 22:22:44.0048 3108 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/05/02 22:22:44.0068 3108 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/02 22:22:44.0078 3108 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/02 22:22:44.0108 3108 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/02 22:22:44.0148 3108 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/02 22:22:44.0218 3108 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/05/02 22:22:44.0248 3108 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/02 22:22:44.0288 3108 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/02 22:22:44.0318 3108 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/02 22:22:44.0358 3108 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/02 22:22:44.0398 3108 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/05/02 22:22:44.0418 3108 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/02 22:22:44.0438 3108 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/02 22:22:44.0508 3108 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/02 22:22:44.0578 3108 nmwcd (985a3f046dfcd58e26d3a95283bb8f1d) C:\Windows\system32\drivers\ccdcmbx64.sys
2011/05/02 22:22:44.0618 3108 nmwcdc (5eb41a9656388dc21119ccc33f0ee22a) C:\Windows\system32\drivers\ccdcmbox64.sys
2011/05/02 22:22:44.0648 3108 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/02 22:22:44.0678 3108 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/02 22:22:44.0758 3108 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/05/02 22:22:44.0798 3108 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/02 22:22:45.0108 3108 nvlddmkm (ac8cbe9a0663e88f6429ee5530d5e32b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/02 22:22:45.0248 3108 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/05/02 22:22:45.0268 3108 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/05/02 22:22:45.0328 3108 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/05/02 22:22:45.0358 3108 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/05/02 22:22:45.0448 3108 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/02 22:22:45.0478 3108 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/05/02 22:22:45.0508 3108 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
2011/05/02 22:22:45.0538 3108 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/05/02 22:22:45.0558 3108 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/05/02 22:22:45.0598 3108 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/02 22:22:45.0638 3108 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
2011/05/02 22:22:45.0668 3108 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/02 22:22:45.0698 3108 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/02 22:22:45.0798 3108 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/02 22:22:45.0828 3108 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/02 22:22:45.0898 3108 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/02 22:22:45.0948 3108 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/05/02 22:22:45.0998 3108 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/02 22:22:46.0038 3108 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/02 22:22:46.0078 3108 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/02 22:22:46.0098 3108 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/02 22:22:46.0138 3108 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/02 22:22:46.0178 3108 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/02 22:22:46.0208 3108 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/02 22:22:46.0228 3108 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/02 22:22:46.0268 3108 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/02 22:22:46.0298 3108 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/02 22:22:46.0318 3108 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/02 22:22:46.0358 3108 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/05/02 22:22:46.0378 3108 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/02 22:22:46.0398 3108 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/02 22:22:46.0448 3108 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/05/02 22:22:46.0488 3108 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/05/02 22:22:46.0538 3108 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/05/02 22:22:46.0598 3108 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/02 22:22:46.0638 3108 RTL8167 (4fe1cef69d36e913738234303986fbb3) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/05/02 22:22:46.0668 3108 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/05/02 22:22:46.0698 3108 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/05/02 22:22:46.0748 3108 SCDEmu (4b12e2e559641b0f26474bbc6d7cfaff) C:\Windows\system32\drivers\SCDEmu.sys
2011/05/02 22:22:46.0778 3108 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/02 22:22:46.0808 3108 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/02 22:22:46.0848 3108 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/02 22:22:46.0878 3108 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/02 22:22:46.0908 3108 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/02 22:22:46.0958 3108 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/05/02 22:22:46.0978 3108 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/02 22:22:47.0008 3108 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/02 22:22:47.0038 3108 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/02 22:22:47.0078 3108 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/02 22:22:47.0108 3108 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/02 22:22:47.0138 3108 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/02 22:22:47.0198 3108 snapman (446eb38ce4a6d040f548b2f547ca96ff) C:\Windows\system32\DRIVERS\snapman.sys
2011/05/02 22:22:47.0218 3108 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/02 22:22:47.0268 3108 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
2011/05/02 22:22:47.0298 3108 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/02 22:22:47.0338 3108 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/02 22:22:47.0388 3108 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/02 22:22:47.0428 3108 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/05/02 22:22:47.0468 3108 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/05/02 22:22:47.0488 3108 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/05/02 22:22:47.0588 3108 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/05/02 22:22:47.0638 3108 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/02 22:22:47.0668 3108 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/02 22:22:47.0698 3108 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/02 22:22:47.0768 3108 tdrpman255 (5a1ce027712f76ad4c485e803db7d08c) C:\Windows\system32\DRIVERS\tdrpm255.sys
2011/05/02 22:22:47.0798 3108 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/02 22:22:47.0828 3108 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/02 22:22:47.0858 3108 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/05/02 22:22:47.0888 3108 timounter (f7546ead58cc3000ac02cf9529b9934e) C:\Windows\system32\DRIVERS\timntr.sys
2011/05/02 22:22:47.0938 3108 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/02 22:22:47.0978 3108 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/05/02 22:22:48.0038 3108 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/02 22:22:48.0068 3108 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/02 22:22:48.0098 3108 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/02 22:22:48.0128 3108 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/02 22:22:48.0168 3108 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/05/02 22:22:48.0188 3108 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/02 22:22:48.0238 3108 upperdev (afa3a0937b7044a8322d8bc91722c53b) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
2011/05/02 22:22:48.0258 3108 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
2011/05/02 22:22:48.0298 3108 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/05/02 22:22:48.0328 3108 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/02 22:22:48.0348 3108 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
2011/05/02 22:22:48.0368 3108 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/02 22:22:48.0398 3108 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/02 22:22:48.0438 3108 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/02 22:22:48.0478 3108 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
2011/05/02 22:22:48.0518 3108 UsbserFilt (b826f3ff5a1975cc9096b4caadde77b6) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
2011/05/02 22:22:48.0558 3108 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
2011/05/02 22:22:48.0588 3108 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/02 22:22:48.0628 3108 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/05/02 22:22:48.0658 3108 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/02 22:22:48.0678 3108 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/02 22:22:48.0738 3108 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/05/02 22:22:48.0768 3108 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/05/02 22:22:48.0798 3108 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/05/02 22:22:48.0828 3108 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/05/02 22:22:48.0868 3108 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/05/02 22:22:48.0898 3108 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/05/02 22:22:48.0928 3108 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/05/02 22:22:48.0968 3108 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/02 22:22:48.0998 3108 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/05/02 22:22:49.0028 3108 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/02 22:22:49.0068 3108 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/02 22:22:49.0078 3108 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/02 22:22:49.0138 3108 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/02 22:22:49.0228 3108 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/02 22:22:49.0288 3108 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/02 22:22:49.0308 3108 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/02 22:22:49.0368 3108 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/02 22:22:49.0418 3108 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/02 22:22:49.0468 3108 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/02 22:22:49.0518 3108 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/05/02 22:22:49.0558 3108 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/02 22:22:49.0748 3108 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74983addca2d9618512c088d856d6615) e:\Program Files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl
2011/05/02 22:22:49.0888 3108 ================================================================================
2011/05/02 22:22:49.0888 3108 Scan finished
2011/05/02 22:22:49.0888 3108 ================================================================================ - nieuwe scan
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:27, on 02-05-2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
E:\Program Files\Fraps\fraps.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Program Files\hyjack\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TrueImageMonitor.exe] E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Verzenden naar OneNote - res://E:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - SOURCENEXT - C:\Windows\SysWOW64\bgsvcgen.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - E:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 9039 bytes - Hoi Yibbeda, doe het volgende:
[b:a158b8e2e6]Welk programma[/b:a158b8e2e6]: ComboFix
[b:a158b8e2e6]Waarvoor/waarom[/b:a158b8e2e6]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
en zo mogelijk op te schonen.
[b:a158b8e2e6]Moeilijkheidsgraad[/b:a158b8e2e6]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
[b:a158b8e2e6]Downloadlokatie[/b:a158b8e2e6]: Dit programma absoluut naar het bureaublad downloaden!
[b:a158b8e2e6]Download ComboFix via één van deze locaties[/b:a158b8e2e6]:
[list:a158b8e2e6][*:a158b8e2e6][b:a158b8e2e6]Bleepingcomputer[/b:a158b8e2e6]
[*:a158b8e2e6][b:a158b8e2e6]ForoSpyware[/b:a158b8e2e6]
[*:a158b8e2e6][b:a158b8e2e6]Geekstogo[/b:a158b8e2e6][/list:u:a158b8e2e6]
[b:a158b8e2e6]Hier[/b:a158b8e2e6] zie je hoe je ComboFix moet gebruiken.
Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
[b:a158b8e2e6]Hier[/b:a158b8e2e6] en [b:a158b8e2e6]hier[/b:a158b8e2e6] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.
[b:a158b8e2e6]Voor alle duidelijkheid nogmaals[/b:a158b8e2e6]: ComboFix dient vanaf het bureaublad gestart te worden.
[b:a158b8e2e6]Opmerkingen[/b:a158b8e2e6]:
[list:a158b8e2e6][*:a158b8e2e6] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
[*:a158b8e2e6]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
[*:a158b8e2e6]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:a158b8e2e6]
[b:a158b8e2e6]ComboFix is opgestart[/b:a158b8e2e6]:
[list:a158b8e2e6][*:a158b8e2e6]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
[*:a158b8e2e6]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
[*:a158b8e2e6]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
[*:a158b8e2e6]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
[*:a158b8e2e6]Post de inhoud van dit logbestand in je volgende bericht.
[*:a158b8e2e6]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:a158b8e2e6]
[b:a158b8e2e6]Belangrijke opmerking[/b:a158b8e2e6]:
[list:a158b8e2e6][*:a158b8e2e6][b:a158b8e2e6] -
Hoi Yibbeda, doe het volgende:
dat wordt dan morgen
morgenochtend om 5 uur gaat de wekker helaas
bedankt tot zover
morgenavond weer verder
yib - Maakt niet uit, welterusten dus!
- [quote:f5cc24a774="Abraham54"]Maakt niet uit, welterusten dus![/quote:f5cc24a774]
daar zijn we dan weer met;
ComboFix 11-05-02.04 - Hans 03-05-2011 18:29:07.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.4095.2503 [GMT 2:00]
Gestart vanuit: c:\users\Hans\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Hans\AppData\Roaming\inst.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-04-03 to 2011-05-03 ))))))))))))))))))))))))))))))
.
.
2011-05-02 20:12 . 2011-05-02 20:12 ——– d—–w- c:\users\Hans\AppData\Roaming\Malwarebytes
2011-05-02 20:12 . 2011-05-02 20:12 ——– d—–w- c:\programdata\Malwarebytes
2011-05-02 20:12 . 2010-12-20 16:09 38224 —-a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-02 20:12 . 2010-12-20 16:08 24152 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 18:48 . 2011-05-02 18:48 388096 —-a-r- c:\users\Hans\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-30 06:56 . 2011-04-11 08:21 8802128 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FE22F67-0E2D-4EB3-A667-6FEE51AE265C}\mpengine.dll
2011-04-19 06:29 . 2011-04-19 06:29 ——– d—–w- c:\users\Administrator\AppData\Roaming\Logitech
2011-04-14 07:47 . 2011-04-14 07:47 86016 —-a-w- c:\windows\SysWow64\frapsvid.dll
2011-04-14 07:47 . 2011-04-14 07:47 84992 —-a-w- c:\windows\system32\frapsv64.dll
2011-04-12 20:19 . 2011-02-23 04:56 158208 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-12 20:19 . 2011-02-23 04:55 287744 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-12 20:19 . 2011-02-23 04:55 128000 —-a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-12 20:19 . 2011-02-23 04:55 90624 —-a-w- c:\windows\system32\drivers\bowser.sys
2011-04-08 08:01 . 2011-04-08 08:01 ——– d—–w- c:\program files\Microsoft Forefront UAG
2011-04-04 16:54 . 2011-04-04 16:54 356352 —-a-w- c:\windows\eSellerateEngine.dll
2011-04-04 16:54 . 2011-04-04 16:54 ——– d—–w- c:\users\Hans\AppData\Roaming\Flight1
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-24 14:33 . 2011-03-24 14:33 91648 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-24 14:33 . 2011-03-24 14:33 89088 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-24 14:33 . 2011-03-24 14:33 86528 —-a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-24 14:33 . 2011-03-24 14:33 76800 —-a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-24 14:33 . 2011-03-24 14:33 76800 —-a-w- c:\windows\system32\tdc.ocx
2011-03-24 14:33 . 2011-03-24 14:33 74752 —-a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-24 14:33 . 2011-03-24 14:33 74752 —-a-w- c:\windows\SysWow64\iesetup.dll
2011-03-24 14:33 . 2011-03-24 14:33 63488 —-a-w- c:\windows\SysWow64\tdc.ocx
2011-03-24 14:33 . 2011-03-24 14:33 49664 —-a-w- c:\windows\system32\imgutil.dll
2011-03-24 14:33 . 2011-03-24 14:33 48640 —-a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-24 14:33 . 2011-03-24 14:33 48640 —-a-w- c:\windows\system32\mshtmler.dll
2011-03-24 14:33 . 2011-03-24 14:33 448512 —-a-w- c:\windows\system32\html.iec
2011-03-24 14:33 . 2011-03-24 14:33 420864 —-a-w- c:\windows\SysWow64\vbscript.dll
2011-03-24 14:33 . 2011-03-24 14:33 367104 —-a-w- c:\windows\SysWow64\html.iec
2011-03-24 14:33 . 2011-03-24 14:33 35840 —-a-w- c:\windows\SysWow64\imgutil.dll
2011-03-24 14:33 . 2011-03-24 14:33 2382848 —-a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-24 14:33 . 2011-03-24 14:33 2382848 —-a-w- c:\windows\system32\mshtml.tlb
2011-03-24 14:33 . 2011-03-24 14:33 23552 —-a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-24 14:33 . 2011-03-24 14:33 2303488 —-a-w- c:\windows\system32\jscript9.dll
2011-03-24 14:33 . 2011-03-24 14:33 222208 —-a-w- c:\windows\system32\msls31.dll
2011-03-24 14:33 . 2011-03-24 14:33 1797632 —-a-w- c:\windows\SysWow64\jscript9.dll
2011-03-24 14:33 . 2011-03-24 14:33 173056 —-a-w- c:\windows\system32\ieUnatt.exe
2011-03-24 14:33 . 2011-03-24 14:33 161792 —-a-w- c:\windows\SysWow64\msls31.dll
2011-03-24 14:33 . 2011-03-24 14:33 152064 —-a-w- c:\windows\SysWow64\wextract.exe
2011-03-24 14:33 . 2011-03-24 14:33 150528 —-a-w- c:\windows\SysWow64\iexpress.exe
2011-03-24 14:33 . 2011-03-24 14:33 142848 —-a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-24 14:33 . 2011-03-24 14:33 1427456 —-a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-24 14:33 . 2011-03-24 14:33 1389056 —-a-w- c:\windows\system32\wininet.dll
2011-03-24 14:33 . 2011-03-24 14:33 135168 —-a-w- c:\windows\system32\IEAdvpack.dll
2011-03-24 14:33 . 2011-03-24 14:33 12288 —-a-w- c:\windows\system32\mshta.exe
2011-03-24 14:33 . 2011-03-24 14:33 11776 —-a-w- c:\windows\SysWow64\mshta.exe
2011-03-24 14:33 . 2011-03-24 14:33 114176 —-a-w- c:\windows\system32\admparse.dll
2011-03-24 14:33 . 2011-03-24 14:33 1126912 —-a-w- c:\windows\SysWow64\wininet.dll
2011-03-24 14:33 . 2011-03-24 14:33 111616 —-a-w- c:\windows\system32\iesysprep.dll
2011-03-24 14:33 . 2011-03-24 14:33 110592 —-a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-24 14:33 . 2011-03-24 14:33 101888 —-a-w- c:\windows\SysWow64\admparse.dll
2011-03-24 14:33 . 2011-03-24 14:33 85504 —-a-w- c:\windows\system32\iesetup.dll
2011-03-24 14:33 . 2011-03-24 14:33 603648 —-a-w- c:\windows\system32\vbscript.dll
2011-03-24 14:33 . 2011-03-24 14:33 30720 —-a-w- c:\windows\system32\licmgr10.dll
2011-03-24 14:33 . 2011-03-24 14:33 165888 —-a-w- c:\windows\system32\iexpress.exe
2011-03-24 14:33 . 2011-03-24 14:33 160256 —-a-w- c:\windows\system32\wextract.exe
2011-03-24 14:33 . 2011-03-24 14:33 1492992 —-a-w- c:\windows\system32\inetcpl.cpl
2011-03-21 15:46 . 2011-03-21 15:47 8192 —-a-w- c:\windows\SysWow64\srvany.exe
2011-03-20 15:50 . 2011-03-20 15:37 8107 —-a-w- c:\windows\w7dsd.reg
2011-03-20 15:50 . 2011-03-20 15:37 8089 —-a-w- c:\windows\w7dse.reg
2011-03-20 15:37 . 2011-03-20 15:37 275360 —-a-w- c:\windows\system32\DreamScene.dll
2011-03-09 15:02 . 2010-06-24 10:33 18328 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-08 12:17 . 2011-03-08 12:17 53248 —-a-r- c:\users\Hans\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-03-08 12:16 . 2011-03-08 12:16 18960 —-a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-03-07 22:20 . 2009-07-13 23:57 22370304 —-a-w- c:\windows\system32\imageres.dll
2011-03-04 06:19 . 2011-04-27 13:01 135168 —-a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-27 13:01 350208 —-a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-28 13:13 . 2011-02-28 13:14 38944 —-a-w- c:\windows\system32\drivers\cdrbsdrv.sys
2011-02-28 13:13 . 2011-02-28 12:49 59240 —-a-w- c:\windows\SysWow64\GenSvcInst.exe
2011-02-28 13:13 . 2011-02-28 12:49 139264 —-a-w- c:\windows\SysWow64\bgsvcgen.exe
2011-02-28 12:48 . 2011-02-28 12:49 33408 —-a-w- c:\windows\SysWow64\drivers\CDRBSDRV.SYS
2011-02-26 22:31 . 2011-02-26 22:31 82816 —-a-w- c:\windows\system32\drivers\pcouffin.sys
2011-02-26 22:31 . 2011-02-26 22:31 82816 —-a-w- c:\users\Hans\AppData\Roaming\pcouffin.sys
2011-02-25 14:20 . 2011-02-25 14:20 472808 —-a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-25 12:46 . 2011-02-25 12:47 2414360 —-a-w- c:\windows\system32\d3dx9_31.dll
2011-02-25 12:27 . 2011-02-25 12:27 466520 —-a-w- c:\windows\system32\wrap_oal.dll
2011-02-25 12:27 . 2011-02-25 12:27 445016 —-a-w- c:\windows\SysWow64\wrap_oal.dll
2011-02-25 12:27 . 2011-02-25 12:27 122968 —-a-w- c:\windows\system32\OpenAL32.dll
2011-02-25 12:27 . 2011-02-25 12:27 109144 —-a-w- c:\windows\SysWow64\OpenAL32.dll
2011-02-24 17:25 . 2011-02-24 17:25 29480 —-a-w- c:\windows\SysWow64\msxml3a.dll
2011-02-24 17:25 . 2011-02-02 13:31 505128 —-a-w- c:\windows\SysWow64\msvcp71.dll
2011-02-24 17:25 . 2011-02-02 13:31 353576 —-a-w- c:\windows\SysWow64\msvcr71.dll
2011-02-24 15:31 . 2011-02-24 15:31 250464 —-a-w- c:\windows\system32\drivers\afcdp.sys
2011-02-24 15:31 . 2011-02-24 15:31 1477152 —-a-w- c:\windows\system32\drivers\tdrpm255.sys
2011-02-24 15:31 . 2011-02-24 15:31 929312 —-a-w- c:\windows\system32\drivers\timntr.sys
2011-02-24 15:31 . 2011-02-24 15:31 254496 —-a-w- c:\windows\system32\drivers\snapman.sys
2011-02-24 10:44 . 2009-07-14 02:36 175616 —-a-w- c:\windows\system32\msclmd.dll
2011-02-24 10:44 . 2009-07-14 02:36 152576 —-a-w- c:\windows\SysWow64\msclmd.dll
2011-02-23 06:28 . 2011-02-24 13:11 5654120 —-a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-02-23 06:28 . 2011-02-24 13:11 1965672 —-a-w- c:\windows\SysWow64\nvapi.dll
2011-02-23 06:28 . 2011-02-24 13:11 1614440 —-a-w- c:\windows\system32\nvdispco642090.dll
2011-02-23 06:28 . 2011-02-24 13:11 1359976 —-a-w- c:\windows\system32\nvgenco642040.dll
2011-02-23 06:28 . 2011-02-24 13:11 10079336 —-a-w- c:\windows\SysWow64\nvd3dum.dll
2011-02-23 06:28 . 2011-02-23 06:28 67176 —-a-w- c:\windows\system32\OpenCL.dll
2011-02-23 06:28 . 2011-02-23 06:28 6606440 —-a-w- c:\windows\system32\nvcuda.dll
2011-02-23 06:28 . 2011-02-23 06:28 57960 —-a-w- c:\windows\SysWow64\OpenCL.dll
2011-02-23 06:28 . 2011-02-23 06:28 4942952 —-a-w- c:\windows\SysWow64\nvcuda.dll
2011-02-23 06:28 . 2011-02-23 06:28 3112040 —-a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 06:28 . 2011-02-23 06:28 2895976 —-a-w- c:\windows\SysWow64\nvcuvid.dll
2011-02-23 06:28 . 2011-02-23 06:28 2479720 —-a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 06:28 . 2011-02-23 06:28 2251368 —-a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-02-23 06:28 . 2011-02-23 06:28 20473960 —-a-w- c:\windows\system32\nvoglv64.dll
2011-02-23 06:28 . 2011-02-23 06:28 18580072 —-a-w- c:\windows\system32\nvcompiler.dll
2011-02-23 06:28 . 2011-02-23 06:28 15047272 —-a-w- c:\windows\SysWow64\nvoglv32.dll
2011-02-23 06:28 . 2011-02-23 06:28 13011560 —-a-w- c:\windows\SysWow64\nvcompiler.dll
2011-02-23 06:28 . 2011-02-23 06:28 12962792 —-a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-02-23 06:28 . 2011-02-23 06:28 12862568 —-a-w- c:\windows\system32\nvd3dumx.dll
2011-02-23 06:28 . 2010-07-10 04:38 2200680 —-a-w- c:\windows\system32\nvapi64.dll
2011-02-23 06:28 . 2009-07-13 21:59 7732328 —-a-w- c:\windows\system32\nvwgf2umx.dll
2011-02-19 12:05 . 2011-03-09 15:47 1139200 —-a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-09 15:47 1544192 —-a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-09 15:47 902656 —-a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-09 15:47 1076736 —-a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-09 15:47 739840 —-a-w- c:\windows\SysWow64\d2d1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="e:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"TrueImageMonitor.exe"="e:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-13 5075776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 9096]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176]
R3 NVIDIAHWAccess;NVIDIAHWAccess;c:\users\Hans\AppData\Roaming\NVIDIA\HWAccess.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\DRIVERS\tdrpm255.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/02/24 18:27];e:\program files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl [2010-03-13 11:58 146928]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-02-24 2475952]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;e:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 09:51]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 09:51]
.
.
——— x86-64 ———–
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-13 357304]
"NoSleepHD"="e:\program files\NoSleepHDv2.0.exe" [2009-04-11 110080]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
——- Bijkomende Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.nu.nl/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: &Verzenden naar OneNote - e:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - e:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\e:\program files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl"
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-05-03 18:33:53
ComboFix-quarantined-files.txt 2011-05-03 16:33
.
Pre-Run: 17.367.298.048 bytes beschikbaar
Post-Run: 16.925.958.144 bytes beschikbaar
.
- - End Of File - - 90B4698D8986F3BB0E759E840AD96D9E - en de nieuwe HijackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:38, on 03-05-2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
E:\Program Files\Fraps\fraps.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
E:\Program Files\hyjack\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TrueImageMonitor.exe] E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: &Verzenden naar OneNote - res://E:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - SOURCENEXT - C:\Windows\SysWOW64\bgsvcgen.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - E:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 8471 bytes - Hoi Hans, je hoeft geen logs te posten waarom ik niet gevraagd heb!
Dat comboFix-log ziet er al goed uit!
Je mag nu het volgende doen:
[b:e5f8e51169]Doe de ESET online scan (Klik).[/b:e5f8e51169]
[list:e5f8e51169]
[*:e5f8e51169]Klik op de knop [b:e5f8e51169]ESET Online Scanner[/b:e5f8e51169]
[*:e5f8e51169]Zet een vinkje bij [b:e5f8e51169]YES, I accept the Terms of Use[/b:e5f8e51169]
[*:e5f8e51169]Klik op [b:e5f8e51169]Start[/b:e5f8e51169]
[*:e5f8e51169]Sta het ActiveX control toe om te installeren.
[*:e5f8e51169]Klik op [b:e5f8e51169]"Advanced settings"[/b:e5f8e51169]
[*:e5f8e51169]Zet een vinkje bij de volgende opties:
[list:e5f8e51169][*:e5f8e51169][b:e5f8e51169]Remove found threats[/b:e5f8e51169]
[*:e5f8e51169][b:e5f8e51169]Scan archives[/b:e5f8e51169]
[*:e5f8e51169][b:e5f8e51169]Scan for potentially unwanted applications[/b:e5f8e51169]
[*:e5f8e51169][b:e5f8e51169]Scan for potentially unsafe applications[/b:e5f8e51169]
[*:e5f8e51169][b:e5f8e51169]Enable Anti-Stealth technology [/b:e5f8e51169][/list:u:e5f8e51169]
[*:e5f8e51169]Klik op [b:e5f8e51169]Start[/b:e5f8e51169]
[*:e5f8e51169]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
[*:e5f8e51169]Je mag het venster sluiten wanneer de scan klaar is.
[*:e5f8e51169]Gebruik [b:e5f8e51169]Kladblok[/b:e5f8e51169] om het logje te openen. Dit logje vind je in de lokatie C:\Program Files\EsetOnlineScanner\[b:e5f8e51169]log.txt[/b:e5f8e51169]
[*:e5f8e51169]Kopieer en plak de inhoud van dit logje in je volgende bericht.[/list:u:e5f8e51169]
N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller! - ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=0a2241cb32dc284e80bc52fe551cef30
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-03 06:19:35
# local_time=2011-05-03 08:19:35 (+0100, West-Europa (zomertijd))
# country="Netherlands"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 100 3138 45732189 1605 0
# compatibility_mode=5893 16776573 100 94 297078 56073535 0 0
# compatibility_mode=8192 67108863 100 0 144 144 0 0
# scanned=122854
# found=0
# cleaned=0
# scan_time=3089
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=0a2241cb32dc284e80bc52fe551cef30
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-03 06:54:54
# local_time=2011-05-03 08:54:54 (+0100, West-Europa (zomertijd))
# country="Netherlands"
# lang=1043
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 100 6349 45735400 4816 0
# compatibility_mode=5893 16776573 100 94 300289 56076746 0 0
# compatibility_mode=8192 67108863 100 0 3355 3355 0 0
# scanned=89647
# found=0
# cleaned=0
# scan_time=1998 - Hoi Hans, ondervindt jij nog problemen met Windows of heb jij nog vragen?
- [quote:4228efb2c2="Abraham54"]Hoi Hans, ondervindt jij nog problemen met Windows of heb jij nog vragen?[/quote:4228efb2c2]
de problemen vermeld in mijn eerste bericht doen zich tot op heden niet voor (de mappen die er steeds weer in terug kwamen)
bedankt zover - Hoi Hans, dat is dan fijn.
Dan gaan we nu eerst opruimen!
ComboFix mag nu verwijderd worden:
[list:faa4439c64][*:faa4439c64] ga daarvoor naar Start - Uitvoeren
[*:faa4439c64] kopieer en plak hierin het volgende: [b:faa4439c64]Combofix /Uninstall[/b:faa4439c64]
[*:faa4439c64] klik daarna op [b:faa4439c64]OK[/b:faa4439c64].
[*:faa4439c64] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:faa4439c64]
Voorbeeld:
[img:faa4439c64]http://home.kpn.nl/stefsmeenk/CFUninstall.PNG[/img:faa4439c64]
Uitvoeren kan ook gestart worden door de toetsencombinatie [img:faa4439c64]http://home.kpn.nl/stefsmeenk/W+R.jpg[/img:faa4439c64]
Of ComboFix handmatig verwijderen:
[b:faa4439c64]Verwijder dan:[/b:faa4439c64]
[list:faa4439c64][*:faa4439c64] ComboFix.exe
[*:faa4439c64] C:\combofix.txt
[*:faa4439c64] C:\ComboFix-quarantined-files.txt
[*:faa4439c64] C:\ComboFix2.txt
[*:faa4439c64] C:\ComboFix3.txt
[*:faa4439c64] etc.etc.
[*:faa4439c64] de map c:\Qoobox (mits aanwezig)[/list:u:faa4439c64]
Lukt het handmatig opruimen niet helemaal, herstart dan naar Veilige modus.
Hou MBAM aan boord voor een wekelijkse snelle scan - na het tool eerst geupdated te hebben.
En hou het Eset bestand ook in Windows en doe maandelijks een onlinescan met Eset.
Dan wordt het bestand enkel updates voorzien.
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
