Vraag & Antwoord
ERNSTIG - Windows Vista start niet meer
23 antwoorden
- Beste mensen,
Ik heb een HP laptop met daarop windows Vista home.
Van de een op de andere dag wilde hij niet meer opstarten in windows.
In het begin startte hij meteen op met startup repair, die gaf vervolgens de melding dat hij het probleem niet kon oplossen.
Voordat ik het heb proberen op te lossen, heb ik via een Ubuntu cdrom mijn belangrijke bestanden eerst op USB sticks gezet, deze zijn dus al veilig.
Na wat zoeken op internet heb ik via de command console (wat je ook kan kiezen in het menu'tje waar dat startup repair in staat) de [b:44f8a0b533]Fixmbr[/b:44f8a0b533], [b:44f8a0b533]FixBoot[/b:44f8a0b533] en [b:44f8a0b533]RebuilbBcd[/b:44f8a0b533] commands ingevoerd, die zijn allemaal uitgevoerd.
Nu dacht ik dat hij het wel weer zou doen, maar wat blijkt, bij opstarten krijg ik het volgende bericht:
*****************************
Windows Boot Manager
Windows failed to start. A recent hardware or software change might be the cause. To fix problem:
1) Insert your Windows Installations Disc and restart your computer
2) Choose language settings, and click "next"
3) Click "Repair Your computer"
File: \windows\system32\drivers\dwprot.sys
Status: 0xc0000221
Info: Windows failed to load because a critical system driver is missing, or corrupt.
***********************************
Nu is het zo dat bij startup repair ook al naar voren kwam dat het bestand dwprot.sys beschadigd of vermist werd.
P.S.
Ik heb ergens gelezen op internet dat het dwprot.sys bestand verband houd met DrWeb. Dit programma heb ik wel gebruikt, ik heb geen idee of het nog op de laptop staat.
Ik heb geen idee hoe ik nu verder moet en wat er nog voor mogelijkheden zijn.
Ik zie er erg tegenop om een clean install te moeten uitvoeren, omdat er dan alsnog veel data en programma's verloren gaan (muziek/films/Ebooks) die nu niet op USB sticks staan.
Wie oh wie zou mij kunnen helpen ?!
Vriendelijke groeten,
Shot_Caller - [quote:84b2ec7a2a="Shot_Caller"]File: \windows\system32\drivers\dwprot.sys
Status: 0xc0000221 [/quote:84b2ec7a2a] Volgens deze hyperlink dwprot.sys zou het mogelijk om een virus Trojan, worm, of spyware kunnen gaan. Heb je al geprobeerd of je de PC nog in veilige modus kunt opstarten. Eventueel met netwerk verbinding. Als dat lukt zou je kunnen checken, of je een HijackThis log kunt posten. - Bedankt voor je reactie Jolo,
Oke, het lukt me niet meer om in Windows Vista te komen, ook niet via veilige modus. Zodra ik de laptop opstart, dan krijg ik bijna meteen het scherm van windows boot manager met de foutmelding.
Wat wel nog lukt is via de Ubuntu cd, met Ubuntu toegang krijgen tot alle files op mijn harddisk.
Heeft het dan nut om vanuit Ubuntu een HijackThis log te maken? of mist hij dan essentiele checkpoints?
Heeft het verder nog nut om DrWeb te deinstalleren? Aangezien het betreffende bestand "dwprot.sys" een verwijzing schijnt te zijn naar DrWeb.. - Update:
Ik zie nu net in de doelmap waarin het bestand staat (windows\system32\drivers) dat het bestand dwprot.sys een ander icoon heeft dan alle andere .sys bestanden.
Een kijkje bij eigenschappen van het bestand, laat zien dat het type bestand "unknown" is.
Het lijkt erop dat het dus niet goed is meeverwijderd toen drWeb verwijderd werd ?? - Hoi [b:fb78806c55]dwprot.sys[/b:fb78806c55] is pure malware en ik vermoed dat er nog wel meer in jouw Vista zit.
Wat je ook kan doen, is bijv. een Avira rescue CD te branden om daarvan te booten en de stukkende Windows op die wijze te scannen!
Download van de ISO: http://www.avira.com/en/support-download-avira-antivir-rescue-system
Handleiding: http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163
Doordat de scan onder Windows gebeurt is het ook niet mogelijk, dat malware de scan kan neutraliseren!
Extra info Maxstar: http://www.pcwebplus.nl/phpbb/viewtopic.php?f=222&t=3941 - Bedankt voor de tip Abraham54,
Ik ga er meteen mee aan de slag en ik laat van me horen. - Oke, de scan van Avira Antivir Rescue system is voltooid.
Wat opvalt is dat er redelijk wat resultaten zijn, maar dat het bestand dwprot.sys niet gemeld wordt in de scan..
Hieronder de resultaten uit het logfile (het is een hele lijst):
Avira / Linux Version 1.9.152.0
Copyright © 2010 by Avira GmbH
All rights reserved.
engine set: 8.2.5.14
VDF Version: 7.11.9.189
Scan start time: Tue Jun 14 17:27:54 2011
configuration file: /etc/avira/scancl.conf
WARNING: [Unexpected end of file] /media/Devices/sda1/DOSBox-0.72/uninstall.exe
ALERT: [APPL/KillApp.A] /media/Devices/sda1/HP/BIN/EndProcess.exe <<< Contains signature of the application APPL/KillApp.A [renamed]
WARNING: [Unexpected end of file] /media/Devices/sda1/Program Files/Belastingdienst/Aangifte inkomstenbelasting/2007/ib2007u.exe
WARNING: [Unexpected end of file] /media/Devices/sda1/Program Files/Belastingdienst/Aangifte inkomstenbelasting/2009/ib2009u.exe
WARNING: [Unexpected end of file] /media/Devices/sda1/Program Files/QuickPar/uninst.exe
WARNING: [Unexpected end of file] /media/Devices/sda1/Program Files/TuneUp Utilities 2011/data/VistaDefault.tbs
WARNING: [Unexpected end of file] /media/Devices/sda1/Program Files/TuneUp Utilities 2011/data/VistaDefault.tla
WARNING: [Unexpected end of file] /media/Devices/sda1/Program Files/TuneUp Utilities 2011/data/VistaDefault.tls
WARNING: [Unexpected end of file] /media/Devices/sda1/Program Files/TuneUp Utilities 2011/TUData.dat –> data/VistaDefault.tbs
WARNING: [Unexpected end of file] /media/Devices/sda1/Program Files/TuneUp Utilities 2011/TUData.dat –> data/VistaDefault.tla
WARNING: [Unexpected end of file] /media/Devices/sda1/Program Files/TuneUp Utilities 2011/TUData.dat –> data/VistaDefault.tls
WARNING: [Unsupported archive version] /media/Devices/sda1/Program Files/FTDv3.8/Uninstall.exe
WARNING: [Bad archive header] /media/Devices/sda1/ProgramData/NortonInstaller/Settings/{0C55C096-0F1D-4F28-AAA2-85EF591126E7}.7z
WARNING: [Error opening file. (Input/output error)] /media/Devices/sda1/ProgramData/AVG10/Chjw/2c88743c8874071c.dat
WARNING: [Error opening file. (Input/output error)] /media/Devices/sda1/ProgramData/AVG10/Chjw/79ac246860f0a1cd.dat
WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/config/BehavioralEventProcessors.dat
WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/config/BehavioralEvents.dat
WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/config/Characteristics.dat
WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/config/internalList.zip
WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/config/internalList.zip.bak
WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/config/md5Cache.dat
WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/config/quarantinedList.zip
WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/config/quarantinedList.zip.bak
WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/config/registryCoverage.dat
WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/config/Relationships.dat
WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/config/userList.zip
WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/config/userList.zip.bak
WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/quarantine/263df8d2-0000-1000-8001-000000000000.zip
WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/quarantine/9e61e382-ffff-ffff-8000-000000000000.zip
WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/quarantine/c3c20950-ffff-ffff-8000-000000000000.zip
WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/quarantine/c5239e98-ffff-ffff-8000-000000000000.zip
WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/quarantine/ce1a970e-ffff-ffff-8000-000000000000.zip
WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/quarantine/cfd92ca2-ffff-ffff-8000-000000000000.zip
WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/AVG10/IDS/quarantine/e59cc48c-ffff-ffff-8000-000000000000.zip
WARNING: [File is encrypted] /media/Devices/sda1/ProgramData/MFAData/pack/bins/f10idatx1120xy.bin –> data –> internalList.zip
WARNING: [Bad archive header] /media/Devices/sda1/$RECYCLE.BIN/S-1-5-21-1362925174-1269254538-546090230-1000/$R810G1V/Support/DirectX/t3740t170.tmp
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/02/REDIST/IE6/IENT_S1.CAB –> IENT_1.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/02/REDIST/IE6/IENT_S2.CAB –> IENT_2.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/02/REDIST/IE6/IENT_S3.CAB –> IENT_3.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/02/REDIST/IE6/IENT_S4.CAB –> IENT_4.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/02/REDIST/IE6/IENT_S5.CAB –> IENT_5.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/02/REDIST/IE6/IENT_S6.CAB –> IENT_6.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/02/REDIST/IE6/IE_S1.CAB –> IE_1.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/02/REDIST/IE6/IE_S2.CAB –> IE_2.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/02/REDIST/IE6/IE_S3.CAB –> IE_3.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/02/REDIST/IE6/IE_S4.CAB –> IE_4.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/02/REDIST/IE6/IE_S5.CAB –> IE_5.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/02/REDIST/IE6/IE_S6.CAB –> IE_6.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/NL/Redist/IE6/ient_s1.CAB –> IENT_1.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/NL/Redist/IE6/ient_s2.CAB –> IENT_2.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/NL/Redist/IE6/ient_s3.CAB –> IENT_3.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/NL/Redist/IE6/ient_s4.CAB –> IENT_4.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/NL/Redist/IE6/ient_s5.CAB –> IENT_5.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/NL/Redist/IE6/ie_s1.CAB –> IE_1.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/NL/Redist/IE6/ie_s2.CAB –> IE_2.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/NL/Redist/IE6/ie_s3.CAB –> IE_3.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/NL/Redist/IE6/ie_s4.CAB –> IE_4.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/NL/Redist/IE6/ie_s5.CAB –> IE_5.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/NL/Redist/IE6/ie_s6.CAB –> IE_6.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/MSWorks/NL/Redist/IE6/ient_s6.CAB –> IENT_6.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/RoxioCB9/EMC_HPCPC_905/Data1.cab
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/SwSetup/RoxioCB9/EMC_HPCPC_905/Data11.cab
ALERT: [JAVA/Fester.D.1] /media/Devices/sda1/Users/Jeroen/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/27/7061701b-1398909c –> vload.class <<< Contains signature of the Java virus JAVA/Fester.D.1 [archive scan abort]
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/Users/Jeroen/AppData/Roaming/GrabIt/Temp/B05L02I20N11KIHTEVLTDG09.part55.rar
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/Users/Jeroen/AppData/Roaming/GrabIt/Temp/B05L02I20N11KIHTEVLTDG09.part56.rar
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/Users/Jeroen/AppData/Roaming/GrabIt/Temp/B05L02I20N11KIHTEVLTDG09.part57.rar
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/Users/Jeroen/AppData/Roaming/GrabIt/Temp/QDAP-2116.part004.rar
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/Users/Jeroen/AppData/Roaming/GrabIt/Temp/QDAP-2116.part006.rar
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/Users/Jeroen/AppData/Roaming/GrabIt/Temp/QDAP-2116.part011.rar
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/Users/Jeroen/AppData/Roaming/GrabIt/Temp/QDAP-2116.part089.rar
ALERT: [TR/Dropper.Gen] /media/Devices/sda1/Users/Jeroen/Documents/Azureus Downloads/Black and White Plus Key Generator PLUS Manual - Gowenna/B&Wkg.exe <<< Is the Trojan horse TR/Dropper.Gen [renamed]
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/Users/Jeroen/Documents/Downloads/mystery and style/Erik von Markovik aka _Mystery_ method - venusian arts/Mystery Method - Volume 3 - 05.avi
ALERT: [TR/ADH.SP] /media/Devices/sda1/Users/Jeroen/Documents/Downloads/Norton Utilities 2010 v14.5.0.116b + TrialReset v1.0 [RH]/NU.2010.v14.5.0.116b_[RH].rar –> Norton Utilities 2010 v14.5.0.116b\Norton Utilities_Trial.Reset v1.0\NUTR_1.0.exe <<< Is the Trojan horse TR/ADH.SP [archive scan abort]
WARNING: [Unsupported archive type] /media/Devices/sda1/Users/Jeroen/Documents/Downloads/Hunter Windows xp professional 2009 NL/Windows Xp Professional NL 2009.iso –> OEM/DP3P0002.7z
WARNING: [Error writing file] /media/Devices/sda1/Users/Jeroen/Downloads/AssassinsCreedREPACK-RELOADED/rld-acrr.iso
ALERT: [TR/Dldr.Age.1171323] /media/Devices/sda1/Users/Jeroen/Shared/De Heideroosjes - Ik Wil Niks.wma <<< Is the Trojan horse TR/Dldr.Age.1171323 [renamed]
ALERT: [TR/Dldr.Age.1171323] /media/Devices/sda1/Users/Jeroen/Shared/De Heideroosjes - The Lovesong that Im Not Allowed To Write.wma <<< Is the Trojan horse TR/Dldr.Age.1171323 [renamed]
WARNING: [Unexpected end of file] /media/Devices/sda1/Users/Public/Phoenix_15beta4.rar –> Phoenix.exe –> ProgramFilesDir/[UnknownDir]
ALERT: [Java/Exdoer.BK] /media/Devices/sda1/Windows/System32/config/systemprofile/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/1/68cd3e01-6521a1d9 –> settings/Form.class <<< Contains signature of the Java virus JAVA/Exdoer.BK [archive scan abort]
ALERT: [EXP/2010-4452.D] /media/Devices/sda1/Windows/System32/config/systemprofile/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/49/73190831-414a2e6f <<< Contains signature of the exploits EXP/2010-4452.D [renamed]
Statistics :
Directories…………… : 26453
Archives……………… : 3759
Files………………… : 923515
Infected………….. : 8
Renamed……….. : 8
Warnings………….. : 72
Suspicious………… : 0
Infections……………. : 8
Na de scan heb ik een reboot gedaan zoals stond bij de uitleg. Echter, daardoor kwam ik weer terug bij de foutmelding van windows boot manager.
Hoe nu verder??
Alvast bedankt voor de hulp,
Shot_Caller - Ik heb inmiddels (na een backup te hebben gemaakt van het betreffende bestand) [b:0eb7798878]dwprot.sys [/b:0eb7798878]verwijderd uit de driver directory van windows.
En wat blijkt: hij start weer gewoon op zonder foutmelding!
Voor de zekerheid knal ik er ook nog even een HijackThis tegenaan waarvan ik de logfile zo even zal plaatsen.
Ik heb namelijk het idee dat er adware of spyware of virussen op de laptop staan, omdat hij in de loop der tijd nogal traag is geworden. - En zoals beloofd is hier de HijackThis logfile.
Als iemand hier nog even naar zou willen kijken, zou dat super zijn!
De laptop doet het tot nu toe redelijk goed, alleen had hij wel wat moeite met Hijackthis (foutmelding tijdens het scannen, maar scan ging gewoon door).
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:32:20, on 14-6-2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:49657
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Users\Jeroen\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jeroen\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
–
End of file - 7562 bytes - Mooi dat je het machientje weer aan de praat hebt!
Begin met de volgende 3 scans:
1) [b:96088754d7]Welk programma[/b:96088754d7]: MBRCheck.exe
[b:96088754d7]Waarvoor/waarom[/b:96088754d7]: speciale scan op mbr-rootkits
[b:96088754d7]Moeilijkheidsgraad[/b:96088754d7]: geen.
[b:96088754d7]Download MBRCheck.exe[/b:96088754d7]
[b:96088754d7]MBRCheck.exe opstarten[/b:96088754d7]:
Windows 2000 en Windows XP: start "MBRCheck.exe" middels dubbelklik op "MBRCheck.exe".
Windows Vista en Windows 7: start "MBRCheck.exe" middels rechtsklik op "MBRCheck.exe" en dan kiezen voor "Als Administrator uitvoeren".
[list:96088754d7][*:96088754d7]een zwart scherm toont zich met enkele data erin.
[*:96088754d7]Op je bureaublad zal een logbestand met de naam "MBRcheckxxxx.txt" verschijnen.
[*:96088754d7]Kopieer nu de inhoud van dat log in je volgende post.[/list:u:96088754d7]
2) [b:96088754d7]Welk programma[/b:96088754d7]: Kaspersky [b:96088754d7]TDSSKiller[/b:96088754d7]
[b:96088754d7]Waarvoor/waarom[/b:96088754d7]: Rootkitscanner
[b:96088754d7]Moeilijkheidsgraad[/b:96088754d7]: geen
[b:96088754d7]Downloadlokatie[/b:96088754d7]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
[b:96088754d7]Download[/b:96088754d7] [b:96088754d7]TDSSKiller[/b:96088754d7] [b:96088754d7]hier[/b:96088754d7].
[b:96088754d7]Installatie[/b:96088754d7]:
[list:96088754d7][*:96088754d7] pak het bestand uit op je bureaublad.[/list:u:96088754d7]
[b:96088754d7]TDSSKiller gebruiken[/b:96088754d7]:
[list:96088754d7][*:96088754d7]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe.
[*:96088754d7]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:96088754d7]Als Administrator uitvoeren[/b:96088754d7].
[*:96088754d7] Nadat de scan klaar is, vindt je het log in de C:\ partitie
[*:96088754d7] Post de inhoud van dat log[/list:u:96088754d7]
3) [b:96088754d7]Welk programma[/b:96088754d7]: Malwarebytes MBAM
[b:96088754d7]Waarvoor/waarom[/b:96088754d7]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
[b:96088754d7]Moeilijkheidsgraad[/b:96088754d7]: geen.
[b:96088754d7]Download Malwarebytes MBAM via één van deze locaties[/b:96088754d7]:
[list:96088754d7][*:96088754d7][b:96088754d7]Download.com[/b:96088754d7]
[*:96088754d7][b:96088754d7]Softpedia.com[/b:96088754d7][*:96088754d7][b:96088754d7]Majorgeeks.com[/b:96088754d7][/list:u:96088754d7]
[b:96088754d7]Allereerst[/b:96088754d7]:[list:96088754d7][*:96088754d7] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
[*:96088754d7] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:96088754d7]
[b:96088754d7]Malwarebytes MBAM opstarten[/b:96088754d7]:
Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
[b:96088754d7]Scannen[/b:96088754d7]:
[list:96088754d7][*:96088754d7] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
[*:96088754d7]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
[*:96088754d7]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:96088754d7]
[b:96088754d7]Infecties gevonden[/b:96088754d7]:
[list:96088754d7][*:96088754d7]Klik nu eerst op OK om de melding weg te klikken
[*:96088754d7]Klik vervolgens rechtsonder op de knop Bekijk resultaten.
[*:96088754d7]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
[*:96088754d7]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
[*:96088754d7]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
[*:96088754d7]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:96088754d7]
[b:96088754d7]MBAM-Log[/b:96088754d7]:
[list:96088754d7][*:96088754d7] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:96088754d7]
[b:96088754d7]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:96088754d7]
[b:96088754d7]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:96088754d7]
[list:96088754d7][*:96088754d7] MBRCheck-log
[*:96088754d7] TDSSKiller-log
[*:96088754d7] MBAM scanlog
[*:96088754d7] laat ook weten wanneer je ergens een probleem mee hebt[/list:u:96088754d7] - Thanks voor de hulp!
Hierbij de logfiles,
als eerste de [b:6caf6550b3]MBRCheck-log[/b:6caf6550b3]:
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv9500 Notebook PC
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 166):
0x82800000 \SystemRoot\system32\ntkrnlpa.exe
0x82BA1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x802BD000 \SystemRoot\system32\PSHED.dll
0x802B5000 \SystemRoot\system32\BOOTVID.dll
0x8027A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A3000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8026D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8070D000 \SystemRoot\System32\Drivers\spia.sys
0x80264000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8023E000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x80460000 \SystemRoot\system32\drivers\acpi.sys
0x80236000 \SystemRoot\system32\drivers\msisadrv.sys
0x80227000 \SystemRoot\system32\drivers\volmgr.sys
0x80202000 \SystemRoot\system32\drivers\pci.sys
0x8045D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80453000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80443000 \SystemRoot\System32\drivers\mountmgr.sys
0x8043C000 \SystemRoot\system32\drivers\pciide.sys
0x8042E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x806C3000 \SystemRoot\System32\drivers\volmgrx.sys
0x80426000 \SystemRoot\system32\drivers\atapi.sys
0x80408000 \SystemRoot\system32\drivers\ataport.SYS
0x806B6000 \SystemRoot\System32\Drivers\AFS.sys
0x80685000 \SystemRoot\system32\drivers\fltmgr.sys
0x80675000 \SystemRoot\system32\drivers\fileinfo.sys
0x80666000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x8065D000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x826FC000 \SystemRoot\system32\drivers\ndis.sys
0x80632000 \SystemRoot\system32\drivers\msrpc.sys
0x826C3000 \SystemRoot\system32\drivers\NETIO.SYS
0x830F8000 \SystemRoot\System32\Drivers\Ntfs.sys
0x82659000 \SystemRoot\System32\Drivers\ksecdd.sys
0x80400000 \SystemRoot\system32\drivers\wd.sys
0x82623000 \SystemRoot\system32\drivers\volsnap.sys
0x8062A000 \SystemRoot\System32\Drivers\spldr.sys
0x8061B000 \SystemRoot\System32\drivers\partmgr.sys
0x8060C000 \SystemRoot\System32\Drivers\mup.sys
0x830D3000 \SystemRoot\System32\drivers\ecache.sys
0x82612000 \SystemRoot\system32\drivers\disk.sys
0x830B2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x80603000 \SystemRoot\system32\drivers\crcdisk.sys
0x8260B000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x82607000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x8B842000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B950000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x83063000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x890E2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8B818000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x891F0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8B805000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8B959000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B81E000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8BD96000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8BD59000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x89001000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8BC58000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8BC3F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x832EC000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8BC31000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8BC19000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8B860000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8BC05000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8C0EF000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8C0D7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C051000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8C306000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8B9FE000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8C269000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8900F000 \SystemRoot\System32\drivers\watchdog.sys
0x8C230000 \SystemRoot\System32\Drivers\alpljjku.SYS
0x8C21D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C006000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C1F2000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8B9FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C1E7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D105000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D0C5000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C1DC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D0AE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D0A3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D080000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B86F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D06D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B87E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B9E4000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D043000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D039000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D13D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B974000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8D005000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x891A0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D332000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8D305000 \SystemRoot\system32\drivers\portcls.sys
0x8D2E0000 \SystemRoot\system32\drivers\drmk.sys
0x8D2A3000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8D4FD000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8D449000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8D14A000 \SystemRoot\system32\drivers\modem.sys
0x8D257000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x8B9AA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8C1B3000 \SystemRoot\System32\Drivers\Null.SYS
0x8C1BA000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D24B000 \SystemRoot\System32\drivers\vga.sys
0x8D22A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8907C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x89084000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D365000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D21C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B9B3000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D72B000 \SystemRoot\System32\drivers\tcpip.sys
0x8D410000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8D716000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D702000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D6BB000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x8D689000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D642000 \SystemRoot\system32\drivers\afd.sys
0x8D62C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D402000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B9E0000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x8D619000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8DDC5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D212000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D602000 \SystemRoot\System32\Drivers\dfsc.sys
0x8DD89000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x8DC43000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8B96B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x89044000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8DC02000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys
0x90E00000 \SystemRoot\System32\win32k.sys
0x8DF04000 \SystemRoot\System32\drivers\Dxapi.sys
0x8B923000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9A400000 \SystemRoot\System32\TSDDD.dll
0x9A410000 \SystemRoot\System32\cdd.dll
0x91A83000 \SystemRoot\system32\drivers\luafv.sys
0x89150000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9CEF5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8DF2C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9CE05000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9D532000 \SystemRoot\system32\drivers\spsys.sys
0xA0B97000 \SystemRoot\system32\drivers\HTTP.sys
0x9D407000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9D4C9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9D4B5000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA0B01000 \SystemRoot\system32\drivers\mrxdav.sys
0xA0AE3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0AAA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0A98000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0A74000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0A23000 \SystemRoot\System32\DRIVERS\srv.sys
0xA117D000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x8BDE8000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0x8C14A000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xA11C0000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA1322000 \SystemRoot\system32\drivers\peauth.sys
0x8DEA0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8DCD0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x91888000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x8C14F000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xA1202000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xA1040000 \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
0xA221B000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA5240000 \SystemRoot\System32\Drivers\fastfat.SYS
0x775D0000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
Processes (total 49):
0 System Idle Process
4 System
428 C:\Windows\System32\smss.exe
464 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
720 csrss.exe
804 csrss.exe
812 C:\Windows\System32\wininit.exe
864 C:\Windows\System32\winlogon.exe
904 C:\Windows\System32\services.exe
916 C:\Windows\System32\lsass.exe
924 C:\Windows\System32\lsm.exe
1092 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\svchost.exe
1340 C:\Windows\System32\svchost.exe
1356 C:\Windows\System32\svchost.exe
1444 C:\Windows\System32\audiodg.exe
1632 C:\Windows\System32\svchost.exe
1648 C:\Windows\System32\SLsvc.exe
1672 C:\Windows\System32\svchost.exe
1880 C:\Windows\System32\svchost.exe
372 C:\Windows\System32\spoolsv.exe
460 C:\Windows\System32\svchost.exe
1028 C:\Program Files\AVG\AVG10\avgwdsvc.exe
1604 C:\Windows\System32\PnkBstrA.exe
1660 C:\Windows\System32\svchost.exe
1828 C:\Windows\System32\svchost.exe
1460 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
1740 C:\Windows\System32\svchost.exe
2212 C:\Windows\System32\taskeng.exe
2336 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
2648 C:\Windows\System32\dwm.exe
2664 C:\Windows\System32\taskeng.exe
2728 C:\Windows\explorer.exe
2780 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
2940 C:\Program Files\AVG\AVG10\avgnsx.exe
3000 C:\Program Files\AVG\AVG10\avgemcx.exe
3116 C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
3764 C:\Program Files\AVG\AVG10\avgtray.exe
3784 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
2704 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
2544 C:\Windows\System32\wuauclt.exe
2204 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
2628 C:\Program Files\AVG\AVG10\avgcsrvx.exe
5080 C:\Program Files\Internet Explorer\iexplore.exe
5228 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
5688 C:\Users\Jeroen\Desktop\MBRCheck.exe
4304 C:\Windows\System32\conime.exe
\\.\C: –> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: –> \\.\PhysicalDrive0 at offset 0x00000023`85ec6a00 (NTFS)
PhysicalDrive0 Model Number: TOSHIBAMK1637GSX, Rev: DL032C
Size Device Name MBR Status
——————————————–
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
Vervolgens de [b:6caf6550b3]TDSSKiller-log [/b:6caf6550b3](hierbij vond hij iets, maar heb ik op de optie "skip geklikt" ik had geen idee wat ik daar had moeten doen. :
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv9500 Notebook PC
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 166):
0x82800000 \SystemRoot\system32\ntkrnlpa.exe
0x82BA1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x802BD000 \SystemRoot\system32\PSHED.dll
0x802B5000 \SystemRoot\system32\BOOTVID.dll
0x8027A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A3000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8026D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8070D000 \SystemRoot\System32\Drivers\spia.sys
0x80264000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8023E000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x80460000 \SystemRoot\system32\drivers\acpi.sys
0x80236000 \SystemRoot\system32\drivers\msisadrv.sys
0x80227000 \SystemRoot\system32\drivers\volmgr.sys
0x80202000 \SystemRoot\system32\drivers\pci.sys
0x8045D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80453000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80443000 \SystemRoot\System32\drivers\mountmgr.sys
0x8043C000 \SystemRoot\system32\drivers\pciide.sys
0x8042E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x806C3000 \SystemRoot\System32\drivers\volmgrx.sys
0x80426000 \SystemRoot\system32\drivers\atapi.sys
0x80408000 \SystemRoot\system32\drivers\ataport.SYS
0x806B6000 \SystemRoot\System32\Drivers\AFS.sys
0x80685000 \SystemRoot\system32\drivers\fltmgr.sys
0x80675000 \SystemRoot\system32\drivers\fileinfo.sys
0x80666000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x8065D000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x826FC000 \SystemRoot\system32\drivers\ndis.sys
0x80632000 \SystemRoot\system32\drivers\msrpc.sys
0x826C3000 \SystemRoot\system32\drivers\NETIO.SYS
0x830F8000 \SystemRoot\System32\Drivers\Ntfs.sys
0x82659000 \SystemRoot\System32\Drivers\ksecdd.sys
0x80400000 \SystemRoot\system32\drivers\wd.sys
0x82623000 \SystemRoot\system32\drivers\volsnap.sys
0x8062A000 \SystemRoot\System32\Drivers\spldr.sys
0x8061B000 \SystemRoot\System32\drivers\partmgr.sys
0x8060C000 \SystemRoot\System32\Drivers\mup.sys
0x830D3000 \SystemRoot\System32\drivers\ecache.sys
0x82612000 \SystemRoot\system32\drivers\disk.sys
0x830B2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x80603000 \SystemRoot\system32\drivers\crcdisk.sys
0x8260B000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x82607000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x8B842000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B950000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x83063000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x890E2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8B818000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x891F0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8B805000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8B959000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B81E000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8BD96000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8BD59000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x89001000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8BC58000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8BC3F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x832EC000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8BC31000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8BC19000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8B860000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8BC05000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8C0EF000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8C0D7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C051000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8C306000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8B9FE000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8C269000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8900F000 \SystemRoot\System32\drivers\watchdog.sys
0x8C230000 \SystemRoot\System32\Drivers\alpljjku.SYS
0x8C21D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C006000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C1F2000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8B9FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C1E7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D105000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D0C5000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C1DC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D0AE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D0A3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D080000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B86F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D06D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B87E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B9E4000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D043000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D039000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D13D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B974000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8D005000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x891A0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D332000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8D305000 \SystemRoot\system32\drivers\portcls.sys
0x8D2E0000 \SystemRoot\system32\drivers\drmk.sys
0x8D2A3000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8D4FD000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8D449000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8D14A000 \SystemRoot\system32\drivers\modem.sys
0x8D257000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x8B9AA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8C1B3000 \SystemRoot\System32\Drivers\Null.SYS
0x8C1BA000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D24B000 \SystemRoot\System32\drivers\vga.sys
0x8D22A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8907C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x89084000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D365000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D21C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B9B3000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D72B000 \SystemRoot\System32\drivers\tcpip.sys
0x8D410000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8D716000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D702000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D6BB000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x8D689000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D642000 \SystemRoot\system32\drivers\afd.sys
0x8D62C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D402000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B9E0000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x8D619000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8DDC5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D212000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D602000 \SystemRoot\System32\Drivers\dfsc.sys
0x8DD89000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x8DC43000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8B96B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x89044000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8DC02000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys
0x90E00000 \SystemRoot\System32\win32k.sys
0x8DF04000 \SystemRoot\System32\drivers\Dxapi.sys
0x8B923000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9A400000 \SystemRoot\System32\TSDDD.dll
0x9A410000 \SystemRoot\System32\cdd.dll
0x91A83000 \SystemRoot\system32\drivers\luafv.sys
0x89150000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9CEF5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8DF2C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9CE05000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9D532000 \SystemRoot\system32\drivers\spsys.sys
0xA0B97000 \SystemRoot\system32\drivers\HTTP.sys
0x9D407000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9D4C9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9D4B5000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA0B01000 \SystemRoot\system32\drivers\mrxdav.sys
0xA0AE3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0AAA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0A98000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0A74000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0A23000 \SystemRoot\System32\DRIVERS\srv.sys
0xA117D000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x8BDE8000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0x8C14A000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xA11C0000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA1322000 \SystemRoot\system32\drivers\peauth.sys
0x8DEA0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8DCD0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x91888000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x8C14F000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xA1202000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xA1040000 \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
0xA221B000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA5240000 \SystemRoot\System32\Drivers\fastfat.SYS
0x775D0000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
Processes (total 49):
0 System Idle Process
4 System
428 C:\Windows\System32\smss.exe
464 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
720 csrss.exe
804 csrss.exe
812 C:\Windows\System32\wininit.exe
864 C:\Windows\System32\winlogon.exe
904 C:\Windows\System32\services.exe
916 C:\Windows\System32\lsass.exe
924 C:\Windows\System32\lsm.exe
1092 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\svchost.exe
1340 C:\Windows\System32\svchost.exe
1356 C:\Windows\System32\svchost.exe
1444 C:\Windows\System32\audiodg.exe
1632 C:\Windows\System32\svchost.exe
1648 C:\Windows\System32\SLsvc.exe
1672 C:\Windows\System32\svchost.exe
1880 C:\Windows\System32\svchost.exe
372 C:\Windows\System32\spoolsv.exe
460 C:\Windows\System32\svchost.exe
1028 C:\Program Files\AVG\AVG10\avgwdsvc.exe
1604 C:\Windows\System32\PnkBstrA.exe
1660 C:\Windows\System32\svchost.exe
1828 C:\Windows\System32\svchost.exe
1460 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
1740 C:\Windows\System32\svchost.exe
2212 C:\Windows\System32\taskeng.exe
2336 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
2648 C:\Windows\System32\dwm.exe
2664 C:\Windows\System32\taskeng.exe
2728 C:\Windows\explorer.exe
2780 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
2940 C:\Program Files\AVG\AVG10\avgnsx.exe
3000 C:\Program Files\AVG\AVG10\avgemcx.exe
3116 C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
3764 C:\Program Files\AVG\AVG10\avgtray.exe
3784 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
2704 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
2544 C:\Windows\System32\wuauclt.exe
2204 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
2628 C:\Program Files\AVG\AVG10\avgcsrvx.exe
5080 C:\Program Files\Internet Explorer\iexplore.exe
5228 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
5688 C:\Users\Jeroen\Desktop\MBRCheck.exe
4304 C:\Windows\System32\conime.exe
\\.\C: –> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: –> \\.\PhysicalDrive0 at offset 0x00000023`85ec6a00 (NTFS)
PhysicalDrive0 Model Number: TOSHIBAMK1637GSX, Rev: DL032C
Size Device Name MBR Status
——————————————–
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
En als laatste de [b:6caf6550b3]MBAM-log[/b:6caf6550b3]:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Databaseversie: 6856
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
14-6-2011 20:05:03
mbam-log-2011-06-14 (20-05-03).txt
Scantype: Snelle scan
Objecten gescand: 179120
Verstreken tijd: 5 minuut/minuten, 20 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 1
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd) - Mijn fout, ik zie dat ik de MBRChecklog 2x heb geplaatst en de TDSSKillerlog ben vergeten, dus hierbij alsnog de TDSSKiller-logfile:
2011/06/14 19:46:50.0381 5152 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/14 19:46:50.0615 5152 ================================================================================
2011/06/14 19:46:50.0615 5152 SystemInfo:
2011/06/14 19:46:50.0615 5152
2011/06/14 19:46:50.0615 5152 OS Version: 6.0.6000 ServicePack: 0.0
2011/06/14 19:46:50.0615 5152 Product type: Workstation
2011/06/14 19:46:50.0615 5152 ComputerName: PC_VAN_JEROEN
2011/06/14 19:46:50.0615 5152 UserName: Jeroen
2011/06/14 19:46:50.0615 5152 Windows directory: C:\Windows
2011/06/14 19:46:50.0615 5152 System windows directory: C:\Windows
2011/06/14 19:46:50.0615 5152 Processor architecture: Intel x86
2011/06/14 19:46:50.0615 5152 Number of processors: 2
2011/06/14 19:46:50.0615 5152 Page size: 0x1000
2011/06/14 19:46:50.0615 5152 Boot type: Normal boot
2011/06/14 19:46:50.0615 5152 ================================================================================
2011/06/14 19:46:51.0145 5152 Initialize success
2011/06/14 19:46:55.0217 4944 ================================================================================
2011/06/14 19:46:55.0217 4944 Scan started
2011/06/14 19:46:55.0217 4944 Mode: Manual;
2011/06/14 19:46:55.0217 4944 ================================================================================
2011/06/14 19:46:56.0293 4944 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/06/14 19:46:56.0371 4944 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/14 19:46:56.0434 4944 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/14 19:46:56.0480 4944 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/14 19:46:56.0574 4944 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/14 19:46:56.0636 4944 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/06/14 19:46:56.0730 4944 AFS (be913403ed7219894b30e362fd8d4313) C:\Windows\system32\drivers\AFS.sys
2011/06/14 19:46:56.0808 4944 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/14 19:46:56.0933 4944 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/14 19:46:56.0980 4944 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/14 19:46:56.0995 4944 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/14 19:46:57.0026 4944 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/14 19:46:57.0058 4944 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/14 19:46:57.0120 4944 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/14 19:46:57.0276 4944 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/14 19:46:57.0323 4944 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/14 19:46:57.0432 4944 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/14 19:46:57.0479 4944 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2011/06/14 19:46:57.0635 4944 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
2011/06/14 19:46:57.0682 4944 ATSWPDRV (fb2162aff83d519cd77431a1bc5ee0ed) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
2011/06/14 19:46:57.0806 4944 AVGIDSDriver (97824e8c95d9717777abd46a7b632310) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/06/14 19:46:57.0916 4944 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/06/14 19:46:57.0947 4944 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/06/14 19:46:58.0009 4944 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/06/14 19:46:58.0087 4944 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/06/14 19:46:58.0165 4944 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/06/14 19:46:58.0259 4944 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/06/14 19:46:58.0368 4944 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/06/14 19:46:58.0602 4944 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/06/14 19:46:58.0649 4944 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/06/14 19:46:58.0898 4944 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/06/14 19:46:59.0226 4944 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/14 19:46:59.0366 4944 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/14 19:46:59.0444 4944 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/14 19:46:59.0522 4944 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/14 19:46:59.0585 4944 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/14 19:46:59.0803 4944 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/14 19:46:59.0850 4944 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/14 19:46:59.0990 4944 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/14 19:47:00.0068 4944 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/14 19:47:00.0115 4944 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/14 19:47:00.0302 4944 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/14 19:47:00.0380 4944 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/06/14 19:47:00.0583 4944 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/14 19:47:00.0646 4944 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/14 19:47:00.0708 4944 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
2011/06/14 19:47:00.0755 4944 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/14 19:47:01.0004 4944 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/14 19:47:01.0051 4944 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/14 19:47:01.0160 4944 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/06/14 19:47:01.0192 4944 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/06/14 19:47:01.0332 4944 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/06/14 19:47:01.0457 4944 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/14 19:47:01.0504 4944 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
2011/06/14 19:47:01.0566 4944 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/14 19:47:01.0675 4944 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
2011/06/14 19:47:01.0738 4944 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/06/14 19:47:01.0909 4944 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/14 19:47:02.0034 4944 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/06/14 19:47:02.0065 4944 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/14 19:47:02.0143 4944 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/06/14 19:47:02.0190 4944 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/06/14 19:47:02.0221 4944 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/14 19:47:02.0268 4944 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/06/14 19:47:02.0362 4944 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/14 19:47:02.0393 4944 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/14 19:47:02.0596 4944 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
2011/06/14 19:47:02.0720 4944 HdAudAddService (a08f4808fb19a40792a6056848187afe) C:\Windows\system32\drivers\CHDART.sys
2011/06/14 19:47:02.0798 4944 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/14 19:47:02.0845 4944 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/14 19:47:02.0876 4944 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/14 19:47:02.0970 4944 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/14 19:47:03.0064 4944 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/14 19:47:03.0126 4944 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/06/14 19:47:03.0220 4944 HSF_DPV (0d7a055a840c3099c37d576573a42cd5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/06/14 19:47:03.0313 4944 HSXHWAZL (bcc074692882c056b0e1ac97f3331a02) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/06/14 19:47:03.0469 4944 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/06/14 19:47:03.0547 4944 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/14 19:47:03.0594 4944 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/14 19:47:03.0688 4944 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/14 19:47:03.0828 4944 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/14 19:47:03.0890 4944 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/14 19:47:03.0937 4944 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/06/14 19:47:03.0984 4944 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/14 19:47:04.0015 4944 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/14 19:47:04.0156 4944 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/14 19:47:04.0202 4944 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/14 19:47:04.0234 4944 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/06/14 19:47:04.0280 4944 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/14 19:47:04.0327 4944 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/14 19:47:04.0452 4944 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/14 19:47:04.0483 4944 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/14 19:47:04.0530 4944 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/14 19:47:04.0577 4944 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/14 19:47:04.0639 4944 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/14 19:47:04.0795 4944 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\Windows\system32\DRIVERS\Lbd.sys
2011/06/14 19:47:04.0920 4944 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/06/14 19:47:04.0967 4944 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/14 19:47:05.0076 4944 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/14 19:47:05.0123 4944 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/14 19:47:05.0154 4944 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/14 19:47:05.0201 4944 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/06/14 19:47:05.0279 4944 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\Windows\system32\Drivers\LVPr2Mon.sys
2011/06/14 19:47:05.0419 4944 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\Windows\system32\DRIVERS\lvrs.sys
2011/06/14 19:47:05.0466 4944 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\Windows\system32\drivers\LVUSBSta.sys
2011/06/14 19:47:05.0653 4944 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\Windows\system32\DRIVERS\lvuvc.sys
2011/06/14 19:47:05.0934 4944 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/14 19:47:05.0981 4944 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/14 19:47:06.0043 4944 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/06/14 19:47:06.0090 4944 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/14 19:47:06.0152 4944 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/14 19:47:06.0230 4944 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/14 19:47:06.0277 4944 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/06/14 19:47:06.0308 4944 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/14 19:47:06.0355 4944 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/14 19:47:06.0433 4944 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/14 19:47:06.0496 4944 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/06/14 19:47:06.0558 4944 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/14 19:47:06.0589 4944 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/14 19:47:06.0620 4944 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/14 19:47:06.0683 4944 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/06/14 19:47:06.0730 4944 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/14 19:47:06.0839 4944 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/06/14 19:47:06.0901 4944 msisadrv (2c3f1983cd3629573cb9e9658247847a) C:\Windows\system32\drivers\msisadrv.sys
2011/06/14 19:47:06.0979 4944 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/14 19:47:07.0026 4944 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/14 19:47:07.0088 4944 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/06/14 19:47:07.0135 4944 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/06/14 19:47:07.0198 4944 mssmbios (1f6f7159c75e4b27d138b5225808860f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/14 19:47:07.0260 4944 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/06/14 19:47:07.0307 4944 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/06/14 19:47:07.0416 4944 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/14 19:47:07.0525 4944 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/06/14 19:47:07.0619 4944 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/14 19:47:07.0681 4944 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/14 19:47:07.0697 4944 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/14 19:47:07.0744 4944 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/06/14 19:47:07.0790 4944 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/14 19:47:07.0822 4944 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/14 19:47:07.0931 4944 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/14 19:47:08.0071 4944 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/06/14 19:47:08.0180 4944 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/14 19:47:08.0290 4944 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/06/14 19:47:08.0383 4944 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/14 19:47:08.0461 4944 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/06/14 19:47:08.0539 4944 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/06/14 19:47:09.0023 4944 nvlddmkm (19f5c4949b2e4cbd2e95b8ecdfc84d25) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/14 19:47:09.0584 4944 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/14 19:47:09.0631 4944 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/06/14 19:47:09.0678 4944 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/14 19:47:09.0725 4944 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/14 19:47:09.0834 4944 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/14 19:47:09.0974 4944 PAC207 (dca942c0a19a0ad2abcd9acf94eb4b10) C:\Windows\system32\DRIVERS\PFC027.SYS
2011/06/14 19:47:10.0068 4944 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/14 19:47:10.0099 4944 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/06/14 19:47:10.0177 4944 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/14 19:47:10.0255 4944 pci (5bedd5e1416da009c4f24adf8da13773) C:\Windows\system32\drivers\pci.sys
2011/06/14 19:47:10.0302 4944 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
2011/06/14 19:47:10.0380 4944 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/14 19:47:10.0474 4944 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/14 19:47:10.0614 4944 PID_PEPI (a7598e897da639e255ad4188fa398478) C:\Windows\system32\DRIVERS\LV302V32.SYS
2011/06/14 19:47:10.0770 4944 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/14 19:47:10.0817 4944 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/14 19:47:10.0895 4944 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/14 19:47:10.0973 4944 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/14 19:47:11.0082 4944 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/14 19:47:11.0160 4944 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/14 19:47:11.0207 4944 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/14 19:47:11.0254 4944 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/14 19:47:11.0332 4944 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/14 19:47:11.0363 4944 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/14 19:47:11.0410 4944 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/14 19:47:11.0472 4944 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/14 19:47:11.0519 4944 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/14 19:47:11.0566 4944 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/14 19:47:11.0628 4944 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/06/14 19:47:11.0722 4944 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/06/14 19:47:11.0753 4944 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/06/14 19:47:11.0784 4944 rismxdp (c663af77e2f4eabf8eb08b388d2f1f36) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/06/14 19:47:11.0846 4944 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/14 19:47:11.0924 4944 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/14 19:47:11.0987 4944 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/14 19:47:12.0034 4944 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/14 19:47:12.0080 4944 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/14 19:47:12.0127 4944 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/14 19:47:12.0205 4944 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/06/14 19:47:12.0330 4944 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/06/14 19:47:12.0377 4944 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/14 19:47:12.0408 4944 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/14 19:47:12.0439 4944 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/14 19:47:12.0548 4944 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/14 19:47:12.0611 4944 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/14 19:47:12.0689 4944 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/14 19:47:12.0751 4944 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/06/14 19:47:12.0860 4944 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/06/14 19:47:12.0938 4944 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/06/14 19:47:12.0938 4944 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/06/14 19:47:12.0970 4944 sptd - detected LockedFile.Multi.Generic (1)
2011/06/14 19:47:13.0048 4944 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/06/14 19:47:13.0094 4944 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/14 19:47:13.0172 4944 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/14 19:47:13.0235 4944 swenum (92894dd7fdd62af808b1409b73af9c73) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/14 19:47:13.0297 4944 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/14 19:47:13.0375 4944 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/14 19:47:13.0422 4944 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/14 19:47:13.0469 4944 SynTP (8327106d1c93e9a7b98e63b9fcc24bb7) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/14 19:47:13.0796 4944 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2011/06/14 19:47:13.0906 4944 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/14 19:47:13.0968 4944 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/14 19:47:14.0015 4944 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/06/14 19:47:14.0108 4944 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/06/14 19:47:14.0140 4944 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/14 19:47:14.0186 4944 TermDD (85908da29af0ab835048107ad2ad07d1) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/14 19:47:14.0311 4944 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/14 19:47:14.0452 4944 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
2011/06/14 19:47:14.0514 4944 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/14 19:47:14.0576 4944 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/14 19:47:14.0623 4944 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/14 19:47:14.0670 4944 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/14 19:47:14.0748 4944 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/14 19:47:14.0810 4944 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/14 19:47:14.0873 4944 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/14 19:47:14.0935 4944 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/14 19:47:14.0998 4944 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/14 19:47:15.0107 4944 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
2011/06/14 19:47:15.0154 4944 usbccgp (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/14 19:47:15.0216 4944 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/14 19:47:15.0263 4944 usbehci (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/14 19:47:15.0325 4944 usbhub (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/14 19:47:15.0356 4944 usbohci (51dc36722172d45f2f935ce5cc18a812) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/14 19:47:15.0419 4944 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/14 19:47:15.0512 4944 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/14 19:47:15.0575 4944 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/14 19:47:15.0637 4944 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/14 19:47:15.0715 4944 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/14 19:47:15.0824 4944 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/14 19:47:15.0887 4944 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/06/14 19:47:15.0980 4944 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/14 19:47:16.0058 4944 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/14 19:47:16.0105 4944 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/06/14 19:47:16.0168 4944 volmgr (d9e9490c960624c416fbde080deeb7fe) C:\Windows\system32\drivers\volmgr.sys
2011/06/14 19:47:16.0214 4944 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/06/14 19:47:16.0277 4944 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/06/14 19:47:16.0355 4944 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/14 19:47:16.0433 4944 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/14 19:47:16.0480 4944 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/14 19:47:16.0511 4944 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/14 19:47:16.0589 4944 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/14 19:47:16.0651 4944 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/14 19:47:16.0760 4944 winachsf (3b4522d0e750bac8fe7ae61622a57014) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/14 19:47:16.0948 4944 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/14 19:47:17.0026 4944 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/14 19:47:17.0119 4944 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/14 19:47:17.0197 4944 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/14 19:47:17.0260 4944 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/06/14 19:47:17.0338 4944 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/14 19:47:17.0353 4944 ================================================================================
2011/06/14 19:47:17.0353 4944 Scan finished
2011/06/14 19:47:17.0353 4944 ================================================================================
2011/06/14 19:47:17.0384 0636 Detected object count: 1
2011/06/14 19:47:17.0384 0636 Actual detected object count: 1
2011/06/14 19:47:34.0295 0636 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/06/14 19:47:41.0783 1412 Deinitialize success - Heb jij DaemonTools in jouw Windows?
- Ja dat klopt, ik gebruik DaemonToolsLite.
Moet ik trouwens nog actie ondernemen op het gevonden item bij TDSSKiller? - Nee, hoor, sptd.sys is onderdeel van DaemonTools.
Die moeten nu wel tijdelijk gedeaktiveerd worden!
[b:ab76744c62]Welk programma[/b:ab76744c62]: Defogger
[b:ab76744c62]Waarvoor/waarom[/b:ab76744c62]: Tool om CD-emulator-software te de-aktiveren dan wel weer te re-aktiveren
[b:ab76744c62]Moeilijkheidsgraad[/b:ab76744c62]: geen.
Download [b:ab76744c62]Defogger[/b:ab76744c62] naar of herplaats het tool naar jouw bureaublad.
[list:ab76744c62][*:ab76744c62]Dubbelklik op Defogger.exe om de tool te starten.
[*:ab76744c62]In het scherm dat verschijnt klik je op de knop "Disable".
[*:ab76744c62]In het volgende scherm klik je op Ja (Yes) om verder te gaan.
[*:ab76744c62]Wacht vervolgens tot je de melding 'Finished' krijgt en klik in dat scherm op "Ok".
[*:ab76744c62]Indien DeFogger vraagt om de computer te herstarten doe je dit.[/list:u:ab76744c62] - Bedankt voor je reactie.
Defogger ging probleemloos.
Hier is dan de logfile van ComboFix:
ComboFix 11-06-14.03 - Jeroen 15-06-2011 10:51:49.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.31.1043.18.2046.1395 [GMT 2:00]
Gestart vanuit: c:\users\Jeroen\Desktop\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\avg_free_stb_eu_2011_1325_free.exe
c:\users\Public\Empires_DMW.exe
c:\users\Public\mbam-setup.exe
c:\windows\system32\tmp.tmp
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-05-15 to 2011-06-15 ))))))))))))))))))))))))))))))
.
.
2011-06-15 09:00 . 2011-06-15 09:05 ——– d—–w- c:\users\Jeroen\AppData\Local\temp
2011-06-15 09:00 . 2011-06-15 09:00 ——– d—–w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-06-15 09:00 . 2011-06-15 09:00 ——– d—–w- c:\users\TEMP\AppData\Local\temp
2011-06-15 09:00 . 2011-06-15 09:00 ——– d—–w- c:\users\Default\AppData\Local\temp
2011-06-14 19:10 . 2011-06-14 19:10 ——– d—a-w- C:\.Trash-999
2011-06-14 17:28 . 2011-06-14 17:28 ——– d—–w- c:\program files\Trend Micro
2011-06-14 17:24 . 2011-06-14 17:24 ——– d—–w- c:\windows\system32\config\systemprofile\AppData\Roaming\TuneUp Software
2011-06-09 15:13 . 2011-06-09 15:25 ——– d—–w- c:\users\Jeroen\AppData\Local\LogMeIn Hamachi
2011-06-09 15:13 . 2011-06-09 18:00 ——– d—–w- c:\windows\system32\config\systemprofile\AppData\Local\LogMeIn Hamachi
2011-06-09 15:12 . 2011-06-09 15:12 ——– d—–w- c:\program files\LogMeIn Hamachi
2011-06-06 12:16 . 2011-05-20 12:01 31552 —-a-w- c:\windows\system32\TURegOpt.exe
2011-06-06 12:16 . 2011-05-20 11:55 21312 —-a-w- c:\windows\system32\authuitu.dll
2011-06-06 12:16 . 2011-05-20 11:55 29504 —-a-w- c:\windows\system32\uxtuneup.dll
2011-06-06 12:14 . 2011-06-06 12:14 ——– d—–w- c:\users\Jeroen\AppData\Roaming\TuneUp Software
2011-06-06 12:14 . 2011-06-06 14:04 ——– d—–w- c:\program files\TuneUp Utilities 2011
2011-06-06 12:13 . 2011-06-06 12:16 ——– d—–w- c:\programdata\TuneUp Software
2011-06-06 12:13 . 2011-06-06 12:13 ——– d-sh–w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-06-01 18:53 . 2011-06-06 13:52 ——– d—–w- c:\users\Public\Operation Flashpoint (game of the year edition)
2011-05-30 12:49 . 2011-05-30 12:49 ——– d—–w- c:\users\Jeroen\AppData\Roaming\PDF Writer
2011-05-30 12:49 . 2011-05-30 12:49 ——– d—–w- c:\users\Jeroen\AppData\Local\PDF Writer
2011-05-30 12:49 . 2011-05-30 12:49 ——– d—–w- c:\programdata\PDF Writer
2011-05-30 12:46 . 2006-11-02 09:46 89600 —-a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2011-05-30 12:45 . 2011-05-30 12:45 ——– d—–w- c:\program files\Common Files\Bullzip
2011-05-30 12:45 . 2010-09-27 13:27 135168 —-a-w- c:\windows\system32\bzpdfc.dll
2011-05-30 12:45 . 2008-10-30 21:15 227840 —-a-w- c:\windows\system32\bzFlRdr.dll
2011-05-30 12:45 . 2008-07-09 22:19 103424 —-a-w- c:\windows\system32\bzDCT.dll
2011-05-30 12:45 . 2010-09-27 13:28 196096 —-a-w- c:\windows\system32\bzpdf.dll
2011-05-30 12:44 . 2011-05-30 12:44 ——– d—–w- c:\program files\Bullzip
2011-05-28 20:49 . 2011-06-06 08:45 ——– d—–r- c:\users\Jeroen\Dropbox
2011-05-28 20:47 . 2011-06-06 08:45 ——– d—–w- c:\users\Jeroen\AppData\Roaming\Dropbox
2011-05-18 18:19 . 2011-05-18 18:19 ——– d—–w- c:\users\Jeroen\AppData\Local\Spotnet
2011-05-17 20:20 . 2009-11-08 17:55 99176 —-a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-17 20:20 . 2009-11-08 17:55 49472 —-a-w- c:\windows\system32\netfxperf.dll
2011-05-17 20:20 . 2009-11-08 17:55 297808 —-a-w- c:\windows\system32\mscoree.dll
2011-05-17 20:20 . 2009-11-08 17:55 295264 —-a-w- c:\windows\system32\PresentationHost.exe
2011-05-17 20:20 . 2009-11-08 17:55 1130824 —-a-w- c:\windows\system32\dfshim.dll
2011-05-17 20:18 . 2011-05-19 16:47 ——– d—–w- c:\programdata\Spotnet
2011-05-17 20:18 . 2011-05-17 20:18 ——– d—–w- c:\program files\Spotnet
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 07:11 . 2010-04-26 17:03 39984 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2010-04-26 17:03 22712 —-a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 —-a-w- c:\users\Jeroen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 —-a-w- c:\users\Jeroen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 —-a-w- c:\users\Jeroen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 —-a-w- c:\users\Jeroen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
c:\users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jeroen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-03-10 19:32 342848 —-a-w- c:\program files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
2003-12-22 18:12 17920 —-a-r- c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 —-a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2008-12-04 11:24 665424 ——w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series]
2008-11-05 23:00 199680 —-a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 05:58 75008 —-a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 13:50 54576 —-a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-03-01 11:18 472776 —-a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 10:13 2363392 —-a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-14 16:11 565008 —-a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 16:15 2407184 —-a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
2007-11-03 19:34 190024 —-a-w- c:\program files\MessengerPlus! 3\MsgPlus.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 10:01 319488 —-a-w- c:\windows\PixArt\Pac207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 12:20 227328 —-a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-02-13 09:38 159744 —-a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-04-23 16:11 176128 —-a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 —-a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-01-13 03:36 827392 —-a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-10 14:12 317128 —-a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
R4 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R4 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-06-30 1352832]
R4 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-12 691696]
R4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AFS;AFS; [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-05-20 1523008]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-04-26 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 —-a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 19:46]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 19:46]
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Jeroen\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab
.
- - - - ORPHANS VERWIJDERD - - - -
.
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-15 11:05
Windows 6.0.6000 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
[HKEY_USERS\S-1-5-21-1362925174-1269254538-546090230-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:ee,fc,af,f9,e0,f4,e2,4a,31,db,37,e3,f6,be,16,c1,bb,a6,b9,e9,1a,45,e6,
11,27,85,4a,e9,5a,ea,1b,48,5a,34,7f,4a,e1,d1,0c,6a,68,eb,5a,5c,96,0d,7c,f2,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-1362925174-1269254538-546090230-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:a7,0b,84,72,6f,fa,11,56,7e,74,cb,d7,56,f1,a4,3d,7d,14,dc,16,b4,
b4,78,57,a4,99,c4,95,7a,07,56,dd,e1,5e,31,9b,ce,db,ee,86,da,f3,d9,4f,05,69,\
"rkeysecu"=hex:7b,bd,3c,5d,ce,ec,6e,c7,cd,7d,56,7a,b4,04,4d,39
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > 'Explorer.exe'(1928)
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_dut.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
———————— Andere Aktieve Processen ————————
.
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\conime.exe
.
**************************************************************************
.
Voltooingstijd: 2011-06-15 11:12:28 - machine werd herstart
ComboFix-quarantined-files.txt 2011-06-15 09:12
.
Pre-Run: 26.656.948.224 bytes beschikbaar
Post-Run: 26.106.105.856 bytes beschikbaar
.
- - End Of File - - F36DD6312E8C90EE972666779A9BC356 - Hoi Jeroen, je mag nu het volgende doen:
open een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:743b004b16]Kladblok[/b:743b004b16]".
Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster
[b:743b004b16] - Heey Abraham,
Het heeft even geduurd. Dit kwam omdat ik (nadat AVG verwijderd was) een infectie opliep met een trojan, iets met "Windows Vista Security 2012" Een hardnekkig ding dat ook ervoor zorgde dat regedit en alle .exe toepassingen niet meer gebruikt konden worden.
Uiteindelijk is het gelukt om met Malwarebytes te scannen en hem eraf te knikkeren.
Daarna de ComboFix scan gedaan met script.
Ik snapte alleen niet wat je bedoelde met "nu eerst de antivirus uitschakelen", aangezien AVG er al af was?
Wat me nu nog wel opvalt is dat ik geen muziek meer hoor in bijvoorbeeld youtube. De windowsgeluiden zijn ook weg, maar als ik dan weer muziek luister via Winamp heb ik wel gewoon geluid..
Naar mijn idee is er het één en ander gewijzigd door dat virus/trojan, maar zeker weten doe ik het niet.
Anyway, hierbij de logfile van de Combofix scan met script (hij vroeg overigens niet om opnieuw op te starten).
ComboFix 11-06-14.03 - Jeroen 18-06-2011 11:27:07.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.31.1043.18.2046.1362 [GMT 2:00]
Gestart vanuit: c:\users\Jeroen\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Jeroen\Desktop\CFScript.txt.txt
.
FILE ::
"c:\windows\system32\authuitu.dll"
"c:\windows\system32\TURegOpt.exe"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\.Trash-999
c:\.trash-999\files\dwprot.sys
c:\.trash-999\info\dwprot.sys.trashinfo
c:\windows\regedit.com
c:\windows\system32\authuitu.dll
c:\windows\system32\TURegOpt.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-05-18 to 2011-06-18 ))))))))))))))))))))))))))))))
.
.
2011-06-18 09:35 . 2011-06-18 09:36 ——– d—–w- c:\users\Jeroen\AppData\Local\temp
2011-06-18 09:35 . 2011-06-18 09:35 ——– d—–w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-06-18 09:35 . 2011-06-18 09:35 ——– d—–w- c:\users\TEMP\AppData\Local\temp
2011-06-18 09:35 . 2011-06-18 09:35 ——– d—–w- c:\users\Default\AppData\Local\temp
2011-06-15 08:49 . 2011-06-18 09:24 ——– d—–w- C:\32788R22FWJFW
2011-06-14 17:28 . 2011-06-14 17:28 ——– d—–w- c:\program files\Trend Micro
2011-06-14 17:24 . 2011-06-14 17:24 ——– d—–w- c:\windows\system32\config\systemprofile\AppData\Roaming\TuneUp Software
2011-06-09 15:13 . 2011-06-18 09:19 ——– d—–w- c:\users\Jeroen\AppData\Local\LogMeIn Hamachi
2011-06-09 15:13 . 2011-06-18 09:15 ——– d—–w- c:\windows\system32\config\systemprofile\AppData\Local\LogMeIn Hamachi
2011-06-09 15:12 . 2011-06-17 19:29 ——– d—–w- c:\program files\LogMeIn Hamachi
2011-06-06 12:16 . 2011-05-20 11:55 29504 —-a-w- c:\windows\system32\uxtuneup.dll
2011-06-06 12:14 . 2011-06-06 12:14 ——– d—–w- c:\users\Jeroen\AppData\Roaming\TuneUp Software
2011-06-06 12:14 . 2011-06-06 14:04 ——– d—–w- c:\program files\TuneUp Utilities 2011
2011-06-06 12:13 . 2011-06-06 12:16 ——– d—–w- c:\programdata\TuneUp Software
2011-06-06 12:13 . 2011-06-06 12:13 ——– d-sh–w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-06-01 18:53 . 2011-06-06 13:52 ——– d—–w- c:\users\Public\Operation Flashpoint (game of the year edition)
2011-05-30 12:49 . 2011-05-30 12:49 ——– d—–w- c:\users\Jeroen\AppData\Roaming\PDF Writer
2011-05-30 12:49 . 2011-05-30 12:49 ——– d—–w- c:\users\Jeroen\AppData\Local\PDF Writer
2011-05-30 12:49 . 2011-05-30 12:49 ——– d—–w- c:\programdata\PDF Writer
2011-05-30 12:46 . 2006-11-02 09:46 89600 —-a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2011-05-30 12:45 . 2011-05-30 12:45 ——– d—–w- c:\program files\Common Files\Bullzip
2011-05-30 12:45 . 2010-09-27 13:27 135168 —-a-w- c:\windows\system32\bzpdfc.dll
2011-05-30 12:45 . 2008-10-30 21:15 227840 —-a-w- c:\windows\system32\bzFlRdr.dll
2011-05-30 12:45 . 2008-07-09 22:19 103424 —-a-w- c:\windows\system32\bzDCT.dll
2011-05-30 12:45 . 2010-09-27 13:28 196096 —-a-w- c:\windows\system32\bzpdf.dll
2011-05-30 12:44 . 2011-05-30 12:44 ——– d—–w- c:\program files\Bullzip
2011-05-28 20:49 . 2011-06-06 08:45 ——– d—–r- c:\users\Jeroen\Dropbox
2011-05-28 20:47 . 2011-06-06 08:45 ——– d—–w- c:\users\Jeroen\AppData\Roaming\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 07:11 . 2010-04-26 17:03 39984 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2010-04-26 17:03 22712 —-a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 —-a-w- c:\users\Jeroen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 —-a-w- c:\users\Jeroen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 —-a-w- c:\users\Jeroen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 —-a-w- c:\users\Jeroen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
c:\users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jeroen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-03-10 19:32 342848 —-a-w- c:\program files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
2003-12-22 18:12 17920 —-a-r- c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 —-a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2008-12-04 11:24 665424 ——w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series]
2008-11-05 23:00 199680 —-a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 05:58 75008 —-a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 13:50 54576 —-a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-03-01 11:18 472776 —-a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 10:13 2363392 —-a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-14 16:11 565008 —-a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 16:15 2407184 —-a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
2007-11-03 19:34 190024 —-a-w- c:\program files\MessengerPlus! 3\MsgPlus.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 10:01 319488 —-a-w- c:\windows\PixArt\Pac207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 12:20 227328 —-a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-02-13 09:38 159744 —-a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-04-23 16:11 176128 —-a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 —-a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-01-13 03:36 827392 —-a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-10 14:12 317128 —-a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
R4 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R4 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-06-30 1352832]
R4 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-12 691696]
R4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AFS;AFS; [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-05-20 1523008]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-04-26 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 —-a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 19:46]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 19:46]
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyServer = http=127.0.0.1:56424
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Jeroen\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.138
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-18 11:36
Windows 6.0.6000 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
[HKEY_USERS\S-1-5-21-1362925174-1269254538-546090230-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:ee,fc,af,f9,e0,f4,e2,4a,31,db,37,e3,f6,be,16,c1,bb,a6,b9,e9,1a,45,e6,
11,27,85,4a,e9,5a,ea,1b,48,5a,34,7f,4a,e1,d1,0c,6a,68,eb,5a,5c,96,0d,7c,f2,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-1362925174-1269254538-546090230-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:a7,0b,84,72,6f,fa,11,56,7e,74,cb,d7,56,f1,a4,3d,7d,14,dc,16,b4,
b4,78,57,a4,99,c4,95,7a,07,56,dd,e1,5e,31,9b,ce,db,ee,86,da,f3,d9,4f,05,69,\
"rkeysecu"=hex:7b,bd,3c,5d,ce,ec,6e,c7,cd,7d,56,7a,b4,04,4d,39
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2011-06-18 11:38:55
ComboFix-quarantined-files.txt 2011-06-18 09:38
ComboFix2.txt 2011-06-15 09:12
.
Pre-Run: 22.797.197.312 bytes beschikbaar
Post-Run: 22.805.757.952 bytes beschikbaar
.
- - End Of File - - 6A677EC289CED01E6A1284D2B1EFBDCE - Hoi Jeroen, hoe draait Windows nu?
En een vraag nog: heb jij AVG 2011 dormiddel van een fix vrijgeschakeld? - Bedankt voor je reactie Abraham,
Windows draait nu wel soepel, op het ongemak van het feit dat ik geen geluid heb bij youtube doet alles het goed.
Ik heb AVG gedelete met de removal tool die je had aangeraden.
Ik heb AVG daarna niet meer opnieuw geinstalleerd…
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
