Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Security Essentials start niet meer

None
26 antwoorden
  • Na wat narigheid te hebben gedownload start Security Essentials niet meer op
    Ik krijg de mededeling: de Windows Security-Center kan niet worden gestart.

    Ik heb met MBAM een aantal Trojans verwijderd
    CCleaner gedraaid
    Een online scan met ESET gedaan

    De Security-Centre handmatig via de sevices starten werkt ook niet.

    Als ik naar de Hijackthis log kijk zie ik veel missing files

    Hoe kan ik mijn probleem oplossen.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:43:52, on 16-6-2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Xfire\Xfire.exe
    C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files (x86)\Microsoft Streets & Trips 2011\StreetsOlkShim.exe
    C:\Users\Lucien\Downloads\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
    O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
  • O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Harmony Remote V5.lnk = C:\Program Files (x86)\Logitech\Harmony Remote\HarmonyClient.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    vlsp.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32
    SvcAppFlt.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe
    O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64
    lssrv32.exe
    O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32
    SvcIp.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32
    vvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe


    End of file - 11149 bytes












  • Je mag beginnen met het volgende:

    sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:819b7a8eaa]Fix checked[/b:819b7a8eaa] klikt!


    Start nu HijackThis middels rechtsklik met Administratorrechten en klik op de knop [b:819b7a8eaa]Do a Scan only,

    O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32
    SvcIp.exe[/b:819b7a8eaa]
    • zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen
    • vervolgens klik je daarna op de knop [b:819b7a8eaa]Fix checked[/b:819b7a8eaa]
    • Klik hierna HijackThis op uit.


    Ga naar "Configuratiescher\[b:819b7a8eaa]Programma's en onderdelen[/b:819b7a8eaa]" en verwijder daar

    [b:819b7a8eaa]NVIDIA NetworkAccessManager[/b:819b7a8eaa]

    Dit is niets meer of minder dan gewoon een buggy firewall, die Windows kan missen als kiespijn!


    Daarna doe je de volgende twee scans:

    1) [b:819b7a8eaa]Welk programma[/b:819b7a8eaa]: MBRCheck.exe
    [b:819b7a8eaa]Waarvoor/waarom[/b:819b7a8eaa]: speciale scan op mbr-rootkits
    [b:819b7a8eaa]Moeilijkheidsgraad[/b:819b7a8eaa]: geen.
    [b:819b7a8eaa]Download MBRCheck.exe[/b:819b7a8eaa]

    [b:819b7a8eaa]MBRCheck.exe opstarten[/b:819b7a8eaa]:
    Windows 2000 en Windows XP: start "MBRCheck.exe" middels dubbelklik op "MBRCheck.exe".
    Windows Vista en Windows 7: start "MBRCheck.exe" middels rechtsklik op "MBRCheck.exe" en dan kiezen voor "Als Administrator uitvoeren".

    [list:819b7a8eaa][*:819b7a8eaa]een zwart scherm toont zich met enkele data erin.
    [*:819b7a8eaa]Op je bureaublad zal een logbestand met de naam "MBRcheckxxxx.txt" verschijnen.
    [*:819b7a8eaa]Kopieer nu de inhoud van dat log in je volgende post.[/list:u:819b7a8eaa]


    2) [[b:819b7a8eaa]Welk programma[/b:819b7a8eaa]: Kaspersky [b:819b7a8eaa]TDSSKiller[/b:819b7a8eaa]
    [b:819b7a8eaa]Waarvoor/waarom[/b:819b7a8eaa]: Rootkitscanner
    [b:819b7a8eaa]Moeilijkheidsgraad[/b:819b7a8eaa]: geen
    [b:819b7a8eaa]Downloadlokatie[/b:819b7a8eaa]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
    [b:819b7a8eaa]Download[/b:819b7a8eaa] [b:819b7a8eaa]TDSSKiller[/b:819b7a8eaa] [b:819b7a8eaa]hier[/b:819b7a8eaa].

    [b:819b7a8eaa]Installatie[/b:819b7a8eaa]:
    [list:819b7a8eaa][*:819b7a8eaa] pak het bestand uit op je bureaublad.[/list:u:819b7a8eaa]

    [b:819b7a8eaa]TDSSKiller gebruiken[/b:819b7a8eaa]:
    [list:819b7a8eaa][*:819b7a8eaa]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe.
    [*:819b7a8eaa]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:819b7a8eaa]Als Administrator uitvoeren[/b:819b7a8eaa].
    [*:819b7a8eaa]Idien TDSSKiller met een bericht komt over een beschikbare update, dan voer je deze eerst uit.[/list:u:819b7a8eaa]
    [img:819b7a8eaa]http://www.imgdumper.nl/uploads4/4dc1d6438f791/4dc1d6438d897-TDSSKiller_2011-05-05_00-26-21.jpg[/img:819b7a8eaa]

    [list:819b7a8eaa][*:819b7a8eaa]Klik vervolgens op de knop [b:819b7a8eaa]"Start Scan"[/b:819b7a8eaa] en volg de instructies.
    [*:819b7a8eaa] Nadat de scan klaar is klik je op de knop [b:819b7a8eaa]"Report"[/b:819b7a8eaa].
    [*:819b7a8eaa]Er opent een kladblokbestand. Post de inhoud van dit bestand.
    [list:819b7a8eaa][*:819b7a8eaa][b:819b7a8eaa]Herstart de pc indien TDSSKiller die optie aangeeft (Reboot now).[/b:819b7a8eaa]
    [*:819b7a8eaa]Wanneer het opnieuw opstarten noodzakelijk is, vind je de logfile in [b:819b7a8eaa]C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt[/b:819b7a8eaa][/list:u:819b7a8eaa][/list:u:819b7a8eaa]

    [b:819b7a8eaa]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:819b7a8eaa]
    [list:819b7a8eaa][*:819b7a8eaa] MBRCheck-log
    [*:819b7a8eaa] TDSSKiller-log
    [*:819b7a8eaa] een nieuw Hijack This-log
    [*:819b7a8eaa] laat ook weten wanneer je ergens een probleem mee hebt[/list:u:819b7a8eaa]
  • MBRChecklog

    MBRCheck, version 1.2.3
    © 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: Service Pack 1 (build 7601), 64-bit
    Base Board Manufacturer: Packard Bell
    BIOS Manufacturer: AMI
    System Manufacturer: Packard Bell
    System Product Name: imedia S3220
    Logical Drives Mask: 0x000003fc

    Kernel Drivers (total 192):
    0x02C1B000 \SystemRoot\system32
    toskrnl.exe
    0x03204000 \SystemRoot\system32\hal.dll
    0x00BB4000 \SystemRoot\system32\kdcom.dll
    0x00C54000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00C61000 \SystemRoot\system32\PSHED.dll
    0x00C75000 \SystemRoot\system32\CLFS.SYS
    0x00CD3000 \SystemRoot\system32\CI.dll
    0x00E1E000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00EC2000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00ED1000 \SystemRoot\system32\drivers\ACPI.sys
    0x00F28000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x00F31000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00F3B000 \SystemRoot\system32\drivers\pci.sys
    0x00F6E000 \SystemRoot\system32\drivers\vdrvroot.sys
    0x00F7B000 \SystemRoot\System32\drivers\partmgr.sys
    0x00F90000 \SystemRoot\system32\drivers\volmgr.sys
    0x00D93000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00FA5000 \SystemRoot\system32\drivers\pciide.sys
    0x00FAC000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x00FBC000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00FD6000 \SystemRoot\system32\drivers\atapi.sys
    0x00C00000 \SystemRoot\system32\drivers\ataport.SYS
    0x0103D000 \SystemRoot\system32\DRIVERS
    vstor64.sys
    0x0107A000 \SystemRoot\system32\DRIVERS\storport.sys
    0x010DD000 \SystemRoot\system32\drivers\amdxata.sys
    0x010E8000 \SystemRoot\system32\drivers\fltmgr.sys
    0x01134000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01215000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01148000 \SystemRoot\System32\Drivers\msrpc.sys
    0x013B8000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x014A0000 \SystemRoot\System32\Drivers\cng.sys
    0x01512000 \SystemRoot\System32\drivers\pcw.sys
    0x01523000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01670000 \SystemRoot\system32\drivers
    dis.sys
    0x01763000 \SystemRoot\system32\drivers\NETIO.SYS
    0x017C3000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x018E7000 \SystemRoot\System32\drivers\tcpip.sys
    0x01AEB000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01B35000 \SystemRoot\system32\drivers\volsnap.sys
    0x01B81000 \SystemRoot\System32\Drivers\spldr.sys
    0x01B89000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01BC3000 \SystemRoot\System32\Drivers\mup.sys
    0x01BD5000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01800000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x0183A000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01850000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x01600000 \SystemRoot\system32\drivers\cdrom.sys
    0x0162A000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0x01BF1000 \SystemRoot\System32\Drivers\Null.SYS
    0x018D5000 \SystemRoot\System32\Drivers\Beep.SYS
    0x0165B000 \SystemRoot\System32\drivers\vga.sys
    0x0152D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x017EE000 \SystemRoot\System32\drivers\watchdog.sys
    0x018DC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x01552000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x0155B000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x01564000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x0156F000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x01580000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x015A2000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x01400000 \SystemRoot\system32\drivers\afd.sys
    0x015AF000 \SystemRoot\System32\DRIVERS
    etbt.sys
    0x015F4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x013D3000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x01489000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x01200000 \SystemRoot\system32\DRIVERS
    etbios.sys
    0x011A6000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x011C1000 \SystemRoot\system32\drivers\termdd.sys
    0x04482000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x044D3000 \SystemRoot\system32\drivers
    siproxy.sys
    0x044DF000 \SystemRoot\system32\drivers\mssmbios.sys
    0x044EA000 \SystemRoot\System32\drivers\discache.sys
    0x044F9000 \SystemRoot\System32\Drivers\dfsc.sys
    0x04517000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x04528000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x0454E000 \SystemRoot\system32\DRIVERS\amdppm.sys
    0x04581000 \SystemRoot\system32\drivers\mouclass.sys
    0x04590000 \SystemRoot\system32\DRIVERS
    vsmu.sys
    0x0459B000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x045A6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x04400000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x04411000 \SystemRoot\system32\drivers\HDAudBus.sys
    0x04435000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x042FA000 \SystemRoot\system32\DRIVERS
    vmf6264.sys
    0x0F284000 \SystemRoot\system32\DRIVERS
    vlddmkm.sys
    0x0FEE0000 \SystemRoot\System32\Drivers
    vBridge.kmd
    0x0FEE2000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x0F200000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x04200000 \SystemRoot\system32\DRIVERS
    etr28x.sys
    0x0F246000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x042B6000 \SystemRoot\system32\drivers\1394ohci.sys
    0x0F253000 \SystemRoot\system32\drivers\wmiacpi.sys
    0x0F25C000 \SystemRoot\system32\drivers\CompositeBus.sys
    0x0F26C000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
    0x0FFD6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x0FFEF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x0FFF8000 \SystemRoot\system32\DRIVERS\serscan.sys
    0x0F26F000 \SystemRoot\system32\drivers\ksthunk.sys
    0x0434F000 \SystemRoot\system32\drivers\ks.sys
    0x04392000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x043A8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x0F275000 \SystemRoot\system32\DRIVERS
    distapi.sys
    0x043CC000 \SystemRoot\system32\DRIVERS
    diswan.sys
    0x04442000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x0445D000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x011D5000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x011EF000 \SystemRoot\system32\drivers\kbdclass.sys
    0x0F281000 \SystemRoot\system32\drivers\swenum.sys
    0x01000000 \SystemRoot\system32\drivers\umbus.sys
    0x04EF1000 \SystemRoot\system32\drivers\usbhub.sys
    0x04F4B000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x04F58000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
    0x04F60000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x0581D000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x04F75000 \SystemRoot\system32\drivers\portcls.sys
    0x059DB000 \SystemRoot\system32\drivers\drmk.sys
    0x00030000 \SystemRoot\System32\win32k.sys
    0x05800000 \SystemRoot\System32\drivers\Dxapi.sys
    0x0580C000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x04FB2000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x04FBC000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
    0x04E00000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x04E13000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x04E21000 \SystemRoot\system32\drivers\usbccgp.sys
    0x0581A000 \SystemRoot\system32\drivers\USBD.SYS
    0x04E3E000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x04E4C000 \SystemRoot\system32\drivers\kbdhid.sys
    0x04E5A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x00510000 \SystemRoot\System32\TSDDD.dll
    0x00770000 \SystemRoot\System32\ATMFD.DLL
    0x008E0000 \SystemRoot\System32\cdd.dll
    0x04E75000 \SystemRoot\system32\drivers\luafv.sys
    0x04E98000 \SystemRoot\system32\drivers\WudfPf.sys
    0x04EB9000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x01880000 \SystemRoot\system32\DRIVERS
    wifi.sys
    0x04ECE000 \SystemRoot\system32\DRIVERS
    disuio.sys
    0x04563000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x04EE1000 \SystemRoot\system32\DRIVERS\vwifimp.sys
    0x048B4000 \SystemRoot\system32\drivers\HTTP.sys
    0x0497D000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x0499B000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x049B3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x04800000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0484E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x06EDC000 \SystemRoot\system32\drivers\peauth.sys
    0x06F82000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x06F8D000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x06FBE000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x06E00000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x072BF000 \SystemRoot\System32\DRIVERS\srv.sys
    0x07357000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x07388000 \SystemRoot\system32\drivers\spsys.sys
    0x77940000 \Windows\System32
    tdll.dll
    0x483D0000 \Windows\System32\smss.exe
    0xFFC60000 \Windows\System32\apisetschema.dll
    0xFF620000 \Windows\System32\autochk.exe
    0xFFC40000 \Windows\System32\lpk.dll
    0xFFB10000 \Windows\System32\rpcrt4.dll
    0xFFAA0000 \Windows\System32\gdi32.dll
    0xFFA20000 \Windows\System32\shlwapi.dll
    0xFEC90000 \Windows\System32\shell32.dll
    0xFEA30000 \Windows\System32\iertutil.dll
    0xFEA10000 \Windows\System32\imagehlp.dll
    0x77840000 \Windows\System32\user32.dll
    0xFE800000 \Windows\System32\ole32.dll
    0xFE720000 \Windows\System32\advapi32.dll
    0xFE700000 \Windows\System32\sechost.dll
    0xFE630000 \Windows\System32\usp10.dll
    0x77720000 \Windows\System32\kernel32.dll
    0xFE590000 \Windows\System32\msvcrt.dll
    0xFE460000 \Windows\System32\wininet.dll
    0x77B10000 \Windows\System32
    ormaliz.dll
    0xFE380000 \Windows\System32\oleaut32.dll
    0xFE350000 \Windows\System32\imm32.dll
    0xFE170000 \Windows\System32\setupapi.dll
    0xFE0D0000 \Windows\System32\comdlg32.dll
    0x77B00000 \Windows\System32\psapi.dll
    0xFE0C0000 \Windows\System32
    si.dll
    0xFDF40000 \Windows\System32\urlmon.dll
    0xFDEA0000 \Windows\System32\clbcatq.dll
    0xFDE40000 \Windows\System32\Wldap32.dll
    0xFDDF0000 \Windows\System32\ws2_32.dll
    0xFDCE0000 \Windows\System32\msctf.dll
    0xFDC60000 \Windows\System32\difxapi.dll
    0xFDC40000 \Windows\System32\devobj.dll
    0xFDC00000 \Windows\System32\cfgmgr32.dll
    0xFDBC0000 \Windows\System32\wintrust.dll
    0xFDB50000 \Windows\System32\KernelBase.dll
    0xFDAB0000 \Windows\System32\comctl32.dll
    0xFD940000 \Windows\System32\crypt32.dll
    0xFD930000 \Windows\System32\msasn1.dll
    0x77210000 \Windows\SysWOW64
    ormaliz.dll

    Processes (total 81):
    0 System Idle Process
    4 System
    296 C:\Windows\System32\smss.exe
    436 csrss.exe
    504 C:\Windows\System32\wininit.exe
    536 csrss.exe
    560 C:\Windows\System32\services.exe
    576 C:\Windows\System32\lsass.exe
    584 C:\Windows\System32\lsm.exe
    680 C:\Windows\System32\winlogon.exe
    748 C:\Windows\System32\svchost.exe
    812 C:\Windows\System32
    vvsvc.exe
    852 C:\Windows\System32\svchost.exe
    944 C:\Windows\System32\svchost.exe
    992 C:\Windows\System32\svchost.exe
    144 C:\Windows\System32\svchost.exe
    348 C:\Windows\System32\audiodg.exe
    932 C:\Windows\System32\svchost.exe
    1068 C:\Windows\System32
    vvsvc.exe
    1100 C:\Program Files\WTouch\WTouchService.exe
    1272 C:\Windows\System32\wisptis.exe
    1320 C:\Windows\System32\svchost.exe
    1524 C:\Windows\System32\taskeng.exe
    1532 C:\Windows\System32\spoolsv.exe
    1568 C:\Windows\System32\svchost.exe
    1640 C:\Windows\System32\rundll32.exe
    1660 C:\Windows\SysWOW64\rundll32.exe
    1728 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1796 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1836 C:\Windows\System32\svchost.exe
    1860 C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
    1944 C:\Windows\SysWOW64\svchost.exe
    1964 C:\Windows\System32\svchost.exe
    1988 C:\Windows\SysWOW64
    lssrv32.exe
    1080 C:\Windows\System32\svchost.exe
    1044 C:\Windows\System32\svchost.exe
    1388 C:\Windows\System32\Pen_Tablet.exe
    1744 C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
    2376 C:\Windows\System32\svchost.exe
    2560 WUDFHost.exe
    2784 C:\Windows\servicing\TrustedInstaller.exe
    2608 C:\Windows\System32\taskhost.exe
    1232 C:\Windows\System32\wisptis.exe
    1216 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
    2856 C:\Windows\System32\dwm.exe
    1260 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
    1688 C:\Windows\explorer.exe
    2532 C:\Program Files\WTouch\WTouchUser.exe
    3108 C:\Windows\System32\svchost.exe
    3220 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    3340 C:\Windows\System32\WTablet\Pen_TabletUser.exe
    3368 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3436 C:\Windows\System32\Pen_Tablet.exe
    3524 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    3544 C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
    3664 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    3716 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    3764 C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
    3820 C:\Program Files (x86)\Xfire\Xfire.exe
    3364 C:\Program Files\iTunes\iTunesHelper.exe
    3596 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3704 C:\Windows\System32\SearchIndexer.exe
    3964 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3336 C:\Program Files (x86)\Xfire\xfire64.exe
    3892 C:\Program Files\iPod\bin\iPodService.exe
    308 WmiPrvSE.exe
    4180 C:\Windows\System32\svchost.exe
    4304 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    4460 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    4512 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    4612 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    4828 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    5048 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    2952 C:\Windows\System32\sppsvc.exe
    2332 C:\Windows\System32\SearchProtocolHost.exe
    4264 C:\Windows\System32\SearchFilterHost.exe
    4468 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
    2664 C:\Users\Lucien\Downloads\MBRCheck.exe
    3744 C:\Windows\System32\conhost.exe
    4032 C:\Windows\System32\dllhost.exe
    1548 WmiPrvSE.exe

    \\.\C: –> \\.\PhysicalDrive0 at offset 0x00000004`06500000 (NTFS)
    \\.\D: –> \\.\PhysicalDrive0 at offset 0x00000076`63300000 (NTFS)

    PhysicalDrive0 Model Number: ST31000528AS, Rev: CC44

    Size Device Name MBR Status
    ——————————————–
    931 GB \\.\PhysicalDrive0 RE: Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!

    TDSSKiller log

    2011/06/16 21:49:35.0588 2956 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
    2011/06/16 21:49:35.0726 2956 ================================================================================
    2011/06/16 21:49:35.0726 2956 SystemInfo:
    2011/06/16 21:49:35.0726 2956
    2011/06/16 21:49:35.0726 2956 OS Version: 6.1.7601 ServicePack: 1.0
    2011/06/16 21:49:35.0726 2956 Product type: Workstation
    2011/06/16 21:49:35.0726 2956 ComputerName: PC_BELL_IMEDIA
    2011/06/16 21:49:35.0727 2956 UserName: Lucien
    2011/06/16 21:49:35.0727 2956 Windows directory: C:\Windows
    2011/06/16 21:49:35.0727 2956 System windows directory: C:\Windows
    2011/06/16 21:49:35.0727 2956 Running under WOW64
    2011/06/16 21:49:35.0727 2956 Processor architecture: Intel x64
    2011/06/16 21:49:35.0727 2956 Number of processors: 6
    2011/06/16 21:49:35.0727 2956 Page size: 0x1000
    2011/06/16 21:49:35.0727 2956 Boot type: Normal boot
    2011/06/16 21:49:35.0727 2956 ================================================================================
    2011/06/16 21:49:37.0564 2956 Initialize success
    2011/06/16 21:50:01.0823 0648 ================================================================================
    2011/06/16 21:50:01.0823 0648 Scan started
    2011/06/16 21:50:01.0823 0648 Mode: Manual;
    2011/06/16 21:50:01.0823 0648 ================================================================================
    2011/06/16 21:50:03.0118 0648 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    2011/06/16 21:50:03.0165 0648 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    2011/06/16 21:50:03.0206 0648 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    2011/06/16 21:50:03.0254 0648 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/06/16 21:50:03.0278 0648 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/06/16 21:50:03.0297 0648 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/06/16 21:50:03.0351 0648 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    2011/06/16 21:50:03.0402 0648 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    2011/06/16 21:50:03.0425 0648 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    2011/06/16 21:50:03.0445 0648 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    2011/06/16 21:50:03.0465 0648 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/06/16 21:50:03.0488 0648 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/06/16 21:50:03.0527 0648 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
    2011/06/16 21:50:03.0554 0648 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/06/16 21:50:03.0578 0648 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
    2011/06/16 21:50:03.0611 0648 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    2011/06/16 21:50:03.0634 0648 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/06/16 21:50:03.0646 0648 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/06/16 21:50:03.0678 0648 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/06/16 21:50:03.0695 0648 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    2011/06/16 21:50:03.0732 0648 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/06/16 21:50:03.0752 0648 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/06/16 21:50:03.0782 0648 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/06/16 21:50:03.0813 0648 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/06/16 21:50:03.0854 0648 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    2011/06/16 21:50:03.0865 0648 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/06/16 21:50:03.0878 0648 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/06/16 21:50:03.0912 0648 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/06/16 21:50:03.0925 0648 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/06/16 21:50:03.0937 0648 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/06/16 21:50:03.0950 0648 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/06/16 21:50:03.0965 0648 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/06/16 21:50:03.0994 0648 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/06/16 21:50:04.0014 0648 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    2011/06/16 21:50:04.0031 0648 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/06/16 21:50:04.0064 0648 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/06/16 21:50:04.0111 0648 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/06/16 21:50:04.0133 0648 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    2011/06/16 21:50:04.0171 0648 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    2011/06/16 21:50:04.0195 0648 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/06/16 21:50:04.0218 0648 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    2011/06/16 21:50:04.0238 0648 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/06/16 21:50:04.0298 0648 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    2011/06/16 21:50:04.0317 0648 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/06/16 21:50:04.0335 0648 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/06/16 21:50:04.0361 0648 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/06/16 21:50:04.0417 0648 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/06/16 21:50:04.0502 0648 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/06/16 21:50:04.0587 0648 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/06/16 21:50:04.0610 0648 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    2011/06/16 21:50:04.0633 0648 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/06/16 21:50:04.0658 0648 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/06/16 21:50:04.0674 0648 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/06/16 21:50:04.0704 0648 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/06/16 21:50:04.0718 0648 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/06/16 21:50:04.0736 0648 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/06/16 21:50:04.0762 0648 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    2011/06/16 21:50:04.0791 0648 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/06/16 21:50:04.0806 0648 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/06/16 21:50:04.0841 0648 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/06/16 21:50:04.0867 0648 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/06/16 21:50:04.0914 0648 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/06/16 21:50:04.0959 0648 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/06/16 21:50:05.0019 0648 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    2011/06/16 21:50:05.0063 0648 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    2011/06/16 21:50:05.0092 0648 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/06/16 21:50:05.0110 0648 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/06/16 21:50:05.0128 0648 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/06/16 21:50:05.0156 0648 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/06/16 21:50:05.0216 0648 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    2011/06/16 21:50:05.0281 0648 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    2011/06/16 21:50:05.0322 0648 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    2011/06/16 21:50:05.0359 0648 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    2011/06/16 21:50:05.0400 0648 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
    2011/06/16 21:50:05.0436 0648 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/06/16 21:50:05.0515 0648 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
    2011/06/16 21:50:05.0563 0648 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    2011/06/16 21:50:05.0587 0648 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/06/16 21:50:05.0629 0648 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/06/16 21:50:05.0668 0648 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    2011/06/16 21:50:05.0691 0648 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/06/16 21:50:05.0713 0648 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/06/16 21:50:05.0738 0648 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    2011/06/16 21:50:05.0772 0648 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    2011/06/16 21:50:05.0801 0648 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    2011/06/16 21:50:05.0814 0648 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    2011/06/16 21:50:05.0860 0648 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    2011/06/16 21:50:05.0884 0648 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/06/16 21:50:05.0902 0648 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/06/16 21:50:05.0940 0648 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/06/16 21:50:05.0970 0648 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/06/16 21:50:05.0988 0648 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/06/16 21:50:06.0005 0648 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/06/16 21:50:06.0024 0648 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/06/16 21:50:06.0043 0648 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/06/16 21:50:06.0067 0648 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/06/16 21:50:06.0090 0648 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/06/16 21:50:06.0106 0648 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/06/16 21:50:06.0129 0648 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/06/16 21:50:06.0141 0648 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    2011/06/16 21:50:06.0152 0648 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/06/16 21:50:06.0170 0648 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    2011/06/16 21:50:06.0223 0648 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
    2011/06/16 21:50:06.0244 0648 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    2011/06/16 21:50:06.0269 0648 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
    2011/06/16 21:50:06.0286 0648 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/06/16 21:50:06.0323 0648 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    2011/06/16 21:50:06.0345 0648 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/06/16 21:50:06.0380 0648 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/06/16 21:50:06.0410 0648 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/06/16 21:50:06.0454 0648 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    2011/06/16 21:50:06.0474 0648 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    2011/06/16 21:50:06.0512 0648 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/06/16 21:50:06.0541 0648 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/06/16 21:50:06.0569 0648 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    2011/06/16 21:50:06.0600 0648 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/06/16 21:50:06.0646 0648 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/06/16 21:50:06.0659 0648 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/06/16 21:50:06.0700 0648 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    2011/06/16 21:50:06.0725 0648 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    2011/06/16 21:50:06.0741 0648 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/06/16 21:50:06.0752 0648 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/06/16 21:50:06.0773 0648 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/06/16 21:50:06.0822 0648 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS
    wifi.sys
    2011/06/16 21:50:06.0857 0648 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers
    dis.sys
    2011/06/16 21:50:06.0889 0648 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS
    discap.sys
    2011/06/16 21:50:06.0913 0648 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS
    distapi.sys
    2011/06/16 21:50:06.0953 0648 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS
    disuio.sys
    2011/06/16 21:50:06.0996 0648 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS
    diswan.sys
    2011/06/16 21:50:07.0040 0648 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    2011/06/16 21:50:07.0066 0648 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS
    etbios.sys
    2011/06/16 21:50:07.0083 0648 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS
    etbt.sys
    2011/06/16 21:50:07.0151 0648 netr28x (d66596db0a0739a89c25b590ce36d628) C:\Windows\system32\DRIVERS
    etr28x.sys
    2011/06/16 21:50:07.0196 0648 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS
    frd960.sys
    2011/06/16 21:50:07.0228 0648 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    2011/06/16 21:50:07.0284 0648 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/06/16 21:50:07.0306 0648 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers
    siproxy.sys
    2011/06/16 21:50:07.0343 0648 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
    2011/06/16 21:50:07.0387 0648 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/06/16 21:50:07.0409 0648 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS
    vm62x64.sys
    2011/06/16 21:50:07.0656 0648 nvlddmkm (ac8cbe9a0663e88f6429ee5530d5e32b) C:\Windows\system32\DRIVERS
    vlddmkm.sys
    2011/06/16 21:50:07.0746 0648 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS
    vmf6264.sys
    2011/06/16 21:50:07.0787 0648 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers
    vraid.sys
    2011/06/16 21:50:07.0822 0648 nvsmu (afde3015bb8d76e26bec3b287c5443a0) C:\Windows\system32\DRIVERS
    vsmu.sys
    2011/06/16 21:50:07.0847 0648 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers
    vstor.sys
    2011/06/16 21:50:07.0874 0648 nvstor64 (7c7eef51979658ce15bbc04f96a77d56) C:\Windows\system32\DRIVERS
    vstor64.sys
    2011/06/16 21:50:07.0913 0648 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers
    v_agp.sys
    2011/06/16 21:50:07.0967 0648 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    2011/06/16 21:50:08.0014 0648 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/06/16 21:50:08.0055 0648 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    2011/06/16 21:50:08.0075 0648 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    2011/06/16 21:50:08.0148 0648 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    2011/06/16 21:50:08.0181 0648 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/06/16 21:50:08.0205 0648 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/06/16 21:50:08.0231 0648 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/06/16 21:50:08.0294 0648 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/06/16 21:50:08.0313 0648 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/06/16 21:50:08.0366 0648 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    2011/06/16 21:50:08.0401 0648 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/06/16 21:50:08.0438 0648 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/06/16 21:50:08.0459 0648 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/06/16 21:50:08.0471 0648 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/06/16 21:50:08.0487 0648 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/06/16 21:50:08.0535 0648 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/06/16 21:50:08.0554 0648 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/06/16 21:50:08.0569 0648 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/06/16 21:50:08.0611 0648 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/06/16 21:50:08.0633 0648 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/06/16 21:50:08.0656 0648 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/06/16 21:50:08.0681 0648 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/06/16 21:50:08.0701 0648 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/06/16 21:50:08.0736 0648 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    2011/06/16 21:50:08.0764 0648 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    2011/06/16 21:50:08.0805 0648 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/06/16 21:50:08.0843 0648 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    2011/06/16 21:50:08.0882 0648 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/06/16 21:50:08.0918 0648 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/06/16 21:50:08.0961 0648 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/06/16 21:50:08.0979 0648 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/06/16 21:50:09.0011 0648 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/06/16 21:50:09.0062 0648 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    2011/06/16 21:50:09.0082 0648 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/06/16 21:50:09.0096 0648 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    2011/06/16 21:50:09.0132 0648 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/06/16 21:50:09.0157 0648 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/06/16 21:50:09.0175 0648 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/06/16 21:50:09.0193 0648 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/06/16 21:50:09.0230 0648 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/06/16 21:50:09.0274 0648 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    2011/06/16 21:50:09.0309 0648 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    2011/06/16 21:50:09.0336 0648 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/06/16 21:50:09.0365 0648 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/06/16 21:50:09.0407 0648 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    2011/06/16 21:50:09.0443 0648 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    2011/06/16 21:50:09.0558 0648 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
    2011/06/16 21:50:09.0636 0648 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/06/16 21:50:09.0684 0648 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    2011/06/16 21:50:09.0715 0648 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/06/16 21:50:09.0726 0648 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/06/16 21:50:09.0763 0648 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    2011/06/16 21:50:09.0781 0648 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    2011/06/16 21:50:09.0842 0648 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/06/16 21:50:09.0895 0648 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    2011/06/16 21:50:09.0938 0648 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/06/16 21:50:09.0961 0648 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/06/16 21:50:10.0005 0648 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    2011/06/16 21:50:10.0051 0648 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    2011/06/16 21:50:10.0102 0648 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    2011/06/16 21:50:10.0118 0648 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/06/16 21:50:10.0158 0648 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
    2011/06/16 21:50:10.0182 0648 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
    2011/06/16 21:50:10.0207 0648 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    2011/06/16 21:50:10.0235 0648 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/06/16 21:50:10.0259 0648 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
    2011/06/16 21:50:10.0282 0648 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/06/16 21:50:10.0303 0648 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/06/16 21:50:10.0322 0648 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/06/16 21:50:10.0333 0648 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/06/16 21:50:10.0369 0648 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    2011/06/16 21:50:10.0389 0648 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/06/16 21:50:10.0410 0648 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/06/16 21:50:10.0437 0648 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    2011/06/16 21:50:10.0462 0648 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    2011/06/16 21:50:10.0482 0648 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    2011/06/16 21:50:10.0518 0648 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    2011/06/16 21:50:10.0545 0648 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    2011/06/16 21:50:10.0583 0648 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/06/16 21:50:10.0636 0648 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/06/16 21:50:10.0658 0648 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/06/16 21:50:10.0705 0648 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    2011/06/16 21:50:10.0766 0648 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
    2011/06/16 21:50:10.0777 0648 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/06/16 21:50:10.0821 0648 wacomvhid (26b430e7c5f598fe7353e3bc4b261321) C:\Windows\system32\DRIVERS\wacomvhid.sys
    2011/06/16 21:50:10.0857 0648 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/06/16 21:50:10.0867 0648 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/06/16 21:50:10.0904 0648 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/06/16 21:50:10.0942 0648 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/06/16 21:50:11.0011 0648 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/06/16 21:50:11.0033 0648 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/06/16 21:50:11.0085 0648 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/06/16 21:50:11.0112 0648 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    2011/06/16 21:50:11.0149 0648 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/06/16 21:50:11.0206 0648 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    2011/06/16 21:50:11.0226 0648 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/06/16 21:50:11.0267 0648 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    2011/06/16 21:50:11.0277 0648 ================================================================================
    2011/06/16 21:50:11.0277 0648 Scan finished
    2011/06/16 21:50:11.0277 0648 ================================================================================
    2011/06/16 21:50:11.0287 3784 Detected object count: 0
    2011/06/16 21:50:11.0287 3784 Actual detected object count: 0

    HijackThis Log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:59:11, on 16-6-2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Program Files (x86)\Xfire\Xfire.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\Lucien\Downloads\MBRCheck.exe
    C:\Users\Lucien\Desktop\TDSSKiller.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Users\Lucien\Downloads\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
    O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Harmony Remote V5.lnk = C:\Program Files (x86)\Logitech\Harmony Remote\HarmonyClient.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe
    O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64
    lssrv32.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32
    vvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe


    End of file - 10300 bytes











































  • Mooi.
    Geen rootkit in de MBR en geen TDL4-rootkit.

    Je mag het volgende doen:

    [b:5c8d15b7ad]Welk programma[/b:5c8d15b7ad]: ComboFix
    [b:5c8d15b7ad]Waarvoor/waarom[/b:5c8d15b7ad]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:5c8d15b7ad]Moeilijkheidsgraad[/b:5c8d15b7ad]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:5c8d15b7ad]Downloadlokatie[/b:5c8d15b7ad]: Dit programma absoluut naar het bureaublad downloaden!
    [b:5c8d15b7ad]Download ComboFix via één van deze locaties[/b:5c8d15b7ad]:
    [list:5c8d15b7ad][*:5c8d15b7ad][b:5c8d15b7ad]Bleepingcomputer[/b:5c8d15b7ad]
    [*:5c8d15b7ad][b:5c8d15b7ad]ForoSpyware[/b:5c8d15b7ad]
    [*:5c8d15b7ad][b:5c8d15b7ad]Geekstogo[/b:5c8d15b7ad][/list:u:5c8d15b7ad]
    [b:5c8d15b7ad]Hier[/b:5c8d15b7ad] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:5c8d15b7ad]Hier[/b:5c8d15b7ad] en [b:5c8d15b7ad]hier[/b:5c8d15b7ad] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:5c8d15b7ad]Voor alle duidelijkheid nogmaals[/b:5c8d15b7ad]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:5c8d15b7ad]Opmerkingen[/b:5c8d15b7ad]:
    [list:5c8d15b7ad][*:5c8d15b7ad] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:5c8d15b7ad]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:5c8d15b7ad]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:5c8d15b7ad]
    [b:5c8d15b7ad]ComboFix is opgestart[/b:5c8d15b7ad]:
    [list:5c8d15b7ad][*:5c8d15b7ad]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:5c8d15b7ad]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:5c8d15b7ad]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:5c8d15b7ad]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:5c8d15b7ad]Post de inhoud van dit logbestand in je volgende bericht.
    [*:5c8d15b7ad]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:5c8d15b7ad]
    [b:5c8d15b7ad]Belangrijke opmerking[/b:5c8d15b7ad]:
    [list:5c8d15b7ad][*:5c8d15b7ad][b:5c8d15b7ad]
  • Ok, hier is de volgende log, veel lees plezier :D

    ComboFix 11-06-16.01 - Lucien 16-06-2011 23:09:30.1.6 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.2861 [GMT 2:00]
    Gestart vanuit: c:\users\Lucien\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\users\Lucien\AppData\Roaming\whitepixel
    c:\windows\SysWow64\Viveza2FC32.dll
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-05-16 to 2011-06-16 ))))))))))))))))))))))))))))))
    .
    .
    2011-06-16 21:13 . 2011-06-16 21:13 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-06-16 16:21 . 2011-04-25 05:33 1923968 —-a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-16 16:21 . 2011-04-25 02:34 499200 —-a-w- c:\windows\system32\drivers\afd.sys
    2011-06-16 16:21 . 2011-04-29 05:55 1110528 —-a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2011-06-16 16:21 . 2011-04-29 04:57 759296 —-a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2011-06-16 16:21 . 2011-04-27 02:40 158208 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-06-16 16:21 . 2011-04-27 02:39 289280 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-16 16:21 . 2011-04-27 02:39 128000 —-a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-15 22:32 . 2011-06-15 22:32 ——– d—–w- c:\program files (x86)\ESET
    2011-06-15 22:11 . 2011-06-16 16:59 ——– d—–w- c:\program files\CCleaner
    2011-06-15 19:50 . 2011-06-15 19:52 ——– d—–w- c:\program files\Babylon
    2011-06-15 19:25 . 2011-06-15 19:25 106496 –sha-r- c:\windows\SysWow64\serialuih.dll
    2011-06-15 18:09 . 2011-05-09 22:00 8718160 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{346350DA-3365-4498-9E39-3F0F14A38334}\mpengine.dll
    2011-06-13 13:26 . 2011-06-16 16:59 ——– dc-h–w- c:\programdata\{5D3662FF-B114-4392-9128-140D59A29E19}
    2011-06-13 13:26 . 2011-06-16 16:59 ——– dc-h–w- c:\programdata\{9C69499E-D8CC-4C66-B856-7076DB8C275E}
    2011-06-13 13:26 . 2011-06-16 16:59 ——– dc-h–w- c:\programdata\{E314972B-E8D6-465D-AE74-6CC08535701F}
    2011-06-13 13:25 . 2011-06-16 16:59 ——– dc-h–w- c:\programdata\{EC2F7042-ADE8-4F04-9A7E-2316AD6311E2}
    2011-06-13 13:25 . 2011-06-16 16:59 ——– dc-h–w- c:\programdata\{63B3AF69-722B-4FA9-965F-94DEB1E78796}
    2011-06-13 13:25 . 2011-06-16 16:59 ——– dc-h–w- c:\programdata\{83F263BF-0076-4C4C-93DC-A3EA0CEB7184}
    2011-06-13 13:25 . 2011-06-16 16:59 ——– dc-h–w- c:\programdata\{1E8BE8F5-704E-408F-A339-D33679C773FF}
    2011-06-13 13:25 . 2011-06-16 16:59 ——– dc-h–w- c:\programdata\{3079F98A-3D1E-417D-A09C-36814730DC09}
    2011-06-13 13:25 . 2011-06-16 16:59 ——– dc-h–w- c:\programdata\{4D790C15-A3FF-476F-9F6C-FA6FF12EFFC3}
    2011-06-13 13:25 . 2011-06-16 16:59 ——– dc-h–w- c:\programdata\{682FE305-7958-4875-9B95-34673E7151AD}
    2011-06-13 13:25 . 2011-06-16 16:59 ——– dc-h–w- c:\programdata\{B2DCFF49-8E43-4A91-B043-7CCB41EA24CE}
    2011-06-13 13:25 . 2011-06-16 16:59 ——– dc-h–w- c:\programdata\{529BBEB3-0369-420C-BD9C-37553D289203}
    2011-06-13 13:25 . 2011-06-16 16:59 ——– dc-h–w- c:\programdata\{E25B3CC7-9347-4C9D-9339-1E15F9DA7A07}
    2011-06-13 13:24 . 2011-06-16 16:59 ——– dc-h–w- c:\programdata\{E6AF2639-F710-4F5B-8830-95A396FB523F}
    2011-06-13 13:24 . 2011-06-16 16:59 ——– dc-h–w- c:\programdata\{16996CC6-7043-45AD-9C8D-A784409115E4}
    2011-06-13 13:24 . 2011-06-16 16:59 ——– dc-h–w- c:\programdata\{AB404F93-CDCE-40D9-8D4E-8606C84D368C}
    2011-06-13 13:24 . 2011-06-16 16:59 ——– d—–w- c:\program files\Common Files\Topaz Labs
    2011-06-13 13:24 . 2011-06-16 16:59 ——– dc-h–w- c:\programdata\{9DE75BC9-6CF5-4972-8A4E-86BAAD477DC6}
    2011-06-13 13:24 . 2011-06-16 16:59 ——– dc-h–w- c:\programdata\{8265C354-3D13-4FE5-95C7-65F277FF3041}
    2011-06-13 13:24 . 2011-06-16 16:59 ——– d—–w- c:\program files (x86)\Common Files\Topaz Labs
    2011-06-13 13:24 . 2011-06-13 13:26 ——– d—–w- c:\program files (x86)\Topaz Labs
    2011-06-13 13:23 . 2011-06-13 13:23 ——– d—–w- c:\users\Lucien\AppData\Local\PackageAware
    2011-06-05 22:35 . 2011-06-05 22:37 ——– d—–w- c:\program files (x86)\Microsoft Streets & Trips 2011
    2011-06-05 22:21 . 2011-06-05 22:21 ——– d—–w- c:\program files (x86)\Street & Trips
    2011-06-03 23:00 . 2011-06-03 23:00 ——– d—–w- c:\users\Lucien\AppData\Local\Diagnostics
    2011-05-24 15:19 . 2011-04-09 06:58 142336 —-a-w- c:\windows\system32\poqexec.exe
    2011-05-24 15:19 . 2011-04-09 05:56 123904 —-a-w- c:\windows\SysWow64\poqexec.exe
    2011-05-21 07:00 . 2011-01-25 18:45 601424 ——w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12399998-374C-45C9-A8EE-595EE366A2F8}\gapaengine.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-13 10:11 . 2011-05-17 18:06 404640 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-05-29 07:11 . 2011-01-25 22:04 39984 —-a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-05-29 07:11 . 2011-01-25 22:04 25912 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-09 22:00 . 2010-12-08 19:08 8718160 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-05-05 17:24 . 2011-03-23 18:22 472808 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2011-05-02 18:21 . 2009-07-14 02:36 175616 —-a-w- c:\windows\system32\msclmd.dll
    2011-05-02 18:21 . 2009-07-14 02:36 152576 —-a-w- c:\windows\SysWow64\msclmd.dll
    2011-04-09 07:02 . 2011-05-12 18:14 5562240 —-a-w- c:\windows\system32
    toskrnl.exe
    2011-04-09 06:02 . 2011-05-12 18:14 3967872 —-a-w- c:\windows\SysWow64
    tkrnlpa.exe
    2011-04-09 06:02 . 2011-05-12 18:14 3912576 —-a-w- c:\windows\SysWow64
    toskrnl.exe
    2011-04-08 11:28 . 2011-04-08 11:28 41872 —-a-w- c:\windows\SysWow64\xfcodec.dll
    2011-04-08 11:28 . 2011-04-08 11:28 27536 —-a-w- c:\windows\system32\xfcodec64.dll
    2011-04-06 14:26 . 2011-04-06 14:26 96544 —-a-w- c:\windows\system32\dnssd.dll
    2011-04-06 14:26 . 2011-04-06 14:26 69408 —-a-w- c:\windows\system32\jdns_sd.dll
    2011-04-06 14:26 . 2011-04-06 14:26 237856 —-a-w- c:\windows\system32\dnssdX.dll
    2011-04-06 14:26 . 2011-04-06 14:26 119584 —-a-w- c:\windows\system32\dns-sd.exe
    2011-04-06 14:20 . 2011-04-06 14:20 91424 —-a-w- c:\windows\SysWow64\dnssd.dll
    2011-04-06 14:20 . 2011-04-06 14:20 75040 —-a-w- c:\windows\SysWow64\jdns_sd.dll
    2011-04-06 14:20 . 2011-04-06 14:20 197920 —-a-w- c:\windows\SysWow64\dnssdX.dll
    2011-04-06 14:20 . 2011-04-06 14:20 107808 —-a-w- c:\windows\SysWow64\dns-sd.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-12 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Hotkey Utility"="c:\program files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe" [2010-05-06 609312]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
    "Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
    .
    c:\users\Lucien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2011-4-8 3510160]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    Logitech Harmony Remote V5.lnk - c:\program files (x86)\Logitech\Harmony Remote\HarmonyClient.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 135664]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 135664]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]
    S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64
    lssrv32.exe [2010-08-10 63488]
    S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x]
    S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
    S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS
    etr28x.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 18:04]
    .
    2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 18:04]
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SYSTEM32\blank.htm
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki… - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Lucien\AppData\Roaming\Mozilla\Firefox\Profiles\orm7tvzm.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18836
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=18836&q=
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Toolbar-Locked - (no file)
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-06-16 23:18:04 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-06-16 21:18
    .
    Pre-Run: 365.528.186.880 bytes beschikbaar
    Post-Run: 365.422.153.728 bytes beschikbaar
    .
    - - End Of File - - BE501846CC98EF886EC277B1AADBD474




  • Wil jij het volgende doen:

    [b:06bfe34538]Download CKScanner by askey 127 en sla het op je bueaublad op[/b:06bfe34538].
    Vista en Win 7 gebruikers gebruiken dit tool via rechtsklik en kiezen voor Als Administrator uitvoeren.
    • Klik/dubbelklik op [b:06bfe34538]CKScanner by askey 127[/b:06bfe34538] om het tool te starten en klik op Search for Files.
    • Na een korte tijd, wanneer de zandloper verdwijnt, klik dan op Save List To File
    • Een berichtvenster zal bevestigen dat het dokument is opgelagen.
    • Klik/dubbelklik op de CKFiles.txt snelkoppeling op je bureaublad en kopiëer en plak de inhoud in je volgende post.
  • CKScanner - Additional Security Risks - These are not necessarily bad
    c:\program files (x86)\packard bell games\bejeweled 2 deluxe\wtmui_de\sounds\firecrackle.ogg
    c:\program files (x86)\packard bell games\bejeweled 2 deluxe\wtmui_default\sounds\firecrackle.ogg
    c:\program files (x86)\packard bell games\bejeweled 2 deluxe\wtmui_es\sounds\firecrackle.ogg
    c:\program files (x86)\packard bell games\bejeweled 2 deluxe\wtmui_fr\sounds\firecrackle.ogg
    c:\program files (x86)\packard bell games\bejeweled 2 deluxe\wtmui_it\sounds\firecrackle.ogg
    c:\program files (x86)\packard bell games\bejeweled 2 deluxe\wtmui_zh-cn\sounds\firecrackle.ogg
    scanner sequence 3.FN.11
    —– EOF —–
  • sorry, vergeten als admin te starten.
    Hierbij de nieuwe log

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\program files (x86)\packard bell games\bejeweled 2 deluxe\wtmui_de\sounds\firecrackle.ogg
    c:\program files (x86)\packard bell games\bejeweled 2 deluxe\wtmui_default\sounds\firecrackle.ogg
    c:\program files (x86)\packard bell games\bejeweled 2 deluxe\wtmui_es\sounds\firecrackle.ogg
    c:\program files (x86)\packard bell games\bejeweled 2 deluxe\wtmui_fr\sounds\firecrackle.ogg
    c:\program files (x86)\packard bell games\bejeweled 2 deluxe\wtmui_it\sounds\firecrackle.ogg
    c:\program files (x86)\packard bell games\bejeweled 2 deluxe\wtmui_zh-cn\sounds\firecrackle.ogg
    c:\windows\prefetch\keygen.exe-413e0457.pf
    scanner sequence 3.FA.11
    —– EOF —–
  • Hoi, hoe draait jouw Windows nu?

    Doe ook het volgende:

    [b:9f0f12af46]Welk programma[/b:9f0f12af46]: Malwarebytes MBAM
    [b:9f0f12af46]Waarvoor/waarom[/b:9f0f12af46]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:9f0f12af46]Moeilijkheidsgraad[/b:9f0f12af46]: geen.

    [b:9f0f12af46]Download Malwarebytes MBAM via één van deze locaties[/b:9f0f12af46]:
    [list:9f0f12af46][*:9f0f12af46][b:9f0f12af46]Download.com[/b:9f0f12af46]
    [*:9f0f12af46][b:9f0f12af46]Softpedia.com[/b:9f0f12af46][*:9f0f12af46][b:9f0f12af46]Majorgeeks.com[/b:9f0f12af46][/list:u:9f0f12af46]
    [b:9f0f12af46]Allereerst[/b:9f0f12af46]:[list:9f0f12af46][*:9f0f12af46] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
    [*:9f0f12af46] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:9f0f12af46]
    [b:9f0f12af46]Malwarebytes MBAM opstarten[/b:9f0f12af46]:
    Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
    Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.

    [b:9f0f12af46]Scannen[/b:9f0f12af46]:
    [list:9f0f12af46][*:9f0f12af46] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
    [*:9f0f12af46]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
    [*:9f0f12af46]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:9f0f12af46]
    [b:9f0f12af46]Infecties gevonden[/b:9f0f12af46]:
    [list:9f0f12af46][*:9f0f12af46]Klik nu eerst op OK om de melding weg te klikken
    [*:9f0f12af46]Klik vervolgens rechtsonder op de knop Bekijk resultaten.
    [*:9f0f12af46]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
    [*:9f0f12af46]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [*:9f0f12af46]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
    [*:9f0f12af46]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:9f0f12af46]
    [b:9f0f12af46]MBAM-Log[/b:9f0f12af46]:
    [list:9f0f12af46][*:9f0f12af46] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:9f0f12af46]
    [b:9f0f12af46]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:9f0f12af46]
  • Hallo Abraham,

    Window draait ok. Ik heb in de tussentijds nog geprobeerd MS security Essentials te starten. Dit was helaas zonder succes.

    Hierbij de MBAM-log

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Databaseversie: 6886

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    18-6-2011 12:53:57
    mbam-log-2011-06-18 (12-53-57).txt

    Scantype: Snelle scan
    Objecten gescand: 170500
    Verstreken tijd: 2 minuut/minuten, 0 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)
  • Hoi, verwijder MSE dan.

    Zie ook mijn lijst:

    Avast 6\2011 Free is de enigste, die een aantal onderdelen aan boord heeft, die je verder alleen aantreft bij betaalde antivirusprogramma's.

    Avast speelt dus duidelijk op de nieuwe bedreigingen van het internet in!
    Bovendien merk je nauwelijks, dat Avast draait!
    Ook heeft Avast een "zandbox" aan boord, waarin je veilig programma's kan testen!

    [b:20db65cbaa]Downloadlink Avast 6 Free[/b:20db65cbaa]

    Andere gratis alternatieven:

    [b:20db65cbaa]Panda Cloud Antivirus[/b:20db65cbaa] - downloadlink
    [b:20db65cbaa]AVG Free 2011[/b:20db65cbaa] - downloadlink
    [b:20db65cbaa]Avira Antivir[/b:20db65cbaa] - downloadlink
    [b:20db65cbaa]Microsoft Security Essentials[/b:20db65cbaa] - downloadlink


    Welke je ook kiest, laat je keuze na updaten een volledige systeemscan doen en post daarna een nieuw Hijack This-log


    De rangschikking van de programma's is gedaan naar ratio van de beveiliging en herkenning van malware.
  • hoi, ik heb Avast 6 gekozen. Verder geen problemen gehad.

    Hierbij de Hijack This log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 16:42:53, on 18-6-2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Xfire\Xfire.exe
    C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Users\Lucien\Downloads\HijackThis.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
    O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Harmony Remote V5.lnk = C:\Program Files (x86)\Logitech\Harmony Remote\HarmonyClient.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe
    O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64
    lssrv32.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32
    vvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe


    End of file - 10396 bytes


  • Je log ziet er goed uit; heeft Avast nog wat gevonden en drrait Windows nu naar tevredenheid?
  • Avast heeft niets gevonden. Tot nu toe nog geen vreemd gedrag gemerkt.
    Bedankt voor je hulp.
  • Mooi, dan graag het volgende doen: een test, om te kijken hoe je huidige veiligheidssituatie is.

    Download naar je bureaublad [b:995d00eb16].
    [list:995d00eb16][*:995d00eb16] Klik/dubbelklik op [b:995d00eb16]SecurityCheck.exe[/b:995d00eb16] en let op de instrukties in het zwarte venster.
    [*:995d00eb16] Een Kladblok document genaamd [b:995d00eb16]checkup.txt[/b:995d00eb16] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
    [*:995d00eb16] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:995d00eb16]
    Post de inhoud van [b:995d00eb16]checkup.txt [/b:995d00eb16]in je volgende post.
  • Hierbij de inhoud van de checkup.txt


    Results of screen317's Security Check version 0.99.14
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    [b:14db8f2d4d]``````````````````````````````
    [u:14db8f2d4d]Antivirus/Firewall Check:[/u:14db8f2d4d][/b:14db8f2d4d]
    avast! Free Antivirus
    ESET Online Scanner v3
    [size=1:14db8f2d4d]WMI entry may not exist for antivirus; attempting automatic update.[/size:14db8f2d4d]
    [b:14db8f2d4d]```````````````````````````````
    [u:14db8f2d4d]Anti-malware/Other Utilities Check:[/u:14db8f2d4d][/b:14db8f2d4d]
    Malwarebytes' Anti-Malware
    Adobe Flash Player 10.3.181.22
    [b:14db8f2d4d]````````````````````````````````
    Process Check:
    [u:14db8f2d4d]objlist.exe by Laurent[/u:14db8f2d4d][/b:14db8f2d4d]
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    [b:14db8f2d4d]``````````End of Log````````````[/b:14db8f2d4d]
  • Hoi Statler, dan kunnen we gaan opruimen.

    ComboFix mag nu verwijderd worden:
    [list:e77c3ace8d][*:e77c3ace8d] ga daarvoor naar Start - Uitvoeren
    [*:e77c3ace8d] kopieer en plak hierin het volgende: [b:e77c3ace8d]Combofix /Uninstall[/b:e77c3ace8d]
    [*:e77c3ace8d] klik daarna op [b:e77c3ace8d]OK[/b:e77c3ace8d].
    [*:e77c3ace8d] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:e77c3ace8d]

    Voorbeeld:

    [img:e77c3ace8d]http://www.emphyrio.be/images/SMUninstall_combofix.png[/img:e77c3ace8d]

    Uitvoeren kan ook gestart worden door de toetsen "Windowstoets + R" gelijktijdig in te drukken.

    [i:e77c3ace8d]Dit zal Combofix verwijderen inclusief gerelateerde mappen en bestanden,
    herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
    gaat verborgen bestanden en systeembestanden terug verbergen
    en reset je Systeemherstel opnieuw.[/i:e77c3ace8d]



    Download [b:e77c3ace8d] (by OldTimer)
    [list:e77c3ace8d][*:e77c3ace8d]Plaats het bestand op je bureaublad.
    [*:e77c3ace8d]Zorg dat er een internetverbinding is.
    [*:e77c3ace8d]Vista / W7 Gebruikers :
    [list:e77c3ace8d][*:e77c3ace8d]Klik vervolgens met je rechtermuisknop op OTC.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.[/list:u:e77c3ace8d]
    [*:e77c3ace8d]XP Gebruikers:
    [list:e77c3ace8d][*:e77c3ace8d]Dubbelklik op OTC[/list:u:e77c3ace8d]
    [*:e77c3ace8d]Klik nu op de knop "CleanUp!"
    [*:e77c3ace8d]Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil,
    mag je dit toestaan, het programma heeft die connectie nodig.
    [*:e77c3ace8d]OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.[/list:u:e77c3ace8d]

    [i:e77c3ace8d][b:e77c3ace8d]Nota[/b:e77c3ace8d]: Het gebruik van OTC.exe zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.[/i:e77c3ace8d]
  • Euh Avast slaat flink alarm. klopt dit?
    Ik heb zolang alles maar geannuleerd
  • Je bedoelt als je ComboFix wil verwijderen?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.