Vraag & Antwoord
bestanden weg door virus
10 antwoorden
- Hallo Demy,
[img:c57b06410c]http://www.smartestcomputing.us.com/public/style_emoticons/default/smiley_says_hello.gif[/img:c57b06410c]welkom op dit geweldige forum.
[b:c57b06410c]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:c57b06410c] - Heel erg bedankt abraham met de tips.
ik heb de logs voor je gemaakt alleen heb nog steeds mijn bestanden niet terug…
Emsisoft Emergency Kit - Versie 1.0
Laatste Update: 4/19/2012 5:16:04 PM
Scaninstellingen:
Scantype: Diepe Scan
Objecten: Geheugen, Sporen, Cookies, C:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan
Scan gestart: 4/19/2012 5:16:23 PM
[3300] C:\ProgramData\VUOyWqOYGdRXu.exe Ontdekt: Trojan.Win32.FakeAV!IK
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@bs.serving-sys[2].txt Ontdekt: Trace.TrackingCookie.bs.serving-sys!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@doubleclick[2].txt Ontdekt: Trace.TrackingCookie.doubleclick!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@ru4[1].txt Ontdekt: Trace.TrackingCookie.ru4!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@serving-sys[2].txt Ontdekt: Trace.TrackingCookie.serving-sys!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@weborama[1].txt Ontdekt: Trace.TrackingCookie.weborama!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@247realmedia[1].txt Ontdekt: Trace.TrackingCookie.247realmedia!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@2o7[2].txt Ontdekt: Trace.TrackingCookie.2o7!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@about[2].txt Ontdekt: Trace.TrackingCookie.about!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@adtech[1].txt Ontdekt: Trace.TrackingCookie.adtech!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@advertising[2].txt Ontdekt: Trace.TrackingCookie.advertising!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@adviva[2].txt Ontdekt: Trace.TrackingCookie.adviva!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@bs.serving-sys[1].txt Ontdekt: Trace.TrackingCookie.bs.serving-sys!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@burstnet[2].txt Ontdekt: Trace.TrackingCookie.burstnet!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@casalemedia[2].txt Ontdekt: Trace.TrackingCookie.casalemedia!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@clickbank[1].txt Ontdekt: Trace.TrackingCookie.clickbank!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@com[1].txt Ontdekt: Trace.TrackingCookie.com!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@doubleclick[1].txt Ontdekt: Trace.TrackingCookie.doubleclick!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@fastclick[1].txt Ontdekt: Trace.TrackingCookie.fastclick!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@fl01.ct2.comclick[1].txt Ontdekt: Trace.TrackingCookie.fl01.ct2.comclick!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@mediaplex[1].txt Ontdekt: Trace.TrackingCookie.mediaplex!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@metriweb[1].txt Ontdekt: Trace.TrackingCookie.metriweb!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@realmedia[1].txt Ontdekt: Trace.TrackingCookie.realmedia!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@ru4[2].txt Ontdekt: Trace.TrackingCookie.ru4!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@serving-sys[2].txt Ontdekt: Trace.TrackingCookie.serving-sys!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@smartadserver[2].txt Ontdekt: Trace.TrackingCookie.smartadserver!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@specificclick[1].txt Ontdekt: Trace.TrackingCookie.specificclick!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@stat.onestat[2].txt Ontdekt: Trace.TrackingCookie.stat.onestat!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@statcounter[1].txt Ontdekt: Trace.TrackingCookie.statcounter!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@statse.webtrendslive[1].txt Ontdekt: Trace.TrackingCookie.statse.webtrendslive!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@tradedoubler[2].txt Ontdekt: Trace.TrackingCookie.tradedoubler!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@tribalfusion[1].txt Ontdekt: Trace.TrackingCookie.tribalfusion!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@weborama[2].txt Ontdekt: Trace.TrackingCookie.weborama!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@zedo[1].txt Ontdekt: Trace.TrackingCookie.zedo!A2
C:\ProgramData\VUOyWqOYGdRXu.exe Ontdekt: Trojan.Win32.FakeAV!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4fefe015-40d48188/json\Option.class Ontdekt: Exploit.Java.Blacole!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4fefe015-40d48188/json\SP.class Ontdekt: Exploit.Java.Blacole!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4fefe015-40d48188/json\XML.class Ontdekt: Exploit.Java.Blacole!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb8c8a9-7a8d58c4/Field.class Ontdekt: JAVA.Agent!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb8c8a9-7a8d58c4/Inc.class Ontdekt: Exploit.Java.CVE-2011-3544!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb8c8a9-7a8d58c4/m.class Ontdekt: Exploit.Java.CVE!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\109494b5-1ee18c0d/apps\MyWorker.class Ontdekt: Trojan-Downloader.Java.OpenStream!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Efira$a.class Ontdekt: Exploit.Java.CVE-2011-3544!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Efira$b.class Ontdekt: Exploit.Java.CVE-2011-3544!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Efira$df.class Ontdekt: Exploit.Java.CVE-2011-3544!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Efira$s.class Ontdekt: Exploit.Java.CVE-2011-3544!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Men.class Ontdekt: Exploit.Java.CVE!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Ou.class Ontdekt: Exploit.Java.CVE-2011-3544!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Pol.class Ontdekt: Exploit.Java.CVE-2011-3544!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Sento.class Ontdekt: Trojan-Downloader.Java.OpenConnection!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\64f580c6-73cff73d/json\ThreadParser.class Ontdekt: Exploit.Java.Blacole!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3435d049-4933be6c/Loo$1.class Ontdekt: JAVA.Agent!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3435d049-4933be6c/fgsh.class Ontdekt: Exploit.Java.CVE-2011-3544!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3435d049-4933be6c/gggsd.class Ontdekt: Exploit.Java.CVE-2011-3544!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3435d049-4933be6c/ggs.class Ontdekt: Trojan-Downloader.Java.OpenConnection!IK
C:\Users\All Users\VUOyWqOYGdRXu.exe Ontdekt: Trojan.Win32.FakeAV!IK
Gescand
Bestanden: 176209
Sporen: 407359
Cookies: 895
Processen: 72
Gevonden
Bestanden: 22
Sporen: 0
Cookies: 33
Processen: 1
Registersleutels: 0
Scan Geëindigd: 19-4-2012 18:40:25
Scantijd: 1:24:02
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Sento.class Verwijderd Trojan-Downloader.Java.OpenConnection!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3435d049-4933be6c/ggs.class Verwijderd Trojan-Downloader.Java.OpenConnection!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\109494b5-1ee18c0d/apps\MyWorker.class Verwijderd Trojan-Downloader.Java.OpenStream!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb8c8a9-7a8d58c4/m.class Verwijderd Exploit.Java.CVE!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Men.class Verwijderd Exploit.Java.CVE!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb8c8a9-7a8d58c4/Inc.class Verwijderd Exploit.Java.CVE-2011-3544!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Efira$a.class Verwijderd Exploit.Java.CVE-2011-3544!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Efira$b.class Verwijderd Exploit.Java.CVE-2011-3544!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Efira$df.class Verwijderd Exploit.Java.CVE-2011-3544!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Efira$s.class Verwijderd Exploit.Java.CVE-2011-3544!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Ou.class Verwijderd Exploit.Java.CVE-2011-3544!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736e6d3b-31daa178/Pol.class Verwijderd Exploit.Java.CVE-2011-3544!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3435d049-4933be6c/fgsh.class Verwijderd Exploit.Java.CVE-2011-3544!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3435d049-4933be6c/gggsd.class Verwijderd Exploit.Java.CVE-2011-3544!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb8c8a9-7a8d58c4/Field.class Verwijderd JAVA.Agent!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3435d049-4933be6c/Loo$1.class Verwijderd JAVA.Agent!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4fefe015-40d48188/json\Option.class Verwijderd Exploit.Java.Blacole!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4fefe015-40d48188/json\SP.class Verwijderd Exploit.Java.Blacole!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4fefe015-40d48188/json\XML.class Verwijderd Exploit.Java.Blacole!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\64f580c6-73cff73d/json\ThreadParser.class Verwijderd Exploit.Java.Blacole!IK
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@zedo[1].txt Verwijderd Trace.TrackingCookie.zedo!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@tribalfusion[1].txt Verwijderd Trace.TrackingCookie.tribalfusion!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@tradedoubler[2].txt Verwijderd Trace.TrackingCookie.tradedoubler!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@statse.webtrendslive[1].txt Verwijderd Trace.TrackingCookie.statse.webtrendslive!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@statcounter[1].txt Verwijderd Trace.TrackingCookie.statcounter!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@stat.onestat[2].txt Verwijderd Trace.TrackingCookie.stat.onestat!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@specificclick[1].txt Verwijderd Trace.TrackingCookie.specificclick!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@smartadserver[2].txt Verwijderd Trace.TrackingCookie.smartadserver!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@realmedia[1].txt Verwijderd Trace.TrackingCookie.realmedia!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@metriweb[1].txt Verwijderd Trace.TrackingCookie.metriweb!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@mediaplex[1].txt Verwijderd Trace.TrackingCookie.mediaplex!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@fl01.ct2.comclick[1].txt Verwijderd Trace.TrackingCookie.fl01.ct2.comclick!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@fastclick[1].txt Verwijderd Trace.TrackingCookie.fastclick!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@com[1].txt Verwijderd Trace.TrackingCookie.com!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@clickbank[1].txt Verwijderd Trace.TrackingCookie.clickbank!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@casalemedia[2].txt Verwijderd Trace.TrackingCookie.casalemedia!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@burstnet[2].txt Verwijderd Trace.TrackingCookie.burstnet!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@adviva[2].txt Verwijderd Trace.TrackingCookie.adviva!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@advertising[2].txt Verwijderd Trace.TrackingCookie.advertising!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@adtech[1].txt Verwijderd Trace.TrackingCookie.adtech!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@about[2].txt Verwijderd Trace.TrackingCookie.about!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@2o7[2].txt Verwijderd Trace.TrackingCookie.2o7!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@247realmedia[1].txt Verwijderd Trace.TrackingCookie.247realmedia!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@weborama[1].txt Verwijderd Trace.TrackingCookie.weborama!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@weborama[2].txt Verwijderd Trace.TrackingCookie.weborama!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@serving-sys[2].txt Verwijderd Trace.TrackingCookie.serving-sys!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@serving-sys[2].txt Verwijderd Trace.TrackingCookie.serving-sys!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@ru4[1].txt Verwijderd Trace.TrackingCookie.ru4!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@ru4[2].txt Verwijderd Trace.TrackingCookie.ru4!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@doubleclick[2].txt Verwijderd Trace.TrackingCookie.doubleclick!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@doubleclick[1].txt Verwijderd Trace.TrackingCookie.doubleclick!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\5736z-453g32mnkk@bs.serving-sys[2].txt Verwijderd Trace.TrackingCookie.bs.serving-sys!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@bs.serving-sys[1].txt Verwijderd Trace.TrackingCookie.bs.serving-sys!A2
[3300] C:\ProgramData\VUOyWqOYGdRXu.exe Verwijderd Trojan.Win32.FakeAV!IK
C:\ProgramData\VUOyWqOYGdRXu.exe Verwijderd Trojan.Win32.FakeAV!IK
C:\Users\All Users\VUOyWqOYGdRXu.exe Verwijderd Trojan.Win32.FakeAV!IK
Verwijderd
Bestanden: 22
Sporen: 0
Cookies: 33
Dit is de log van mbam
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Databaseversie: v2012.04.19.02
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
5736z-453g32mnkk :: 5736Z-453G32MNK [administrator]
19-4-2012 19:18:50
mbam-log-2012-04-19 (19-18-50).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 195101
Verstreken tijd: 6 minuut/minuten, 7 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Slecht: (0) Goed: (1) -> Succesvol in quarantaine geplaatst en gerepareerd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Slecht: (0) Goed: (1) -> Succesvol in quarantaine geplaatst en gerepareerd.
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 1
C:\ProgramData\7NvWDE3vssCkMv.exe (Trojan.Agent.WQ) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
groetjes - Hallo Demy - ik heb ook nog niks beloofd.
Gebruik overigens onder geen geding schoonmaakprogramma's.
Het terughalen van je dokumenten heeft pas zin, indien de malware verwijderd is.
We gaan dus door met scantools. - beste Abraham,
het lijkt erop dat mijn laptop weer de oude is ik heb gelukkig mijn bestanden etc terug.
17:13:54.0886 4204 TDSS rootkit removing tool 2.7.30.0 Apr 19 2012 15:10:31
17:13:54.0886 4204 ============================================================
17:13:54.0886 4204 Current date / time: 2012/04/20 17:13:54.0886
17:13:54.0886 4204 SystemInfo:
17:13:54.0886 4204
17:13:54.0886 4204 OS Version: 6.1.7600 ServicePack: 0.0
17:13:54.0886 4204 Product type: Workstation
17:13:54.0886 4204 ComputerName: 5736Z-453G32MNK
17:13:54.0886 4204 UserName: 5736z-453g32mnkk
17:13:54.0886 4204 Windows directory: C:\Windows
17:13:54.0886 4204 System windows directory: C:\Windows
17:13:54.0886 4204 Running under WOW64
17:13:54.0886 4204 Processor architecture: Intel x64
17:13:54.0886 4204 Number of processors: 2
17:13:54.0886 4204 Page size: 0x1000
17:13:54.0886 4204 Boot type: Normal boot
17:13:54.0886 4204 ============================================================
17:13:55.0806 4204 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:13:55.0806 4204 \Device\Harddisk0\DR0:
17:13:55.0806 4204 MBR partitions:
17:13:55.0806 4204 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
17:13:55.0806 4204 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800
17:13:55.0884 4204 C: <-> \Device\Harddisk0\DR0\Partition1
17:13:55.0884 4204 Initialize success
17:13:55.0884 4204 ============================================================
17:13:56.0040 4452 ============================================================
17:13:56.0040 4452 Scan started
17:13:56.0040 4452 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
17:13:56.0040 4452 ============================================================
17:13:57.0210 4452 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
17:13:57.0444 4452 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
17:13:57.0506 4452 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
17:13:57.0725 4452 Ad-Aware Service (fb182ad520910442abf146bb325de79b) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
17:13:57.0818 4452 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:13:57.0928 4452 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:13:57.0974 4452 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:13:58.0084 4452 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:13:58.0255 4452 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
17:13:58.0411 4452 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
17:13:58.0474 4452 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:13:58.0614 4452 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
17:13:58.0661 4452 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
17:13:58.0708 4452 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:13:58.0786 4452 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:13:58.0848 4452 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
17:13:58.0895 4452 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:13:58.0957 4452 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
17:13:59.0051 4452 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
17:13:59.0144 4452 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:13:59.0316 4452 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
17:13:59.0550 4452 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:13:59.0612 4452 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:13:59.0644 4452 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:13:59.0706 4452 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
17:13:59.0940 4452 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
17:14:00.0034 4452 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
17:14:00.0127 4452 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
17:14:00.0205 4452 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
17:14:00.0268 4452 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
17:14:00.0314 4452 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:14:00.0486 4452 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
17:14:00.0751 4452 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
17:14:00.0876 4452 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:14:01.0016 4452 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:14:01.0126 4452 avast\Program Files\AVAST Software\Avast\AvastSvc.exe
17:14:01.0172 4452 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
17:14:01.0328 4452 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:14:01.0422 4452 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:14:01.0609 4452 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:14:01.0734 4452 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:14:01.0843 4452 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
17:14:02.0046 4452 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
17:14:02.0264 4452 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:14:02.0452 4452 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:14:02.0514 4452 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
17:14:02.0592 4452 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:14:02.0717 4452 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:14:02.0826 4452 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:14:02.0966 4452 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
17:14:03.0044 4452 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:14:03.0107 4452 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:14:03.0200 4452 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:14:03.0247 4452 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:14:03.0278 4452 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:14:03.0403 4452 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:14:03.0668 4452 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:14:03.0778 4452 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
17:14:03.0918 4452 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:14:04.0058 4452 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:14:04.0152 4452 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:14:04.0292 4452 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:14:04.0448 4452 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:14:04.0573 4452 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:14:04.0636 4452 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
17:14:04.0714 4452 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
17:14:04.0792 4452 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:14:04.0838 4452 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:14:04.0901 4452 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:14:04.0979 4452 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
17:14:05.0135 4452 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:14:05.0228 4452 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:14:05.0353 4452 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
17:14:05.0478 4452 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
17:14:05.0634 4452 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:14:05.0774 4452 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:14:05.0868 4452 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
17:14:05.0977 4452 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
17:14:06.0149 4452 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
17:14:06.0274 4452 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:14:06.0461 4452 DsiWMIService (1fca854cedfc2ccd0c22e46ea4ea18f1) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
17:14:06.0570 4452 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
17:14:06.0648 4452 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:14:07.0132 4452 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:14:07.0256 4452 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
17:14:07.0397 4452 ehRecvr (3d69fae60ede442e004611a4ee4db44c) C:\Windows\ehome\ehRecvr.exe
17:14:07.0568 4452 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:14:07.0678 4452 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:14:07.0880 4452 ePowerSvc (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
17:14:07.0927 4452 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
17:14:08.0036 4452 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:14:08.0270 4452 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:14:08.0380 4452 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:14:08.0520 4452 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
17:14:08.0629 4452 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:14:08.0692 4452 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:14:08.0785 4452 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:14:08.0879 4452 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:14:08.0926 4452 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:14:09.0097 4452 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:14:09.0160 4452 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:14:09.0222 4452 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
17:14:09.0316 4452 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
17:14:09.0518 4452 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:14:09.0581 4452 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:14:09.0659 4452 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:14:09.0799 4452 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
17:14:09.0877 4452 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:14:09.0924 4452 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:14:10.0096 4452 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
17:14:10.0267 4452 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:14:10.0470 4452 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
17:14:10.0688 4452 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:14:10.0766 4452 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:14:10.0876 4452 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:14:10.0985 4452 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:14:11.0032 4452 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:14:11.0110 4452 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
17:14:11.0188 4452 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
17:14:11.0281 4452 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
17:14:11.0406 4452 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
17:14:11.0453 4452 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
17:14:11.0531 4452 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
17:14:11.0640 4452 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
17:14:11.0718 4452 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:14:11.0812 4452 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
17:14:11.0983 4452 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:14:12.0077 4452 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
17:14:12.0233 4452 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:14:12.0638 4452 igfx (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:14:12.0950 4452 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:14:13.0044 4452 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
17:14:13.0247 4452 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
17:14:13.0325 4452 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
17:14:13.0387 4452 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:14:13.0434 4452 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:14:13.0559 4452 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:14:13.0699 4452 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
17:14:13.0840 4452 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:14:13.0902 4452 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:14:14.0167 4452 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
17:14:14.0245 4452 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:14:14.0323 4452 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
17:14:14.0370 4452 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
17:14:14.0448 4452 k57nd60a (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys
17:14:14.0510 4452 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:14:14.0542 4452 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
17:14:14.0620 4452 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:14:14.0744 4452 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
17:14:14.0807 4452 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
17:14:14.0885 4452 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:14:15.0041 4452 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:14:15.0212 4452 LanmanServer (c926920b8978de6acfe9e15c709e9b57) C:\Windows\System32\srvsvc.dll
17:14:15.0306 4452 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
17:14:15.0415 4452 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:14:15.0540 4452 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:14:15.0649 4452 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:14:15.0727 4452 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:14:15.0774 4452 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:14:15.0805 4452 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:14:15.0836 4452 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:14:15.0899 4452 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:14:15.0992 4452 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
17:14:16.0086 4452 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:14:16.0164 4452 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:14:16.0242 4452 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:14:16.0351 4452 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:14:16.0445 4452 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:14:16.0523 4452 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:14:16.0570 4452 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:14:16.0726 4452 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
17:14:16.0772 4452 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
17:14:16.0835 4452 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:14:17.0022 4452 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
17:14:17.0116 4452 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
17:14:17.0194 4452 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:14:17.0256 4452 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:14:17.0318 4452 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:14:17.0396 4452 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
17:14:17.0443 4452 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
17:14:17.0521 4452 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:14:17.0662 4452 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:14:17.0740 4452 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:14:17.0896 4452 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
17:14:17.0958 4452 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:14:18.0083 4452 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:14:18.0223 4452 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:14:18.0301 4452 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:14:18.0395 4452 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
17:14:18.0488 4452 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:14:18.0535 4452 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:14:18.0613 4452 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:14:18.0738 4452 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:14:18.0847 4452 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
17:14:19.0097 4452 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
17:14:19.0315 4452 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
17:14:19.0502 4452 MWLService (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
17:14:19.0799 4452 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
17:14:20.0048 4452 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:14:20.0251 4452 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
17:14:20.0329 4452 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:14:20.0516 4452 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:14:20.0641 4452 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
17:14:20.0735 4452 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:14:20.0938 4452 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
17:14:21.0109 4452 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:14:21.0328 4452 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
17:14:21.0515 4452 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:14:21.0608 4452 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:14:21.0686 4452 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:14:22.0108 4452 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:14:22.0201 4452 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:14:22.0310 4452 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
17:14:22.0482 4452 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:14:22.0638 4452 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:14:22.0732 4452 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:14:22.0919 4452 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
17:14:23.0621 4452 NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
17:14:24.0260 4452 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
17:14:24.0557 4452 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:14:24.0728 4452 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
17:14:24.0775 4452 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
17:14:24.0822 4452 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
17:14:25.0056 4452 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:14:25.0150 4452 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
17:14:25.0290 4452 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:14:25.0384 4452 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:14:25.0493 4452 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:14:25.0555 4452 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:14:25.0602 4452 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
17:14:25.0649 4452 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:14:25.0758 4452 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
17:14:25.0852 4452 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
17:14:25.0945 4452 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:14:26.0008 4452 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:14:26.0070 4452 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:14:26.0210 4452 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:14:26.0725 4452 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
17:14:26.0897 4452 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
17:14:27.0006 4452 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:14:27.0084 4452 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:14:27.0131 4452 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
17:14:27.0209 4452 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:14:27.0365 4452 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
17:14:27.0458 4452 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:14:27.0552 4452 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
17:14:27.0708 4452 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:14:27.0817 4452 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
17:14:27.0973 4452 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:14:28.0067 4452 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:14:28.0145 4452 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:14:28.0254 4452 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:14:28.0379 4452 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:14:28.0519 4452 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:14:28.0753 4452 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:14:28.0847 4452 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:14:28.0940 4452 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
17:14:29.0284 4452 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:14:29.0393 4452 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:14:29.0471 4452 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
17:14:29.0564 4452 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:14:29.0642 4452 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:14:29.0705 4452 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:14:29.0767 4452 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:14:29.0876 4452 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
17:14:29.0954 4452 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
17:14:30.0001 4452 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:14:30.0095 4452 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:14:30.0188 4452 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:14:30.0282 4452 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:14:30.0391 4452 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:14:30.0500 4452 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:14:30.0641 4452 RSUSBSTOR (44ed82612403021e36998e1ecb1198f1) C:\Windows\System32\Drivers\RtsUStor.sys
17:14:30.0703 4452 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:14:31.0670 4452 SBAMSvc (c7d53053541a448febb1373abbaf79ef) C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
17:14:31.0920 4452 sbapifs (db7f9394b2f2d446df14d46c61b0e94b) C:\Windows\system32\DRIVERS\sbapifs.sys
17:14:32.0029 4452 SbFw (cdb954c736d51dc5fa712c039af4f683) C:\Windows\system32\drivers\SbFw.sys
17:14:32.0201 4452 SBFWIMCL (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\sbfwim.sys
17:14:32.0248 4452 SBFWIMCLMP (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\SBFWIM.sys
17:14:32.0294 4452 sbhips (a5bc45f8c2f30350e7566799c86b2f5d) C:\Windows\system32\drivers\sbhips.sys
17:14:32.0372 4452 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
17:14:32.0435 4452 SBRE (fd833bee2fd9befdc0afd1941a306d9e) C:\Windows\system32\drivers\SBREdrv.sys
17:14:32.0528 4452 SbTis (f9955774a6bf0a5ca696f591c7b80a79) C:\Windows\system32\drivers\sbtis.sys
17:14:32.0591 4452 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:14:32.0903 4452 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
17:14:33.0308 4452 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll
17:14:33.0542 4452 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:14:33.0667 4452 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
17:14:33.0808 4452 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:14:33.0948 4452 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
17:14:34.0057 4452 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:14:34.0135 4452 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:14:34.0276 4452 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:14:34.0369 4452 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:14:34.0432 4452 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:14:34.0510 4452 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
17:14:34.0619 4452 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
17:14:34.0681 4452 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:14:34.0728 4452 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:14:34.0759 4452 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:14:34.0837 4452 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:14:34.0915 4452 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
17:14:35.0040 4452 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:14:35.0071 4452 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:14:35.0102 4452 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:14:35.0227 4452 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:14:35.0321 4452 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:14:35.0383 4452 Spooler (89e8550c5862999fcf482ea562b0e98e) C:\Windows\System32\spoolsv.exe
17:14:35.0680 4452 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
17:14:36.0101 4452 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:14:36.0366 4452 srv (37c3abc2338010e110d2a6a3930f3149) C:\Windows\system32\DRIVERS\srv.sys
17:14:37.0037 4452 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
17:14:37.0364 4452 srvnet (cce32bb223e9ff55d241099a858fa889) C:\Windows\system32\DRIVERS\srvnet.sys
17:14:37.0552 4452 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:14:37.0692 4452 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:14:37.0817 4452 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:14:37.0926 4452 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
17:14:38.0051 4452 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:14:38.0176 4452 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:14:38.0347 4452 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys
17:14:38.0519 4452 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
17:14:38.0612 4452 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
17:14:38.0659 4452 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
17:14:38.0784 4452 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:14:39.0205 4452 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
17:14:39.0314 4452 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
17:14:39.0408 4452 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
17:14:39.0533 4452 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:14:39.0595 4452 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:14:39.0689 4452 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
17:14:39.0782 4452 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
17:14:39.0923 4452 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
17:14:40.0063 4452 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:14:40.0204 4452 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:14:40.0438 4452 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
17:14:40.0516 4452 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:14:40.0703 4452 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
17:14:40.0812 4452 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:14:40.0968 4452 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
17:14:41.0062 4452 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:14:41.0140 4452 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
17:14:41.0249 4452 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
17:14:41.0358 4452 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:14:41.0467 4452 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
17:14:41.0561 4452 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
17:14:41.0670 4452 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:14:41.0748 4452 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
17:14:41.0888 4452 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:14:42.0029 4452 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:14:42.0185 4452 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
17:14:42.0294 4452 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
17:14:42.0419 4452 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
17:14:42.0544 4452 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
17:14:42.0622 4452 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
17:14:42.0668 4452 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
17:14:42.0715 4452 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:14:42.0809 4452 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:14:42.0949 4452 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
17:14:43.0058 4452 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
17:14:43.0136 4452 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:14:43.0277 4452 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:14:43.0370 4452 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
17:14:43.0542 4452 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
17:14:43.0651 4452 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:14:43.0714 4452 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:14:43.0807 4452 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
17:14:43.0854 4452 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
17:14:43.0901 4452 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
17:14:43.0963 4452 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
17:14:44.0026 4452 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
17:14:44.0135 4452 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:14:44.0228 4452 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
17:14:44.0338 4452 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:14:44.0494 4452 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:14:44.0634 4452 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:14:44.0712 4452 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:14:44.0837 4452 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:14:44.0915 4452 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:14:44.0993 4452 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:14:45.0352 4452 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
17:14:45.0492 4452 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:14:45.0586 4452 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
17:14:45.0664 4452 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:14:45.0882 4452 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:14:45.0991 4452 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:14:46.0069 4452 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:14:46.0132 4452 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:14:46.0225 4452 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
17:14:46.0334 4452 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:14:46.0506 4452 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:14:46.0631 4452 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:14:46.0849 4452 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:14:46.0958 4452 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:14:47.0208 4452 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:14:47.0489 4452 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
17:14:47.0692 4452 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
17:14:47.0832 4452 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:14:47.0972 4452 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:14:48.0066 4452 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:14:48.0238 4452 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:14:48.0331 4452 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
17:14:48.0425 4452 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:14:48.0596 4452 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
17:14:48.0799 4452 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
17:14:48.0955 4452 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
17:14:49.0064 4452 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:14:49.0142 4452 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
17:14:49.0252 4452 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:14:49.0439 4452 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo\SoftwareUpdate\YahooAUService.exe
17:14:49.0517 4452 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:14:50.0312 4452 Boot (0x1200) (4c2f59815e7f8086f61d538a183d76ef) \Device\Harddisk0\DR0\Partition0
17:14:50.0359 4452 Boot (0x1200) (f43b81d264358ad5f427c2e3138fd5c6) \Device\Harddisk0\DR0\Partition1
17:14:50.0359 4452 ============================================================
17:14:50.0359 4452 Scan finished
17:14:50.0359 4452 ============================================================
17:14:50.0921 4488 Deinitialize success
.
==============================================
System Restore Point Check:
.
TDSSKiller Starter Restore Point Created Succesfully
==============================================
Registry Export
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
==============================================
EOF
en deze is van de combofix
ComboFix 12-04-18.02 - 5736z-453g32mnkk 20-04-2012 17:25:07.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.3002.1963 [GMT 2:00]
Gestart vanuit: c:\users\5736z-453g32mnkk\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-03-20 to 2012-04-20 ))))))))))))))))))))))))))))))
.
.
2012-04-20 15:29 . 2012-04-20 15:29 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-04-20 15:13 . 2012-04-20 15:14 ——– d—–w- C:\TDSSStarter
2012-04-19 17:16 . 2012-04-19 17:16 ——– d—–w- c:\users\5736z-453g32mnkk\AppData\Roaming\Malwarebytes
2012-04-19 17:16 . 2012-04-19 17:16 ——– d—–w- c:\programdata\Malwarebytes
2012-04-19 17:16 . 2012-04-19 17:16 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-19 17:16 . 2012-04-04 13:56 24904 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-04-18 18:52 . 2012-04-18 18:52 ——– d–h–w- c:\users\5736z-453g32mnkk\AppData\Local\adaware
2012-04-18 18:52 . 2011-05-17 16:36 45904 —-a-w- c:\windows\system32\sbbd.exe
2012-04-18 18:52 . 2011-04-29 12:15 55384 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-04-18 18:52 . 2011-04-05 15:35 94296 —-a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-18 18:52 . 2011-04-05 15:35 60504 —-a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-18 18:52 . 2011-04-05 15:35 253528 —-a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-18 18:52 . 2011-02-08 07:14 84568 —-a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-18 18:52 . 2012-04-18 18:52 ——– d–h–w- c:\programdata\Lavasoft
2012-04-18 18:52 . 2012-04-18 18:52 ——– d—–w- c:\program files (x86)\Ad-Aware Antivirus
2012-04-18 18:52 . 2012-04-18 18:52 ——– d–h–w- c:\programdata\Ad-Aware Browsing Protection
2012-04-18 18:52 . 2012-04-18 18:52 ——– d—–w- c:\program files (x86)\Toolbar Cleaner
2012-04-18 18:52 . 2012-04-18 18:52 ——– d—–w- c:\program files (x86)\adawaretb
2012-04-18 18:51 . 2012-04-19 15:15 ——– d–h–w- c:\users\5736z-453g32mnkk\AppData\Roaming\Ad-Aware Antivirus
2012-04-12 20:38 . 2012-04-12 20:38 ——– d–h–w- c:\users\5736z-453g32mnkk\AppData\Roaming\Password Generator Professional
2012-04-12 20:37 . 2012-04-12 20:37 ——– d—–w- c:\program files (x86)\Kristanix
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-03-06 19:16 87440 —-a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-03-06 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 —ha-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\5736z-453g32mnkk\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-19 137536]
"WebCallDirect"="c:\program files (x86)\WebCallDirect.com\WebCallDirect\webcalldirect.exe" [2012-03-30 17947528]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-01-04 6497592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher –windows-run" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/nl.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA&inst=NwA2AC0AOQAzADgAMgA3ADkAMQA3ADMALQBEADMAOAAxAEwAKwA1AC0AVgBPAFAAOQArADEALQBEAEQAVAArADAALQBJADkAMAArADEA&prod=54&ver=9.0.914" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 55384]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-17 2804280]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-04-19 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 10:44]
.
2012-04-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2811958681-2021223505-3934072247-1000Core.job
- c:\users\5736z-453g32mnkk\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-19 18:23]
.
2012-04-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2811958681-2021223505-3934072247-1000UA.job
- c:\users\5736z-453g32mnkk\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-19 18:23]
.
.
——— x86-64 ———–
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 —-a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 —ha-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-14 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-14 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-14 365592]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com/?ilc=8
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Zoek op het web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PSP Video 9 - c:\users\5736z-453g32mnkk\Desktop\Video Converter App\uninstaller.exe
AddRemove-SpeakyChat - c:\users\5736z-453g32mnkk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SpeakyChat\uninstall.exe
.
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\progra~2\AD-AWA~1\AdAware.exe
c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe
c:\program files (x86)\Launch Manager\LMworker.exe
.
**************************************************************************
.
Voltooingstijd: 2012-04-20 17:41:12 - machine werd herstart
ComboFix-quarantined-files.txt 2012-04-20 15:41
.
Pre-Run: 248.126.357.504 bytes beschikbaar
Post-Run: 247.735.386.112 bytes beschikbaar
.
- - End Of File - - 625625AE66A799F17CAD0C38B7F2B7FE
moet ik nog andere stappen nemen of is mijn laptop nu weer clean en veilig? - al mijn bestanden zijn letterlijk verdwenen en ik heb die bestanden echt nodig!!! wie kan mij ermee helpen?
Volgens mij is dit de logfile
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:31:12, on 18-4-2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\ProgramData\VUOyWqOYGdRXu.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\ProgramData\7NvWDE3vssCkMv.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\5736z-453g32mnkk\Desktop\HijackThis.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Zoek op het web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - Sunbelt Software - C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
–
End of file - 6799 bytes - Hoi Demi, fijn dat je de mappen weer terug hebt.
Nee jouw Windows is niet veilig.
Dat komt mede doordat er twee antivirusprogramma's in Windows draaien.
Daar is Avast niet blij mee en jouw Windows zal ook heel blij zijn als [b:5cf44cd8fe]Lavasoft AdAware[/b:5cf44cd8fe] verwijderd is.
Dus doe dat dan ook via [b:5cf44cd8fe]Configuratiescherm\ - beste Abraham dit is dan de log van emergency kit
Emsisoft Emergency Kit - Versie 1.0
Laatste Update: 4/21/2012 11:56:20 AM
Scaninstellingen:
Scantype: Diepe Scan
Objecten: Geheugen, Sporen, Cookies, C:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan
Scan gestart: 4/21/2012 11:56:36 AM
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@doubleclick[2].txt Ontdekt: Trace.TrackingCookie.doubleclick!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@serving-sys[2].txt Ontdekt: Trace.TrackingCookie.serving-sys!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@stat.onestat[2].txt Ontdekt: Trace.TrackingCookie.stat.onestat!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@weborama[1].txt Ontdekt: Trace.TrackingCookie.weborama!A2
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\68f10917-50c08d24/mbcuk\lgsaujulwmwuljgqvjnhwcm.class Ontdekt: JAVA.Agent!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\68f10917-50c08d24/mbcuk\qqpqgkljqvysvdved.class Ontdekt: Java.CVE!IK
Gescand
Bestanden: 176228
Sporen: 407359
Cookies: 873
Processen: 67
Gevonden
Bestanden: 2
Sporen: 0
Cookies: 4
Processen: 0
Registersleutels: 0
Scan Geëindigd: 4/21/2012 1:29:42 PM
Scantijd: 1:33:06
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\68f10917-50c08d24/mbcuk\qqpqgkljqvysvdved.class Verwijderd Java.CVE!IK
C:\Users\5736z-453g32mnkk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\68f10917-50c08d24/mbcuk\lgsaujulwmwuljgqvjnhwcm.class Verwijderd JAVA.Agent!IK
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@weborama[1].txt Verwijderd Trace.TrackingCookie.weborama!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@stat.onestat[2].txt Verwijderd Trace.TrackingCookie.stat.onestat!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@serving-sys[2].txt Verwijderd Trace.TrackingCookie.serving-sys!A2
C:\Users\5736z-453g32mnkk\AppData\Roaming\Microsoft\Windows\Cookies\Low\5736z-453g32mnkk@doubleclick[2].txt Verwijderd Trace.TrackingCookie.doubleclick!A2
Verwijderd
Bestanden: 2
Sporen: 0
Cookies: 4
groetjess - [b:9326e53b5b]Welk programma[/b:9326e53b5b]:
- beste abraham,
hierbij de volgende logs.
OTL Extras logfile created on: 4/21/2012 2:57:42 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\5736z-453g32mnkk\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
2.93 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 65.60% Memory free
5.86 Gb Paging File | 4.70 Gb Available in Paging File | 80.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 230.49 Gb Free Space | 80.88% Space Free | Partition Type: NTFS
Computer Name: 5736Z-453G32MNK | User Name: 5736z-453g32mnkk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
- Hallo Demi, ga naar [b:4003d2f3de]Configuratiescherm\
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.