TDSSKiller geeft Safeboot.sys als infected...ten einde raad

[anoniem]

Hoi, tdsskiller.exe heeft na een scan aangegeven dat mijn safeboot.sys infected is en locked. Tot op heden is nog niks gelukt om de rootkit te verwijderen. Hulp. In afwachting van een helpende hand. Ik heb gezien dat Abraham54 al eerder iemand fantastisch heeft bijgestaan, dus ik heb nog hoop. Vriendelijke groet, LucGIS

[anoniem]

Je schrijft: "Tot op heden is nog niks gelukt om de rootkit te verwijderen." Dan wil ik toch graag eerst weten wat jij zoal al gedaan hebt. En nog wat: TDSSKiller is software die bij verkeerd gebruik jouw Windows kan vernielen! Behalve dus een list van tools die je gebruikt hebt, wil ik ook graag nog het volgende van je: [b:b75fe963c6]Welk programma[/b:b75fe963c6]: [color=#008000:b75fe963c6][b:b75fe963c6]sUbs dds[/b:b75fe963c6][/color:b75fe963c6] [b:b75fe963c6]Waarvoor/waarom[/b:b75fe963c6]: DDS is een diagnosetool en maakt gebruik van scripts. [b:b75fe963c6]Moeilijkheidsgraad[/b:b75fe963c6]: Lees eerst goed wat te doen. [b:b75fe963c6]Downloadlokatie[/b:b75fe963c6]: Dit programma absoluut naar het bureaublad downloaden of anders eerst daar naar toe verplaatsen! [b:b75fe963c6]Download DDS[/b:b75fe963c6] van [b:b75fe963c6]sUBS[/b:b75fe963c6] van één van deze locaties en plaats het op je [b:b75fe963c6]bureaublad[/b:b75fe963c6]: [b:b75fe963c6][url=http://download.bleepingcomputer.com/sUBs/dds.com]DDS - Bleeping Computer download[/url]. [url=http://download.bleepingcomputer.com/sUBs/dds.scr]DDS - Bleeping Computer download[/url]. [url=http://www.infospyware.net/sUBs/dds]DDS - Infospyware[/url].[/b:b75fe963c6] [img:b75fe963c6]http://img.photobucket.com/albums/v666/sUBs/dds_scr.gif[/img:b75fe963c6] [b:b75fe963c6]sUBs dds. gebruiken[/b:b75fe963c6]: [list:b75fe963c6][*:b75fe963c6][b:b75fe963c6][color=#0000FF:b75fe963c6]Sluit vervolgens eerst alle nog openstaande programmavensters![/color:b75fe963c6][/b:b75fe963c6] [*:b75fe963c6] [b:b75fe963c6][color=#008000:b75fe963c6]Antivirusprogramma en actieve malwarescanners dienen gedeaktiveerd zijn!/COLOR][/b:b75fe963c6] [list:b75fe963c6][*:b75fe963c6][url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608][b:b75fe963c6][color=#0000FF]Hier[/color:b75fe963c6][/b:b75fe963c6][/url] of [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607][color=#0000FF:b75fe963c6][b:b75fe963c6]hier[/b:b75fe963c6][/color:b75fe963c6][/url] kan je lezen hoe je dat doet.[/list:u:b75fe963c6] [list:b75fe963c6][*:b75fe963c6][b:b75fe963c6][color=#0000FF:b75fe963c6]Windows 2000[/color:b75fe963c6][/b:b75fe963c6] en [color=#0000FF:b75fe963c6][b:b75fe963c6]Windows XP[/b:b75fe963c6][/color:b75fe963c6]: start sUBs dds. middels dubbelklik op de snelkoppeling. [*:b75fe963c6][color=#0000FF:b75fe963c6][b:b75fe963c6]Windows Vista[/b:b75fe963c6][/color:b75fe963c6] en [color=#0000FF:b75fe963c6][b:b75fe963c6]Windows 7[/b:b75fe963c6][/color:b75fe963c6]: start sUBs dds. rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.[/list:u:b75fe963c6][/list:u:b75fe963c6] [b:b75fe963c6]Na de scan[/b:b75fe963c6] [list:b75fe963c6][*:b75fe963c6] [b:b75fe963c6][color=#FF0000:b75fe963c6]Heraktiveer nu de actieve beveiligingssoftware[/color:b75fe963c6][/b:b75fe963c6] [*:b75fe963c6]Er worden twee tekstdocumnenten geopend - DDS.txt en Attach.txt - let even op het volgende! [*:b75fe963c6]Kopieer en plak de gehele inhoud van de [b:b75fe963c6]DDS-logfile[/b:b75fe963c6] in jouw volgende bericht. [*:b75fe963c6]De inhoud van [b:b75fe963c6]Attach.txt[/b:b75fe963c6] post je wanneer ik daarom vraag.[/list:u:b75fe963c6]

[anoniem]

1 TDSSKiller.exe hielp niet en zorgde inderdaad voor een unbootable Windows 7, dus via recovery weer terug gezet. 2 TDSSKiller.exe om te kijken of de revovery misschien iets goeds had gedaan, helaas niet 3 Door zoeken op internet en een thread op computer totaal forum --> ComboFix.exe 4 TDSSKiller.exe nog steeds een threat... 5 ESET Free Online Scanner Complete Malware Detection ESET out of options vanaf hier...

[anoniem]

. DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33 Run by LucGIS at 22:06:46 on 2012-08-14 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3071.1751 [GMT 2:00] . AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\System32\svchost.exe -k Cognizance C:\Windows\System32\svchost.exe -k Bioscrypt C:\Program Files\Fingerprint Sensor\AtService.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\AEADISRV.EXE C:\Program Files\ArcGIS\License10.1\bin\lmgrd.exe C:\Windows\system32\conhost.exe C:\Program Files\Intel\AMT\atchksrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files\ArcGIS\License10.1\bin\lmgrd.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\ArcGIS\License10.1\bin\ARCGIS.exe C:\Program Files\ERDAS\Shared\licensing\bin\Win32Release\lmgrd.exe C:\Windows\system32\conhost.exe C:\Program Files\ERDAS\Shared\licensing\bin\Win32Release\lmgrd.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\ERDAS\Shared\licensing\bin\Win32Release\erdasnet.exe C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k regsvc C:\Windows\system32\locator.exe C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe C:\Program Files\Intel\AMT\UNS.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\real\realplayer\Update\realsched.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Evernote\Evernote\EvernoteClipper.exe C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Windows\system32\DllHost.exe C:\Windows\System32\mobsync.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.nu.nl/ uInternet Settings,ProxyOverride = *.local BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: File Sanitizer for HP ProtectTools: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Spb Wallet: {2913d3dd-9363-4c21-b205-c19a584a0674} - c:\program files\spb wallet\SpbWalletToolbar.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll uRun: [MP3 Skype Recorder] c:\program files\mp3 skype recorder\MP3 Skype Recorder.exe uRun: [Spotify Web Helper] "c:\users\LucGIS\appdata\roaming\spotify\data\SpotifyWebHelper.exe" uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart uRun: [MusicManager] "c:\users\LucGIS\appdata\local\programs\google\musicmanager\MusicManager.exe" uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_3_300_270_Plugin.exe -update plugin mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [atchk] "c:\program files\intel\amt\atchk.exe" mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload mRun: [Sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe mRun: [SuperOffice Ribbons] "c:\program files\superoffice\superoffice ribbons\InstallerHelper.exe" reguser mRun: [IFXSPMGT] "c:\program files\hewlett-packard\embedded security software\ifxspmgt.exe" /NotifyLogon mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup mRun: [MacDrive 9 application] "c:\program files\mediafour\macdrive 9\MacDrive.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet dRun: [MP3 Skype Recorder] c:\program files\mp3 skype recorder\MP3 Skype Recorder.exe StartupFolder: c:\users\LucGIS~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\arcgis~1.lnk - c:\cracked license manager 10\start_lic_mgr_invisible.vbs StartupFolder: c:\users\LucGIS~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe mPolicies-explorer: NoWelcomeScreen = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204 IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {CC88D81F-6166-4F46-AC89-B75CD9CEB292} - {76E2006B-AC76-4710-AC10-4ADE018779EB} - c:\program files\superoffice\SoIeExtensions.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {77583070-5F09-43E5-8B5C-58DCD2DA43FE} - hxxp://awsbs23k/AenWmaatwerk/faktuur/anscontrols/ansinvoice.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {A374D34D-CC5F-488D-ABA8-DCFDBCCA5CC1} - hxxp://awsbs23k/AenWmaatwerk/rapporten/anscontrols/ansreport.CAB DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FA2CF5C4-D0FB-438F-B484-6B070FCD0459} - hxxp://awsbs23k/AenWmaatwerk/derden/anscontrols/ansderden.CAB TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{4D2B5E87-3F2F-40A7-B35A-A8440E163AF1} : DhcpNameServer = 192.168.0.253 TCP: Interfaces\{B5291A13-B0AD-430A-AFCE-18F7FD2E56D6} : DhcpNameServer = 8.8.8.8 TCP: Interfaces\{E8F8C761-EE45-4B29-85FA-B789C955F0BD} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{E8F8C761-EE45-4B29-85FA-B789C955F0BD}\1456E67533 : DhcpNameServer = 192.168.0.253 TCP: Interfaces\{E8F8C761-EE45-4B29-85FA-B789C955F0BD}\2456C6B696E6F5E4F575962756C6563737F5831413932493 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{E8F8C761-EE45-4B29-85FA-B789C955F0BD}\4427161646C6F6A756024596D6 : DhcpNameServer = 192.168.2.254 TCP: Interfaces\{E8F8C761-EE45-4B29-85FA-B789C955F0BD}\64259445A51224F6870264F6E60275C414E402731373030214E6E656870214 : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{E8F8C761-EE45-4B29-85FA-B789C955F0BD}\94259435 : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{E8F8C761-EE45-4B29-85FA-B789C955F0BD}\A41636864786166756E602F4F63747562786166756E60223 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{E8F8C761-EE45-4B29-85FA-B789C955F0BD}\F48602D4970274F646 : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\mp3 skype recorder\Skype4COM.dll Notify: DeviceNP - DeviceNP.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll AppInit_DLLs: c:\progra~1\hewlet~1\iam\bin\apshook.dll c:\progra~1\sophos\sophos~1\sophos_detoured.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\LucGIS\appdata\roaming\mozilla\firefox\profiles\jrmy02rl.default\ FF - prefs.js: browser.startup.homepage - www.nu.nl FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\users\LucGIS\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\users\LucGIS\appdata\roaming\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\users\LucGIS\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2011-9-21 13936] R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2011-10-3 238768] R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [2011-5-9 29864] R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2009-7-29 51408] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2009-7-29 12960] R1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2012-6-5 57800] R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2011-9-21 39712] R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2009-7-29 12528] R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2012-5-9 123680] R1 SKMScan;SKMScan;c:\windows\system32\drivers\skmscan.sys [2011-12-7 31736] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 ArcGIS License Manager;ArcGIS License Manager;c:\program files\arcgis\license10.1\bin\lmgrd.exe [2012-1-5 1408904] R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2009-7-14 20992] R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Bioscrypt [2009-7-14 20992] R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-7-29 1201400] R2 DisplayLinkService;DisplayLinkManager;c:\program files\displaylink core software\DisplayLinkManager.exe [2009-11-20 4715880] R2 ERDAS Licensing Service;ERDAS Licensing Service;c:\program files\erdas\shared\licensing\bin\win32release\lmgrd.exe [2010-12-3 1327104] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2011-6-21 85560] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-11-2 227896] R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2009-7-29 256544] R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2011-10-23 77824] R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-5-13 26168] R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992] R2 MacDrive9Service;MacDrive 9 service;c:\program files\mediafour\macdrive 9\MacDrive9Service.exe [2011-9-23 160768] R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576] R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2012-7-18 216640] R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2012-6-15 139840] R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2012-7-6 232512] R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2012-7-18 2863168] R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2010-2-5 1464856] R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-3 625224] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-2-5 227896] R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2011-9-21 165488] R3 netw5v32;Intel(R) Wireless WiFi Link adapter stuurprogramma onder Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2011-9-21 6000640] R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2010-2-5 49152] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664] S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2009-8-7 45056] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856] S2 swi_update;Sophos Web Intelligence Update;c:\programdata\sophos\web intelligence\swi_update.exe [2011-12-7 1465920] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250056] S3 ApacheMS4WWebServer;Apache MS4W Web Server;c:\ms4w\apache\bin\httpd.exe [2010-3-11 24636] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-2-5 29472] S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2009-9-8 32312] S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-10-5 362040] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-10-27 36640] S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-6 113120] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-2-23 15872] S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\drivers\rismc32.sys [2010-2-5 49152] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224] S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-4 1343400] S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2011-12-7 22536] . =============== Created Last 30 ================ . 2012-08-14 18:25:25 -------- d-sh--w- C:\$RECYCLE.BIN 2012-08-13 18:17:54 -------- d-----w- c:\program files\ESET 2012-08-13 17:31:45 208896 ----a-w- c:\windows\MBR.exe 2012-08-13 17:31:44 98816 ----a-w- c:\windows\sed.exe 2012-08-13 17:31:44 518144 ----a-w- c:\windows\SWREG.exe 2012-08-13 17:31:44 256000 ----a-w- c:\windows\PEV.exe 2012-08-13 17:18:55 -------- d-----w- C:\TDSSStarter 2012-08-13 14:58:41 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{eb89d3df-aec2-47c6-96d9-b72ec65fd613}\mpengine.dll 2012-07-25 19:31:43 -------- d-----w- c:\users\LucGIS\appdata\local\Programs 2012-07-25 19:23:22 -------- d-----w- c:\program files\TunnelBear 2012-07-18 14:09:55 2048 ----a-w- c:\windows\system32\msxml3r.dll 2012-07-18 14:09:55 1390080 ----a-w- c:\windows\system32\msxml6.dll 2012-07-18 14:09:55 1236992 ----a-w- c:\windows\system32\msxml3.dll 2012-07-18 14:09:38 805376 ----a-w- c:\windows\system32\cdosys.dll 2012-07-18 14:09:38 57344 ----a-w- c:\program files\common files\system\ado\msador15.dll 2012-07-18 14:09:38 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll 2012-07-18 14:09:38 212992 ----a-w- c:\program files\common files\system\msadc\msadco.dll 2012-07-18 14:09:38 143360 ----a-w- c:\program files\common files\system\ado\msjro.dll 2012-07-18 14:09:38 1019904 ----a-w- c:\program files\common files\system\ado\msado15.dll 2012-07-18 14:09:37 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll 2012-07-18 14:09:29 2345984 ----a-w- c:\windows\system32\win32k.sys . ==================== Find3M ==================== . 2012-08-03 10:28:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-03 10:28:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-18 17:19:44 30744 ----a-w- c:\windows\system32\SophosBootTasks.exe 2012-06-25 14:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll 2012-06-22 07:55:58 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-06-22 07:55:58 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-06-21 06:22:49 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-21 06:22:49 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-06 19:14:32 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll 2012-06-04 16:21:51 97 ----a-w- C:\move.cmd 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll 2012-05-31 10:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-05-18 22:52:00 882024 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-18 22:52:00 7745896 ----a-w- c:\windows\system32\nvwgf2um.dll 2012-05-18 22:52:00 61288 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-18 22:52:00 5925736 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-18 22:52:00 2518376 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-18 22:52:00 2439016 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-18 22:52:00 2325352 ----a-w- c:\windows\system32\nvapi.dll 2012-05-18 22:52:00 19512680 ----a-w- c:\windows\system32\nvoglv32.dll 2012-05-18 22:52:00 17543528 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-18 22:52:00 15037800 ----a-w- c:\windows\system32\nvd3dum.dll 2012-05-18 22:52:00 11457896 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-05-18 22:52:00 1000296 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-18 16:19:35 3900264 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-18 16:19:34 2722152 ----a-w- c:\windows\system32\nvsvc.dll 2012-05-18 16:16:05 713064 ----a-w- c:\windows\system32\nv3dappshext.dll 2012-05-18 16:16:05 62312 ----a-w- c:\windows\system32\nvshext.dll 2012-05-18 16:16:05 55144 ----a-w- c:\windows\system32\nv3dappshextr.dll 2012-05-18 16:16:05 108392 ----a-w- c:\windows\system32\nvmctray.dll 2012-05-18 16:16:04 2561384 ----a-w- c:\windows\system32\nvsvcr.dll 2012-05-18 16:16:03 645480 ----a-w- c:\windows\system32\nvvsvc.exe 2009-01-20 17:48:38 2826240 ----a-w- c:\program files\amtlib.dll 2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 Disk: ST920042 rev.3.AH -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 . device: opened successfully user: MBR read successfully . Disk trace: called modules: >>UNKNOWN [0x8363A000]<< >>UNKNOWN [0x8BDA6000]<< >>UNKNOWN [0x8C1D0000]<< >>UNKNOWN [0x8C18E000]<< >>UNKNOWN [0x83603000]<< >>UNKNOWN [0x8BABE000]<< >>UNKNOWN [0x8BC26000]<< _asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; } 1 ntkrnlpa!IofCallDriver[0x8367155A] -> \Device\Harddisk0\DR0[0x87543980] \Driver\Disk[0x8753DD38] -> IRP_MJ_CREATE -> 0x8BDAA39F 3 [0x8BDAA59E] -> ntkrnlpa!IofCallDriver[0x8367155A] -> [0x87543020] \Driver\hpdskflt[0x874E4718] -> IRP_MJ_CREATE -> 0x8C18FEB2 5 [0x8C18FF92] -> ntkrnlpa!IofCallDriver[0x8367155A] -> [0x86773890] \Driver\ACPI[0x85D5D4F8] -> IRP_MJ_CREATE -> 0x8BAC74CC 7 [0x8BAC73D4] -> ntkrnlpa!IofCallDriver[0x8367155A] -> \Device\Ide\IAAStorageDevice-0[0x86715028] \Driver\iaStor[0x86742DF0] -> IRP_MJ_CREATE -> 0x8BC6AC16 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; } user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 22:07:41,92 ===============

[anoniem]

Een vraag - ben je met deze Windows blijven internetbankieren? Info: download de nieuwste versie van TDSSKiller om [color=#FF0000:cf0962cc92][b:cf0962cc92]Sinowal[/b:cf0962cc92][/color:cf0962cc92] uit jouw Windows te verwijderen! [b:cf0962cc92]Welk programma[/b:cf0962cc92]: [color=#008000:cf0962cc92][b:cf0962cc92]Kaspersky TDSSKiller[/b:cf0962cc92][/color:cf0962cc92] [b:cf0962cc92]Waarvoor/waarom[/b:cf0962cc92]: Rootkitscanner [b:cf0962cc92]Moeilijkheidsgraad[/b:cf0962cc92]: geen [b:cf0962cc92]Downloadlokatie[/b:cf0962cc92]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen! [b:cf0962cc92]Download[/b:cf0962cc92] [b:cf0962cc92]TDSSKiller[/b:cf0962cc92] [url=http://support.kaspersky.com/downloads/utils/tdsskiller.zip][b:cf0962cc92]hier[/b:cf0962cc92][/url]. [b:cf0962cc92]Installatie[/b:cf0962cc92]: [list:cf0962cc92][*:cf0962cc92] pak het bestand uit op je bureaublad.[/list:u:cf0962cc92] [b:cf0962cc92]TDSSKiller gebruiken[/b:cf0962cc92]: [list:cf0962cc92][*:cf0962cc92]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe. [*:cf0962cc92]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:cf0962cc92]Als Administrator uitvoeren[/b:cf0962cc92]. [*:cf0962cc92][color=#008000:cf0962cc92][b:cf0962cc92]Belangrijk:[/b:cf0962cc92][/color:cf0962cc92] indien TDSSKiller met een bericht komt over een beschikbare update, dan voer je deze eerst uit, [*:cf0962cc92]klik daarvoor op de knop "Load update"[/list:u:cf0962cc92] [img:cf0962cc92]http://www.malwareinfo.nl/files/screens/TDSSkiller(update).jpg[/img:cf0962cc92] [list:cf0962cc92][*:cf0962cc92]Een nieuwe versie van TDSSkiller zal nu gedownload worden en sla deze op het bureaublad op. [*:cf0962cc92]Start nu TDSSkiller opnieuw. [*:cf0962cc92] Klik op "[b:cf0962cc92]Change parameters[/b:cf0962cc92]" en zorg dat de onderstaande opties allemaal aangevinkt zijn.[/list:u:cf0962cc92] [img:cf0962cc92]http://www.malwareinfo.nl/files/screens/TDSSkiller(opties).jpg[/img:cf0962cc92] [list:cf0962cc92][*:cf0962cc92]Klik vervolgens op de knop [b:cf0962cc92]"Start Scan"[/b:cf0962cc92] en volg de instructies. [*:cf0962cc92] Nadat de scan klaar is klik je op de knop [b:cf0962cc92]"Report"[/b:cf0962cc92]. [*:cf0962cc92]Er opent een kladblokbestand. Post de inhoud van dit bestand.[/list:u:cf0962cc92] [list:cf0962cc92][*:cf0962cc92][b:cf0962cc92]Herstart de pc indien TDSSKiller die optie aangeeft (Reboot now).[/b:cf0962cc92] [*:cf0962cc92]Wanneer het opnieuw opstarten noodzakelijk is, vind je de logfile in [b:cf0962cc92]C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt[/b:cf0962cc92][/list:u:cf0962cc92] [color=#0000FF:cf0962cc92][b:cf0962cc92]Belangrijk:[/b:cf0962cc92][/color:cf0962cc92] [list:cf0962cc92][*:cf0962cc92]Indien je een waarschuwing krijgt over [b:cf0962cc92]sptd.sys[/b:cf0962cc92] dan mag je deze 'skippen' deze hoort bij Emulatiesoftware zoals bijv. DaemonTools. [*:cf0962cc92]De [b:cf0962cc92]unsigned files[/b:cf0962cc92] skip je, [*:cf0962cc92][b:cf0962cc92]TDSS File System[/b:cf0962cc92] laat je verwijderen of repareren, [b:cf0962cc92]delete[/b:cf0962cc92] of [b:cf0962cc92]cure[/b:cf0962cc92]. [*:cf0962cc92][b:cf0962cc92]Rootkit.Boot.SST.b[/b:cf0962cc92] en anderen zoals [color=#FF0000:cf0962cc92][b:cf0962cc92]Sinowal[/b:cf0962cc92][/color:cf0962cc92], [b:cf0962cc92]ZeroAccess[/b:cf0962cc92] of [b:cf0962cc92]Whistler[/b:cf0962cc92] laat je herstellen [b:cf0962cc92]Cure[/b:cf0962cc92].[/list:u:cf0962cc92]

[anoniem]

Hoi, Sinds de ontdekking van het virus heb ik internetbankieren nog niet gebruikt. mvg LucGIS

[anoniem]

06:16:20.0660 3820 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05 06:16:20.0970 3820 ============================================================ 06:16:20.0970 3820 Current date / time: 2012/08/15 06:16:20.0970 06:16:20.0970 3820 SystemInfo: 06:16:20.0970 3820 06:16:20.0970 3820 OS Version: 6.1.7601 ServicePack: 1.0 06:16:20.0970 3820 Product type: Workstation 06:16:20.0970 3820 ComputerName: LucGIS 06:16:20.0970 3820 UserName: LucGIS 06:16:20.0970 3820 Windows directory: C:\Windows 06:16:20.0970 3820 System windows directory: C:\Windows 06:16:20.0970 3820 Processor architecture: Intel x86 06:16:20.0970 3820 Number of processors: 2 06:16:20.0970 3820 Page size: 0x1000 06:16:20.0970 3820 Boot type: Normal boot 06:16:20.0970 3820 ============================================================ 06:16:21.0830 3820 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 06:16:21.0830 3820 ============================================================ 06:16:21.0830 3820 \Device\Harddisk0\DR0: 06:16:21.0830 3820 MBR partitions: 06:16:21.0830 3820 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 06:16:21.0830 3820 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1746C000 06:16:21.0830 3820 ============================================================ 06:16:21.0850 3820 C: <-> \Device\Harddisk0\DR0\Partition2 06:16:21.0850 3820 ============================================================ 06:16:21.0850 3820 Initialize success 06:16:21.0850 3820 ============================================================ 06:16:26.0941 6856 ============================================================ 06:16:26.0941 6856 Scan started 06:16:26.0941 6856 Mode: Manual; 06:16:26.0941 6856 ============================================================ 06:16:27.0190 6856 ================ Scan services ============================= 06:16:27.0534 6856 [ 1b133875b8aa8ac48969bd3458afe9f5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 06:16:27.0565 6856 1394ohci - ok 06:16:27.0612 6856 [ cc1f1d3d70dc13c2c281488d347d4415 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys 06:16:27.0627 6856 Accelerometer - ok 06:16:27.0690 6856 [ cea80c80bed809aa0da6febc04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys 06:16:27.0705 6856 ACPI - ok 06:16:27.0736 6856 [ 1efbc664abff416d1d07db115dcb264f ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 06:16:27.0736 6856 AcpiPmi - ok 06:16:27.0799 6856 [ 73685e15ef8b0bd9c30f1af413f13d49 ] adfs C:\Windows\system32\drivers\adfs.sys 06:16:27.0861 6856 adfs - ok 06:16:27.0924 6856 [ fb9ece3f7b8a03e474e611031ad4cd23 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys 06:16:27.0939 6856 ADIHdAudAddService - ok 06:16:28.0064 6856 [ 9444a3530c2e88b7ed96a566ff9ccc13 ] Adobe Version Cue CS4 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe 06:16:28.0095 6856 Adobe Version Cue CS4 - ok 06:16:28.0251 6856 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 06:16:28.0282 6856 AdobeARMservice - ok 06:16:28.0376 6856 [ f19c98ad81d2c0e1bbfd8153d2c80ee8 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 06:16:28.0392 6856 AdobeFlashPlayerUpdateSvc - ok 06:16:28.0438 6856 [ 21e785ebd7dc90a06391141aac7892fb ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 06:16:28.0454 6856 adp94xx - ok 06:16:28.0485 6856 [ 0c676bc278d5b59ff5abd57bbe9123f2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 06:16:28.0501 6856 adpahci - ok 06:16:28.0501 6856 [ 7c7b5ee4b7b822ec85321fe23a27db33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 06:16:28.0516 6856 adpu320 - ok 06:16:28.0548 6856 [ 12d23758621b00b8d3134095ec3325fd ] AEADIFilters C:\Windows\system32\AEADISRV.EXE 06:16:28.0594 6856 AEADIFilters - ok 06:16:28.0626 6856 [ 8b5eefeec1e6d1a72a06c526628ad161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 06:16:28.0626 6856 AeLookupSvc - ok 06:16:28.0688 6856 [ 9ebbba55060f786f0fcaa3893bfa2806 ] AFD C:\Windows\system32\drivers\afd.sys 06:16:28.0704 6856 AFD - ok 06:16:28.0750 6856 [ 507812c3054c21cef746b6ee3d04dd6e ] agp440 C:\Windows\system32\drivers\agp440.sys 06:16:28.0766 6856 agp440 - ok 06:16:28.0813 6856 [ 8b30250d573a8f6b4bd23195160d8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 06:16:28.0838 6856 aic78xx - ok 06:16:28.0868 6856 [ 18a54e132947cd98fea9accc57f98f13 ] ALG C:\Windows\System32\alg.exe 06:16:28.0888 6856 ALG - ok 06:16:28.0958 6856 [ 0d40bcf52ea90fc7df2aeab6503dea44 ] aliide C:\Windows\system32\drivers\aliide.sys 06:16:28.0968 6856 aliide - ok 06:16:28.0998 6856 [ 3c6600a0696e90a463771c7422e23ab5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 06:16:29.0018 6856 amdagp - ok 06:16:29.0048 6856 [ cd5914170297126b6266860198d1d4f0 ] amdide C:\Windows\system32\drivers\amdide.sys 06:16:29.0068 6856 amdide - ok 06:16:29.0118 6856 [ 00dda200d71bac534bf56a9db5dfd666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 06:16:29.0138 6856 AmdK8 - ok 06:16:29.0148 6856 [ 3cbf30f5370fda40dd3e87df38ea53b6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 06:16:29.0168 6856 AmdPPM - ok 06:16:29.0198 6856 [ d320bf87125326f996d4904fe24300fc ] amdsata C:\Windows\system32\drivers\amdsata.sys 06:16:29.0208 6856 amdsata - ok 06:16:29.0238 6856 [ ea43af0c423ff267355f74e7a53bdaba ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 06:16:29.0258 6856 amdsbs - ok 06:16:29.0278 6856 [ 46387fb17b086d16dea267d5be23a2f2 ] amdxata C:\Windows\system32\drivers\amdxata.sys 06:16:29.0288 6856 amdxata - ok 06:16:29.0348 6856 [ a06766651ccdf060c1214488dc03f508 ] ApacheMS4WWebServer C:\ms4w\Apache\bin\httpd.exe 06:16:29.0378 6856 ApacheMS4WWebServer - ok 06:16:29.0428 6856 [ aea177f783e20150ace5383ee368da19 ] AppID C:\Windows\system32\drivers\appid.sys 06:16:29.0438 6856 AppID - ok 06:16:29.0468 6856 [ 62a9c86cb6085e20db4823e4e97826f5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 06:16:29.0478 6856 AppIDSvc - ok 06:16:29.0548 6856 [ fb1959012294d6ad43e5304df65e3c26 ] Appinfo C:\Windows\System32\appinfo.dll 06:16:29.0558 6856 Appinfo - ok 06:16:29.0598 6856 [ a45d184df6a8803da13a0b329517a64a ] AppMgmt C:\Windows\System32\appmgmts.dll 06:16:29.0608 6856 AppMgmt - ok 06:16:29.0638 6856 [ 2932004f49677bd84dbc72edb754ffb3 ] arc C:\Windows\system32\DRIVERS\arc.sys 06:16:29.0668 6856 arc - ok 06:16:29.0838 6856 [ 3dedcd6057f4ceeb1a3169361abcd09b ] ArcGIS License Manager C:\Program Files\ArcGIS\License10.1\bin\lmgrd.exe 06:16:29.0998 6856 ArcGIS License Manager - ok 06:16:30.0008 6856 [ 5d6f36c46fd283ae1b57bd2e9feb0bc7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 06:16:30.0028 6856 arcsas - ok 06:16:30.0138 6856 [ 6d9c17b3b2526539fb1ea68b3bd4d402 ] ASBroker C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll 06:16:30.0138 6856 ASBroker - ok 06:16:30.0158 6856 [ 47f16e188376c7d263ceeab8fe65a1c2 ] ASChannel C:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll 06:16:30.0158 6856 ASChannel - ok 06:16:30.0288 6856 [ 776acefa0ca9df0faa51a5fb2f435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 06:16:30.0328 6856 aspnet_state - ok 06:16:30.0358 6856 [ add2ade1c2b285ab8378d2daaf991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 06:16:30.0358 6856 AsyncMac - ok 06:16:30.0418 6856 [ 338c86357871c167a96ab976519bf59e ] atapi C:\Windows\system32\drivers\atapi.sys 06:16:30.0428 6856 atapi - ok 06:16:30.0478 6856 [ f0bb742487725c342f280d64003d3e79 ] atchksrv C:\Program Files\Intel\AMT\atchksrv.exe 06:16:30.0518 6856 atchksrv - ok 06:16:30.0578 6856 [ b09d413eb812f65651162c516c75cc5f ] ATService C:\Program Files\Fingerprint Sensor\AtService.exe 06:16:30.0728 6856 ATService - ok 06:16:30.0778 6856 [ befe54e9bc648a3c79c917a63b6ee7da ] ATSwpWDF C:\Windows\system32\Drivers\ATSwpWDF.sys 06:16:30.0808 6856 ATSwpWDF - ok 06:16:30.0868 6856 [ ce3b4e731638d2ef62fcb419be0d39f0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 06:16:30.0888 6856 AudioEndpointBuilder - ok 06:16:30.0898 6856 [ ce3b4e731638d2ef62fcb419be0d39f0 ] Audiosrv C:\Windows\System32\Audiosrv.dll 06:16:30.0898 6856 Audiosrv - ok 06:16:30.0938 6856 [ 6e30d02aac9cac84f421622e3a2f6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll 06:16:30.0958 6856 AxInstSV - ok 06:16:31.0008 6856 [ 1a231abec60fd316ec54c66715543cec ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 06:16:31.0028 6856 b06bdrv - ok 06:16:31.0068 6856 [ bd8869eb9cde6bbe4508d869929869ee ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 06:16:31.0088 6856 b57nd60x - ok 06:16:31.0128 6856 [ ee1e9c3bb8228ae423dd38db69128e71 ] BDESVC C:\Windows\System32\bdesvc.dll 06:16:31.0138 6856 BDESVC - ok 06:16:31.0158 6856 [ 505506526a9d467307b3c393dedaf858 ] Beep C:\Windows\system32\drivers\Beep.sys 06:16:31.0168 6856 Beep - ok 06:16:31.0228 6856 [ 1e2bac209d184bb851e1a187d8a29136 ] BFE C:\Windows\System32\bfe.dll 06:16:31.0248 6856 BFE - ok 06:16:31.0308 6856 [ e585445d5021971fae10393f0f1c3961 ] BITS C:\Windows\system32\qmgr.dll 06:16:31.0368 6856 BITS - ok 06:16:31.0378 6856 [ 2287078ed48fcfc477b05b20cf38f36f ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 06:16:31.0388 6856 blbdrive - ok 06:16:31.0458 6856 [ db5bea73edaf19ac68b2c0fad0f92b1a ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 06:16:31.0518 6856 Bonjour Service - ok 06:16:31.0568 6856 [ 8f2da3028d5fcbd1a060a3de64cd6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 06:16:31.0578 6856 bowser - ok 06:16:31.0598 6856 [ 9f9acc7f7ccde8a15c282d3f88b43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 06:16:31.0618 6856 BrFiltLo - ok 06:16:31.0628 6856 [ 56801ad62213a41f6497f96dee83755a ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 06:16:31.0648 6856 BrFiltUp - ok 06:16:31.0678 6856 [ 77361d72a04f18809d0efb6cceb74d4b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 06:16:31.0698 6856 BridgeMP - ok 06:16:31.0748 6856 [ 6e11f33d14d020f58d5e02e4d67dfa19 ] Browser C:\Windows\System32\browser.dll 06:16:31.0758 6856 Browser - ok 06:16:31.0768 6856 [ 845b8ce732e67f3b4133164868c666ea ] Brserid C:\Windows\System32\Drivers\Brserid.sys 06:16:31.0798 6856 Brserid - ok 06:16:31.0808 6856 [ 203f0b1e73adadbbb7b7b1fabd901f6b ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 06:16:31.0828 6856 BrSerWdm - ok 06:16:31.0838 6856 [ bd456606156ba17e60a04e18016ae54b ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 06:16:31.0858 6856 BrUsbMdm - ok 06:16:31.0868 6856 [ af72ed54503f717a43268b3cc5faec2e ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 06:16:31.0888 6856 BrUsbSer - ok 06:16:31.0928 6856 [ 2865a5c8e98c70c605f417908cebb3a4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 06:16:31.0938 6856 BthEnum - ok 06:16:31.0948 6856 [ ed3df7c56ce0084eb2034432fc56565a ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 06:16:31.0958 6856 BTHMODEM - ok 06:16:31.0998 6856 [ ad1872e5829e8a2c3b5b4b641c3eab0e ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 06:16:32.0008 6856 BthPan - ok 06:16:32.0048 6856 [ c2fbf6d271d9a94d839c416bf186ead9 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 06:16:32.0068 6856 BTHPORT - ok 06:16:32.0098 6856 [ 1df19c96eef6c29d1c3e1a8678e07190 ] bthserv C:\Windows\system32\bthserv.dll 06:16:32.0108 6856 bthserv - ok 06:16:32.0128 6856 [ c81e9413a25a439f436b1d4b6a0cf9e9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 06:16:32.0138 6856 BTHUSB - ok 06:16:32.0178 6856 [ d57d29132efe13a83133d9bd449e0cf1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 06:16:32.0188 6856 btwaudio - ok 06:16:32.0228 6856 [ d282c14a69357d0e1bafaecc2ca98c3a ] btwavdt C:\Windows\system32\drivers\btwavdt.sys 06:16:32.0238 6856 btwavdt - ok 06:16:32.0288 6856 [ 7d2dd14e60ce4ff3308d66fda7990546 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 06:16:32.0318 6856 btwdins - ok 06:16:32.0358 6856 [ aafd7cb76ba61fbb08e302da208c974a ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 06:16:32.0368 6856 btwl2cap - ok 06:16:32.0378 6856 [ 02eb4d2b05967df2d32f29c84ab1fb17 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 06:16:32.0398 6856 btwrchid - ok 06:16:32.0588 6856 catchme - ok 06:16:32.0758 6856 [ 93c568904e116607df2389907a9d8899 ] CBDisk C:\Windows\system32\drivers\CBDisk.sys 06:16:32.0778 6856 CBDisk - ok 06:16:32.0808 6856 [ 77ea11b065e0a8ab902d78145ca51e10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 06:16:32.0818 6856 cdfs - ok 06:16:32.0891 6856 [ be167ed0fdb9c1fa1133953c18d5a6c9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 06:16:32.0906 6856 cdrom - ok 06:16:32.0922 6856 [ 319c6b309773d063541d01df8ac6f55f ] CertPropSvc C:\Windows\System32\certprop.dll 06:16:32.0938 6856 CertPropSvc - ok 06:16:32.0984 6856 [ 3fe3fe94a34df6fb06e6418d0f6a0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 06:16:32.0984 6856 circlass - ok 06:16:33.0016 6856 [ 635181e0e9bbf16871bf5380d71db02d ] CLFS C:\Windows\system32\CLFS.sys 06:16:33.0047 6856 CLFS - ok 06:16:33.0094 6856 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 06:16:33.0140 6856 clr_optimization_v2.0.50727_32 - ok 06:16:33.0247 6856 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 06:16:33.0347 6856 clr_optimization_v4.0.30319_32 - ok 06:16:33.0367 6856 [ dea805815e587dad1dd2c502220b5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 06:16:33.0377 6856 CmBatt - ok 06:16:33.0427 6856 [ c537b1db64d495b9b4717b4d6d9edbf2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 06:16:33.0447 6856 cmdide - ok 06:16:33.0467 6856 [ 247b4ce2dab1160cd422d532d5241e1f ] CNG C:\Windows\system32\Drivers\cng.sys 06:16:33.0487 6856 CNG - ok 06:16:33.0577 6856 [ c7a0e61d5714ac20de52d4f66ec773b8 ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 06:16:33.0607 6856 Com4QLBEx - ok 06:16:33.0627 6856 [ a6023d3823c37043986713f118a89bee ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 06:16:33.0647 6856 Compbatt - ok 06:16:33.0697 6856 [ cbe8c58a8579cfe5fccf809e6f114e89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 06:16:33.0707 6856 CompositeBus - ok 06:16:33.0727 6856 COMSysApp - ok 06:16:33.0737 6856 [ 2c4ebcfc84a9b44f209dff6c6e6c61d1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 06:16:33.0747 6856 crcdisk - ok 06:16:33.0807 6856 [ 06e771aa596b8761107ab57e99f128d7 ] CryptSvc C:\Windows\system32\cryptsvc.dll 06:16:33.0817 6856 CryptSvc - ok 06:16:33.0867 6856 [ 3c2177a897b4ca2788c6fb0c3fd81d4b ] CSC C:\Windows\system32\drivers\csc.sys 06:16:33.0887 6856 CSC - ok 06:16:33.0947 6856 [ 15f93b37f6801943360d9eb42485d5d3 ] CscService C:\Windows\System32\cscsvc.dll 06:16:33.0957 6856 CscService - ok 06:16:34.0017 6856 [ b5ecadf7708960f1818c7fa015f4c239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys 06:16:34.0037 6856 CVirtA - ok 06:16:34.0167 6856 [ f432260e59aae3284ed7e795264c16d0 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe 06:16:34.0417 6856 CVPND - ok 06:16:34.0507 6856 [ 8a15d7bd4cf1a8ccd7c65f7349f22e35 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys 06:16:34.0597 6856 CVPNDRVA - ok 06:16:34.0637 6856 [ a05433f6218dcb8f0dec232de65f8b26 ] DAMDrv C:\Windows\system32\DRIVERS\DAMDrv.sys 06:16:34.0667 6856 DAMDrv - ok 06:16:34.0717 6856 [ 7660f01d3b38aca1747e397d21d790af ] DcomLaunch C:\Windows\system32\rpcss.dll 06:16:34.0727 6856 DcomLaunch - ok 06:16:34.0757 6856 [ 8d6e10a2d9a5eed59562d9b82cf804e1 ] defragsvc C:\Windows\System32\defragsvc.dll 06:16:34.0777 6856 defragsvc - ok 06:16:34.0827 6856 [ f024449c97ec1e464aaffda18593db88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 06:16:34.0837 6856 DfsC - ok 06:16:34.0867 6856 dgderdrv - ok 06:16:34.0897 6856 [ e9e01eb683c132f7fa27cd607b8a2b63 ] Dhcp C:\Windows\system32\dhcpcore.dll 06:16:34.0907 6856 Dhcp - ok 06:16:34.0937 6856 [ 1a050b0274bfb3890703d490f330c0da ] discache C:\Windows\system32\drivers\discache.sys 06:16:34.0957 6856 discache - ok 06:16:35.0007 6856 [ 565003f326f99802e68ca78f2a68e9ff ] Disk C:\Windows\system32\DRIVERS\disk.sys 06:16:35.0017 6856 Disk - ok 06:16:35.0227 6856 [ fc41de978d894f4dd2da7a9e644d9b5e ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe 06:16:35.0734 6856 DisplayLinkService - ok 06:16:35.0834 6856 [ 4bc8bc999d3399ddd48dc613af4836ba ] dlkmd C:\Windows\system32\drivers\dlkmd.sys 06:16:35.0904 6856 dlkmd - ok 06:16:35.0924 6856 [ b0a027364265d1fca68c27c9596dda0f ] dlkmdldr C:\Windows\system32\drivers\dlkmdldr.sys 06:16:35.0944 6856 dlkmdldr - ok 06:16:35.0994 6856 [ 7b4fdfbe97c047175e613aa96f3de987 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys 06:16:35.0994 6856 DNE - ok 06:16:36.0044 6856 [ 33ef4861f19a0736b11314aad9ae28d0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 06:16:36.0044 6856 Dnscache - ok 06:16:36.0094 6856 [ 366ba8fb4b7bb7435e3b9eacb3843f67 ] dot3svc C:\Windows\System32\dot3svc.dll 06:16:36.0114 6856 dot3svc - ok 06:16:36.0154 6856 [ b5e479eb83707dd698f66953e922042c ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys 06:16:36.0164 6856 dot4 - ok 06:16:36.0204 6856 [ caefd09b6a6249c53a67d55a9a9fcabf ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 06:16:36.0214 6856 Dot4Print - ok 06:16:36.0234 6856 [ cf491ff38d62143203c065260567e2f7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 06:16:36.0254 6856 dot4usb - ok 06:16:36.0294 6856 [ 8ec04ca86f1d68da9e11952eb85973d6 ] DPS C:\Windows\system32\dps.dll 06:16:36.0294 6856 DPS - ok 06:16:36.0324 6856 [ b918e7c5f9bf77202f89e1a9539f2eb4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 06:16:36.0334 6856 drmkaud - ok 06:16:36.0364 6856 DS1410D - ok 06:16:36.0434 6856 [ 23f5d28378a160352ba8f817bd8c71cb ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 06:16:36.0474 6856 DXGKrnl - ok 06:16:36.0504 6856 [ cf0a6015f437161698c5b2a0a12cf052 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys 06:16:36.0524 6856 e1express - ok 06:16:36.0564 6856 [ 8600142fa91c1b96367d3300ad0f3f3a ] EapHost C:\Windows\System32\eapsvc.dll 06:16:36.0584 6856 EapHost - ok 06:16:36.0684 6856 [ 024e1b5cac09731e4d868e64dbfb4ab0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 06:16:36.0794 6856 ebdrv - ok 06:16:36.0834 6856 [ 81951f51e318aecc2d68559e47485cc4 ] EFS C:\Windows\System32\lsass.exe 06:16:36.0844 6856 EFS - ok 06:16:36.0924 6856 [ a8c362018efc87beb013ee28f29c0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 06:16:37.0034 6856 ehRecvr - ok 06:16:37.0054 6856 [ d389bff34f80caede417bf9d1507996a ] ehSched C:\Windows\ehome\ehsched.exe 06:16:37.0084 6856 ehSched - ok 06:16:37.0124 6856 [ 0ed67910c8c326796faa00b2bf6d9d3c ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 06:16:37.0164 6856 elxstor - ok 06:16:37.0284 6856 [ 8904797ab560918b115b7ec350b3d2c7 ] ERDAS Licensing Service C:\Program Files\ERDAS\Shared\licensing\bin\Win32Release\lmgrd.exe 06:16:37.0524 6856 ERDAS Licensing Service - ok 06:16:37.0574 6856 [ 8fc3208352dd3912c94367a206ab3f11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 06:16:37.0584 6856 ErrDev - ok 06:16:37.0634 6856 [ f6916efc29d9953d5d0df06882ae8e16 ] EventSystem C:\Windows\system32\es.dll 06:16:37.0634 6856 EventSystem - ok 06:16:37.0664 6856 [ 2dc9108d74081149cc8b651d3a26207f ] exfat C:\Windows\system32\drivers\exfat.sys 06:16:37.0674 6856 exfat - ok 06:16:37.0704 6856 [ 7e0ab74553476622fb6ae36f73d97d35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 06:16:37.0714 6856 fastfat - ok 06:16:37.0774 6856 [ 967ea5b213e9984cbe270205df37755b ] Fax C:\Windows\system32\fxssvc.exe 06:16:37.0814 6856 Fax - ok 06:16:37.0824 6856 [ e817a017f82df2a1f8cfdbda29388b29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 06:16:37.0844 6856 fdc - ok 06:16:37.0864 6856 [ f3222c893bd2f5821a0179e5c71e88fb ] fdPHost C:\Windows\system32\fdPHost.dll 06:16:37.0874 6856 fdPHost - ok 06:16:37.0894 6856 [ 7dbe8cbfe79efbdeb98c9fb08d3a9a5b ] FDResPub C:\Windows\system32\fdrespub.dll 06:16:37.0904 6856 FDResPub - ok 06:16:37.0914 6856 [ 6cf00369c97f3cf563be99be983d13d8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 06:16:37.0934 6856 FileInfo - ok 06:16:37.0934 6856 [ 42c51dc94c91da21cb9196eb64c45db9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 06:16:37.0944 6856 Filetrace - ok 06:16:37.0994 6856 [ 58b43566ff67f2255af1ca916d2fdacb ] FLCDLOCK C:\Windows\system32\flcdlock.exe 06:16:38.0064 6856 FLCDLOCK - ok 06:16:38.0144 6856 [ acefeea621dca62efb7a7eea59f5e91b ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 06:16:38.0184 6856 FLEXnet Licensing Service - ok 06:16:38.0214 6856 [ 87907aa70cb3c56600f1c2fb8841579b ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 06:16:38.0224 6856 flpydisk - ok 06:16:38.0264 6856 [ 7520ec808e0c35e0ee6f841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 06:16:38.0284 6856 FltMgr - ok 06:16:38.0344 6856 [ b3a5ec6b6b6673db7e87c2bcdbddc074 ] FontCache C:\Windows\system32\FntCache.dll 06:16:38.0374 6856 FontCache - ok 06:16:38.0434 6856 [ e56f39f6b7fda0ac77a79b0fd3de1a2f ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 06:16:38.0464 6856 FontCache3.0.0.0 - ok 06:16:38.0484 6856 [ 1a16b57943853e598cff37fe2b8cbf1d ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 06:16:38.0494 6856 FsDepends - ok 06:16:38.0574 6856 [ b07663a810e861eebfd0eac7e82ca62d ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS 06:16:38.0594 6856 FsUsbExDisk - ok 06:16:38.0634 6856 [ 7dae5ebcc80e45d3253f4923dc424d05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 06:16:38.0654 6856 Fs_Rec - ok 06:16:38.0714 6856 [ 8a73e79089b282100b9393b644cb853b ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 06:16:38.0724 6856 fvevol - ok 06:16:38.0764 6856 [ 65ee0c7a58b65e74ae05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 06:16:38.0774 6856 gagp30kx - ok 06:16:38.0814 6856 [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 06:16:38.0824 6856 GEARAspiWDM - ok 06:16:38.0884 6856 [ e897eaf5ed6ba41e081060c9b447a673 ] gpsvc C:\Windows\System32\gpsvc.dll 06:16:38.0884 6856 gpsvc - ok 06:16:38.0954 6856 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 06:16:38.0954 6856 gupdate - ok 06:16:38.0964 6856 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 06:16:38.0964 6856 gupdatem - ok 06:16:39.0004 6856 [ c1b577b2169900f4cf7190c39f085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 06:16:39.0024 6856 gusvc - ok 06:16:39.0074 6856 [ c172f0d0329e46513b09e1fc60a27b9d ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys 06:16:39.0094 6856 HBtnKey - ok 06:16:39.0124 6856 [ c44e3c2bab6837db337ddee7544736db ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 06:16:39.0134 6856 hcw85cir - ok 06:16:39.0194 6856 [ a5ef29d5315111c80a5c1abad14c8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 06:16:39.0204 6856 HdAudAddService - ok 06:16:39.0224 6856 [ 9036377b8a6c15dc2eec53e489d159b5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 06:16:39.0234 6856 HDAudBus - ok 06:16:39.0274 6856 [ 982da8edc8e2680ba8e39dc1ad54a04e ] HECI C:\Windows\system32\DRIVERS\HECI.sys 06:16:39.0354 6856 HECI - ok 06:16:39.0364 6856 [ 1d58a7f3e11a9731d0eaaaa8405acc36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 06:16:39.0374 6856 HidBatt - ok 06:16:39.0374 6856 [ 89448f40e6df260c206a193a4683ba78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 06:16:39.0394 6856 HidBth - ok 06:16:39.0424 6856 [ cf50b4cf4a4f229b9f3c08351f99ca5e ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 06:16:39.0434 6856 HidIr - ok 06:16:39.0454 6856 [ 2bc6f6a1992b3a77f5f41432ca6b3b6b ] hidserv C:\Windows\System32\hidserv.dll 06:16:39.0464 6856 hidserv - ok 06:16:39.0534 6856 [ 10c19f8290891af023eaec0832e1eb4d ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 06:16:39.0544 6856 HidUsb - ok 06:16:39.0584 6856 [ 196b4e3f4cccc24af836ce58facbb699 ] hkmsvc C:\Windows\system32\kmsvc.dll 06:16:39.0594 6856 hkmsvc - ok 06:16:39.0644 6856 [ 6658f4404de03d75fe3ba09f7aba6a30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 06:16:39.0664 6856 HomeGroupListener - ok 06:16:39.0684 6856 [ dbc02d918fff1cad628acbe0c0eaa8e8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 06:16:39.0684 6856 HomeGroupProvider - ok 06:16:39.0734 6856 [ aa1ecd3306f0c5bb2418d5715199bff7 ] HP ProtectTools Service C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe 06:16:39.0774 6856 HP ProtectTools Service - ok 06:16:39.0834 6856 [ 170233b8d743efe35f462a5d516b93e3 ] HP Support Assistant Service C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe 06:16:39.0854 6856 HP Support Assistant Service - ok 06:16:39.0924 6856 [ 85ed336ab69149a91d2d6617fc5ca1b3 ] HPDrvMntSvc.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe 06:16:39.0964 6856 HPDrvMntSvc.exe - ok 06:16:39.0984 6856 [ 4ef10b866c62abbeaf7511cdd05a19be ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys 06:16:39.0994 6856 hpdskflt - ok 06:16:40.0034 6856 [ 4a4a85248ddba176257913d53fff393e ] HpFkCryptService C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe 06:16:40.0074 6856 HpFkCryptService - ok 06:16:40.0134 6856 [ 3918e9d008f200b67c81a450668dadf2 ] HPFSService C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe 06:16:40.0154 6856 HPFSService - ok 06:16:40.0184 6856 [ 1210960ff8928950d2a786895b0c424a ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 06:16:40.0194 6856 HpqKbFiltr - ok 06:16:40.0294 6856 [ 41830db0e11fcc3a38689f7e680bd0ed ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe 06:16:40.0294 6856 hpqwmiex - ok 06:16:40.0364 6856 [ 295fdc419039090eb8b49ffdbb374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 06:16:40.0384 6856 HpSAMD - ok 06:16:40.0434 6856 [ c0beb56ed79b59b7b33d0aa6c38a0ba6 ] hpsrv C:\Windows\system32\Hpservice.exe 06:16:40.0444 6856 hpsrv - ok 06:16:40.0524 6856 [ 1e7c79cbaf71aa92e0eee924907dcb55 ] HsfXAudioService C:\Windows\system32\XAudio32.dll 06:16:40.0544 6856 HsfXAudioService - ok 06:16:40.0584 6856 [ 720ccc570e04de6d36048f93f376fbfb ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys 06:16:40.0604 6856 HSF_DPV - ok 06:16:40.0624 6856 [ 8bc650907367114fe0e0c05d86de9aba ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys 06:16:40.0644 6856 HSXHWAZL - ok 06:16:40.0684 6856 [ 950cc1e6ae3a6cd23e0945cde089b02c ] HTCAND32 C:\Windows\system32\Drivers\ANDROIDUSB.sys 06:16:40.0694 6856 HTCAND32 - ok 06:16:40.0754 6856 [ 339adefad60353f960e3ca67ce468c24 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys 06:16:40.0764 6856 htcnprot - ok 06:16:40.0824 6856 [ 871917b07a141bff43d76d8844d48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys 06:16:40.0844 6856 HTTP - ok 06:16:40.0884 6856 [ 0c4e035c7f105f1299258c90886c64c5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 06:16:40.0904 6856 hwpolicy - ok 06:16:40.0954 6856 [ f151f0bdc47f4a28b1b20a0818ea36d6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 06:16:40.0974 6856 i8042prt - ok 06:16:41.0074 6856 [ 593ef9f904c8497f6d794dc6fcc59dca ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe 06:16:41.0104 6856 IAANTMON - ok 06:16:41.0154 6856 [ 592a0b130ff567a1725f96ad1510d551 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 06:16:41.0154 6856 iaStor - ok 06:16:41.0194 6856 [ 5cd5f9a5444e6cdcb0ac89bd62d8b76e ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 06:16:41.0204 6856 iaStorV - ok 06:16:41.0274 6856 [ c521d7eb6497bb1af6afa89e322fb43c ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 06:16:41.0404 6856 idsvc - ok 06:16:41.0504 6856 [ 5bb5332b7a08a7493680b477212753ab ] IFXSpMgtSrv C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe 06:16:41.0554 6856 IFXSpMgtSrv - ok 06:16:41.0614 6856 [ dd2ca93025bb1174c870f0b0a7b445de ] IFXTCS C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe 06:16:41.0684 6856 IFXTCS - ok 06:16:41.0714 6856 [ 4173ff5708f3236cf25195fecd742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 06:16:41.0724 6856 iirsp - ok 06:16:41.0784 6856 [ f95622f161474511b8d80d6b093aa610 ] IKEEXT C:\Windows\System32\ikeext.dll 06:16:41.0824 6856 IKEEXT - ok 06:16:41.0864 6856 [ a0f12f2c9ba6c72f3987ce780e77c130 ] intelide C:\Windows\system32\drivers\intelide.sys 06:16:41.0884 6856 intelide - ok 06:16:41.0904 6856 [ 3b514d27bfc4accb4037bc6685f766e0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 06:16:41.0924 6856 intelppm - ok 06:16:41.0954 6856 [ acb364b9075a45c0736e5c47be5cae19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 06:16:41.0964 6856 IPBusEnum - ok 06:16:41.0984 6856 [ 709d1761d3b19a932ff0238ea6d50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 06:16:42.0004 6856 IpFilterDriver - ok 06:16:42.0054 6856 [ 4d65a07b795d6674312f879d09aa7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 06:16:42.0084 6856 iphlpsvc - ok 06:16:42.0134 6856 [ 4bd7134618c1d2a27466a099062547bf ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 06:16:42.0144 6856 IPMIDRV - ok 06:16:42.0144 6856 [ a5fa468d67abcdaa36264e463a7bb0cd ] IPNAT C:\Windows\system32\drivers\ipnat.sys 06:16:42.0164 6856 IPNAT - ok 06:16:42.0214 6856 [ 57edb35ea2feca88f8b17c0c095c9a56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 06:16:42.0284 6856 iPod Service - ok 06:16:42.0314 6856 [ 42996cff20a3084a56017b7902307e9f ] IRENUM C:\Windows\system32\drivers\irenum.sys 06:16:42.0324 6856 IRENUM - ok 06:16:42.0374 6856 [ 1f32bb6b38f62f7df1a7ab7292638a35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 06:16:42.0384 6856 isapnp - ok 06:16:42.0404 6856 [ cb7a9abb12b8415bce5d74994c7ba3ae ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 06:16:42.0424 6856 iScsiPrt - ok 06:16:42.0474 6856 [ adef52ca1aeae82b50df86b56413107e ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 06:16:42.0484 6856 kbdclass - ok 06:16:42.0504 6856 [ 9e3ced91863e6ee98c24794d05e27a71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 06:16:42.0514 6856 kbdhid - ok 06:16:42.0534 6856 [ 81951f51e318aecc2d68559e47485cc4 ] KeyIso C:\Windows\system32\lsass.exe 06:16:42.0534 6856 KeyIso - ok 06:16:42.0554 6856 [ b7895b4182c0d16f6efadeb8081e8d36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 06:16:42.0564 6856 KSecDD - ok 06:16:42.0584 6856 [ d30159ac9237519fbc62c6ec247d2d46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 06:16:42.0594 6856 KSecPkg - ok 06:16:42.0624 6856 [ 89a7b9cc98d0d80c6f31b91c0a310fcd ] KtmRm C:\Windows\system32\msdtckrm.dll 06:16:42.0654 6856 KtmRm - ok 06:16:42.0664 6856 [ d64af876d53eca3668bb97b51b4e70ab ] LanmanServer C:\Windows\System32\srvsvc.dll 06:16:42.0684 6856 LanmanServer - ok 06:16:42.0704 6856 [ 58405e4f68ba8e4057c6e914f326aba2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 06:16:42.0724 6856 LanmanWorkstation - ok 06:16:42.0784 6856 [ 3af6b73a3ad1fc37c5933441f66ceb91 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe 06:16:42.0824 6856 LBTServ - ok 06:16:42.0854 6856 [ 7f9c7b28cf1c859e1c42619eea946dc8 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 06:16:42.0874 6856 LHidFilt - ok 06:16:42.0914 6856 [ f7611ec07349979da9b0ae1f18ccc7a6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 06:16:42.0924 6856 lltdio - ok 06:16:42.0954 6856 [ 5700673e13a2117fa3b9020c852c01e2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 06:16:42.0974 6856 lltdsvc - ok 06:16:42.0994 6856 [ 55ca01ba19d0006c8f2639b6c045e08b ] lmhosts C:\Windows\System32\lmhsvc.dll 06:16:43.0004 6856 lmhosts - ok 06:16:43.0024 6856 [ ab33792a87285344f43b5ce23421bab0 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 06:16:43.0044 6856 LMouFilt - ok 06:16:43.0074 6856 [ f58f73de40c85e5b132b4ab275a0f4b0 ] LMS C:\Program Files\Intel\AMT\LMS.exe 06:16:43.0134 6856 LMS - ok 06:16:43.0164 6856 [ eb119a53ccf2acc000ac71b065b78fef ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 06:16:43.0174 6856 LSI_FC - ok 06:16:43.0194 6856 [ 8ade1c877256a22e49b75d1cc9161f9c ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 06:16:43.0214 6856 LSI_SAS - ok 06:16:43.0224 6856 [ dc9dc3d3daa0e276fd2ec262e38b11e9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 06:16:43.0244 6856 LSI_SAS2 - ok 06:16:43.0254 6856 [ 0a036c7d7cab643a7f07135ac47e0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 06:16:43.0274 6856 LSI_SCSI - ok 06:16:43.0304 6856 [ 6703e366cc18d3b6e534f5cf7df39cee ] luafv C:\Windows\system32\drivers\luafv.sys 06:16:43.0304 6856 luafv - ok 06:16:43.0324 6856 [ 77030525cd86a93f1af34fa9b96d33ce ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys 06:16:43.0344 6856 LUsbFilt - ok 06:16:43.0394 6856 [ 8be71d7edb8c7494913722059f760dd0 ] LVPr2Mon C:\Windows\system32\Drivers\LVPr2Mon.sys 06:16:43.0404 6856 LVPr2Mon - ok 06:16:43.0464 6856 [ 2333057542c91ae8228bdccc2e5f2632 ] LVPrcSrv C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe 06:16:43.0464 6856 LVPrcSrv - ok 06:16:43.0514 6856 [ e52f5a2cadcf08d07f559962f807a0a2 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys 06:16:43.0744 6856 LVRS - ok 06:16:43.0984 6856 [ c3d02260beb2b48dea1efdfca91e4b69 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys 06:16:44.0764 6856 LVUVC - ok 06:16:44.0884 6856 [ b2388f4e35a5ea03792a2f5bc4a082d5 ] MacDrive9Service C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe 06:16:44.0904 6856 MacDrive9Service - ok 06:16:44.0954 6856 [ bfb9ee8ee977efe85d1a3105abef6dd1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 06:16:44.0964 6856 Mcx2Svc - ok 06:16:45.0034 6856 [ e0ee97a72502a5f1fe5f766681386015 ] MDFSYSNT C:\Windows\system32\drivers\MDFSYSNT.sys 06:16:45.0054 6856 MDFSYSNT - ok 06:16:45.0084 6856 [ 0cea2d0d3fa284b85ed5b68365114f76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys 06:16:45.0104 6856 mdmxsdk - ok 06:16:45.0164 6856 [ c7086c7f6469ac656447fcd603eab3c3 ] MDPMGRNT C:\Windows\system32\drivers\MDPMGRNT.sys 06:16:45.0174 6856 MDPMGRNT - ok 06:16:45.0204 6856 [ 0fff5b045293002ab38eb1fd1fc2fb74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 06:16:45.0224 6856 megasas - ok 06:16:45.0244 6856 [ dcbab2920c75f390caf1d29f675d03d6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 06:16:45.0264 6856 MegaSR - ok 06:16:45.0324 6856 [ 123271bd5237ab991dc5c21fdf8835eb ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 06:16:45.0344 6856 Microsoft Office Groove Audit Service - ok 06:16:45.0364 6856 [ 146b6f43a673379a3c670e86d89be5ea ] MMCSS C:\Windows\system32\mmcss.dll 06:16:45.0364 6856 MMCSS - ok 06:16:45.0384 6856 [ f001861e5700ee84e2d4e52c712f4964 ] Modem C:\Windows\system32\drivers\modem.sys 06:16:45.0394 6856 Modem - ok 06:16:45.0444 6856 [ 79d10964de86b292320e9dfe02282a23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 06:16:45.0454 6856 monitor - ok 06:16:45.0474 6856 [ fb18cc1d4c2e716b6b903b0ac0cc0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 06:16:45.0484 6856 mouclass - ok 06:16:45.0494 6856 [ 2c388d2cd01c9042596cf3c8f3c7b24d ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 06:16:45.0504 6856 mouhid - ok 06:16:45.0554 6856 [ fc8771f45ecccfd89684e38842539b9b ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 06:16:45.0564 6856 mountmgr - ok 06:16:45.0634 6856 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 06:16:45.0644 6856 MozillaMaintenance - ok 06:16:45.0664 6856 [ 2d699fb6e89ce0d8da14ecc03b3edfe0 ] mpio C:\Windows\system32\drivers\mpio.sys 06:16:45.0674 6856 mpio - ok 06:16:45.0694 6856 [ ad2723a7b53dd1aacae6ad8c0bfbf4d0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 06:16:45.0704 6856 mpsdrv - ok 06:16:45.0754 6856 [ 9835584e999d25004e1ee8e5f3e3b881 ] MpsSvc C:\Windows\system32\mpssvc.dll 06:16:45.0754 6856 MpsSvc - ok 06:16:45.0764 6856 [ ceb46ab7c01c9f825f8cc6babc18166a ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 06:16:45.0784 6856 MRxDAV - ok 06:16:45.0824 6856 [ 5d16c921e3671636c0eba3bbaac5fd25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 06:16:45.0834 6856 mrxsmb - ok 06:16:45.0884 6856 [ 6d17a4791aca19328c685d256349fefc ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 06:16:45.0904 6856 mrxsmb10 - ok 06:16:45.0924 6856 [ b81f204d146000be76651a50670a5e9e ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 06:16:45.0934 6856 mrxsmb20 - ok 06:16:45.0984 6856 [ 012c5f4e9349e711e11e0f19a8589f0a ] msahci C:\Windows\system32\drivers\msahci.sys 06:16:46.0004 6856 msahci - ok 06:16:46.0044 6856 [ 55055f8ad8be27a64c831322a780a228 ] msdsm C:\Windows\system32\drivers\msdsm.sys 06:16:46.0064 6856 msdsm - ok 06:16:46.0104 6856 [ e1bce74a3bd9902b72599c0192a07e27 ] MSDTC C:\Windows\System32\msdtc.exe 06:16:46.0124 6856 MSDTC - ok 06:16:46.0154 6856 [ daefb28e3af5a76abcc2c3078c07327f ] Msfs C:\Windows\system32\drivers\Msfs.sys 06:16:46.0154 6856 Msfs - ok 06:16:46.0164 6856 [ 3e1e5767043c5af9367f0056295e9f84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 06:16:46.0184 6856 mshidkmdf - ok 06:16:46.0224 6856 [ 0a4e5757ae09fa9622e3158cc1aef114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 06:16:46.0234 6856 msisadrv - ok 06:16:46.0254 6856 [ 90f7d9e6b6f27e1a707d4a297f077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 06:16:46.0264 6856 MSiSCSI - ok 06:16:46.0274 6856 msiserver - ok 06:16:46.0304 6856 [ 8c0860d6366aaffb6c5bb9df9448e631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 06:16:46.0314 6856 MSKSSRV - ok 06:16:46.0334 6856 [ 3ea8b949f963562cedbb549eac0c11ce ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 06:16:46.0344 6856 MSPCLOCK - ok 06:16:46.0364 6856 [ f456e973590d663b1073e9c463b40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 06:16:46.0384 6856 MSPQM - ok 06:16:46.0404 6856 [ 0e008fc4819d238c51d7c93e7b41e560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 06:16:46.0424 6856 MsRPC - ok 06:16:46.0434 6856 [ fc6b9ff600cc585ea38b12589bd4e246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 06:16:46.0444 6856 mssmbios - ok 06:16:46.0464 6856 [ b42c6b921f61a6e55159b8be6cd54a36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 06:16:46.0474 6856 MSTEE - ok 06:16:46.0504 6856 [ 33599130f44e1f34631cea241de8ac84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 06:16:46.0514 6856 MTConfig - ok 06:16:46.0534 6856 [ 159fad02f64e6381758c990f753bcc80 ] Mup C:\Windows\system32\Drivers\mup.sys 06:16:46.0544 6856 Mup - ok 06:16:46.0594 6856 [ 61d57a5d7c6d9afe10e77dae6e1b445e ] napagent C:\Windows\system32\qagentRT.dll 06:16:46.0624 6856 napagent - ok 06:16:46.0654 6856 [ 26384429fcd85d83746f63e798ab1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 06:16:46.0674 6856 NativeWifiP - ok 06:16:46.0744 6856 [ e7c54812a2aaf43316eb6930c1ffa108 ] NDIS C:\Windows\system32\drivers\ndis.sys 06:16:46.0774 6856 NDIS - ok 06:16:46.0794 6856 [ 0e1787aa6c9191d3d319e8bafe86f80c ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 06:16:46.0804 6856 NdisCap - ok 06:16:46.0834 6856 [ e4a8aec125a2e43a9e32afeea7c9c888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 06:16:46.0844 6856 NdisTapi - ok 06:16:46.0884 6856 [ d8a65dafb3eb41cbb622745676fcd072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 06:16:46.0894 6856 Ndisuio - ok 06:16:46.0934 6856 [ 38fbe267e7e6983311179230facb1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 06:16:46.0944 6856 NdisWan - ok 06:16:46.0984 6856 [ a4bdc541e69674fbff1a8ff00be913f2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 06:16:46.0994 6856 NDProxy - ok 06:16:47.0054 6856 [ 51c6d8bfbd4ea5b62a1ba7f4469250d3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 06:16:47.0074 6856 Net Driver HPZ12 - ok 06:16:47.0094 6856 [ 80b275b1ce3b0e79909db7b39af74d51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 06:16:47.0104 6856 NetBIOS - ok 06:16:47.0144 6856 [ 280122ddcf04b378edd1ad54d71c1e54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 06:16:47.0164 6856 NetBT - ok 06:16:47.0164 6856 [ 81951f51e318aecc2d68559e47485cc4 ] Netlogon C:\Windows\system32\lsass.exe 06:16:47.0174 6856 Netlogon - ok 06:16:47.0214 6856 [ 7cccfca7510684768da22092d1fa4db2 ] Netman C:\Windows\System32\netman.dll 06:16:47.0224 6856 Netman - ok 06:16:47.0324 6856 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 06:16:47.0394 6856 NetMsmqActivator - ok 06:16:47.0404 6856 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 06:16:47.0404 6856 NetPipeActivator - ok 06:16:47.0434 6856 [ 8c338238c16777a802d6a9211eb2ba50 ] netprofm C:\Windows\System32\netprofm.dll 06:16:47.0434 6856 netprofm - ok 06:16:47.0444 6856 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 06:16:47.0444 6856 NetTcpActivator - ok 06:16:47.0454 6856 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 06:16:47.0454 6856 NetTcpPortSharing - ok 06:16:47.0614 6856 [ 39cba1ae2a400ef99c3dec9f9f601876 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys 06:16:47.0784 6856 netw5v32 - ok 06:16:47.0814 6856 [ 1d85c4b390b0ee09c7a46b91efb2c097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 06:16:47.0824 6856 nfrd960 - ok 06:16:47.0874 6856 [ 912084381d30d8b89ec4e293053f4710 ] NlaSvc C:\Windows\System32\nlasvc.dll 06:16:47.0894 6856 NlaSvc - ok 06:16:47.0964 6856 [ b48dc6abcd3aeff8618350ccbdc6b09a ] NPF C:\Windows\system32\drivers\npf.sys 06:16:47.0984 6856 NPF - ok 06:16:47.0994 6856 [ 1db262a9f8c087e8153d89bef3d2235f ] Npfs C:\Windows\system32\drivers\Npfs.sys 06:16:48.0004 6856 Npfs - ok 06:16:48.0024 6856 [ ba387e955e890c8a88306d9b8d06bf17 ] nsi C:\Windows\system32\nsisvc.dll 06:16:48.0044 6856 nsi - ok 06:16:48.0054 6856 [ e9a0a4d07e53d8fea2bb8387a3293c58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 06:16:48.0064 6856 nsiproxy - ok 06:16:48.0134 6856 [ 81189c3d7763838e55c397759d49007a ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 06:16:48.0174 6856 Ntfs - ok 06:16:48.0184 6856 [ f9756a98d69098dca8945d62858a812c ] Null C:\Windows\system32\drivers\Null.sys 06:16:48.0204 6856 Null - ok 06:16:48.0474 6856 [ ec13a4be19ab28d8e397c72d576dff59 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 06:16:48.0844 6856 nvlddmkm - ok 06:16:48.0884 6856 [ b3e25ee28883877076e0e1ff877d02e0 ] nvraid C:\Windows\system32\drivers\nvraid.sys 06:16:48.0894 6856 nvraid - ok 06:16:48.0914 6856 [ 4380e59a170d88c4f1022eff6719a8a4 ] nvstor C:\Windows\system32\drivers\nvstor.sys 06:16:48.0944 6856 nvstor - ok 06:16:48.0984 6856 [ 6a7fa894539761a2fdb927576c91c171 ] nvsvc C:\Windows\system32\nvvsvc.exe 06:16:49.0014 6856 nvsvc - ok 06:16:49.0054 6856 [ 5a0983915f02bae73267cc2a041f717d ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 06:16:49.0064 6856 nv_agp - ok 06:16:49.0144 6856 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 06:16:49.0174 6856 odserv - ok 06:16:49.0224 6856 [ 08a70a1f2cdde9bb49b885cb817a66eb ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 06:16:49.0244 6856 ohci1394 - ok 06:16:49.0274 6856 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 06:16:49.0304 6856 ose - ok 06:16:49.0334 6856 [ 82a8521ddc60710c3d3d3e7325209bec ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 06:16:49.0354 6856 p2pimsvc - ok 06:16:49.0374 6856 [ 59c3ddd501e39e006dac31bf55150d91 ] p2psvc C:\Windows\system32\p2psvc.dll 06:16:49.0394 6856 p2psvc - ok 06:16:49.0434 6856 [ 2ea877ed5dd9713c5ac74e8ea7348d14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 06:16:49.0444 6856 Parport - ok 06:16:49.0484 6856 [ 3f34a1b4c5f6475f320c275e63afce9b ] partmgr C:\Windows\system32\drivers\partmgr.sys 06:16:49.0504 6856 partmgr - ok 06:16:49.0514 6856 [ eb0a59f29c19b86479d36b35983daadc ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 06:16:49.0524 6856 Parvdm - ok 06:16:49.0624 6856 [ 39b9dcd7040654c2e57d7396736c718e ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe 06:16:49.0644 6856 PassThru Service - ok 06:16:49.0654 6856 [ 358ab7956d3160000726574083dfc8a6 ] PcaSvc C:\Windows\System32\pcasvc.dll 06:16:49.0684 6856 PcaSvc - ok 06:16:49.0724 6856 [ 673e55c3498eb970088e812ea820aa8f ] pci C:\Windows\system32\drivers\pci.sys 06:16:49.0744 6856 pci - ok 06:16:49.0774 6856 [ afe86f419014db4e5593f69ffe26ce0a ] pciide C:\Windows\system32\drivers\pciide.sys 06:16:49.0794 6856 pciide - ok 06:16:49.0804 6856 [ f396431b31693e71e8a80687ef523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 06:16:49.0824 6856 pcmcia - ok 06:16:49.0834 6856 [ 250f6b43d2b613172035c6747aeeb19f ] pcw C:\Windows\system32\drivers\pcw.sys 06:16:49.0854 6856 pcw - ok 06:16:49.0874 6856 [ 9e0104ba49f4e6973749a02bf41344ed ] PEAUTH C:\Windows\system32\drivers\peauth.sys 06:16:49.0900 6856 PEAUTH - ok 06:16:49.0947 6856 [ af4d64d2a57b9772cf3801950b8058a6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 06:16:50.0009 6856 PeerDistSvc - ok 06:16:50.0056 6856 [ b27f1df5abc5240480d4d2d9666867a5 ] PersonalSecureDrive C:\Windows\System32\drivers\psd.sys 06:16:50.0072 6856 PersonalSecureDrive - ok 06:16:50.0103 6856 [ 0aed704097ba683113cf08e8ad37723b ] PersonalSecureDriveService C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe 06:16:50.0165 6856 PersonalSecureDriveService - ok 06:16:50.0243 6856 [ 414bba67a3ded1d28437eb66aeb8a720 ] pla C:\Windows\system32\pla.dll 06:16:50.0337 6856 pla - ok 06:16:50.0404 6856 [ ec7bc28d207da09e79b3e9faf8b232ca ] PlugPlay C:\Windows\system32\umpnpmgr.dll 06:16:50.0424 6856 PlugPlay - ok 06:16:50.0454 6856 [ 79834aa2fbf9fe81eebb229024f6f7fc ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 06:16:50.0474 6856 Pml Driver HPZ12 - ok 06:16:50.0494 6856 [ 63ff8572611249931eb16bb8eed6afc8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 06:16:50.0514 6856 PNRPAutoReg - ok 06:16:50.0524 6856 [ 82a8521ddc60710c3d3d3e7325209bec ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 06:16:50.0534 6856 PNRPsvc - ok 06:16:50.0554 6856 [ 53946b69ba0836bd95b03759530c81ec ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 06:16:50.0804 6856 PolicyAgent - ok 06:16:50.0844 6856 [ f87d30e72e03d579a5199ccb3831d6ea ] Power C:\Windows\system32\umpo.dll 06:16:51.0114 6856 Power - ok 06:16:51.0174 6856 [ 631e3e205ad6d86f2aed6a4a8e69f2db ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 06:16:51.0184 6856 PptpMiniport - ok 06:16:51.0204 6856 [ 85b1e3a0c7585bc4aae6899ec6fcf011 ] Processor C:\Windows\system32\DRIVERS\processr.sys 06:16:51.0214 6856 Processor - ok 06:16:51.0274 6856 [ cadefac453040e370a1bdff3973be00d ] ProfSvc C:\Windows\system32\profsvc.dll 06:16:51.0294 6856 ProfSvc - ok 06:16:51.0314 6856 [ 81951f51e318aecc2d68559e47485cc4 ] ProtectedStorage C:\Windows\system32\lsass.exe 06:16:51.0314 6856 ProtectedStorage - ok 06:16:51.0344 6856 [ 6270ccae2a86de6d146529fe55b3246a ] Psched C:\Windows\system32\DRIVERS\pacer.sys 06:16:51.0354 6856 Psched - ok 06:16:51.0414 6856 [ e42e3433dbb4cffe8fdd91eab29aea8e ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys 06:16:51.0424 6856 PxHelp20 - ok 06:16:51.0474 6856 [ ab95ecf1f6659a60ddc166d8315b0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 06:16:51.0554 6856 ql2300 - ok 06:16:51.0574 6856 [ b4dd51dd25182244b86737dc51af2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 06:16:51.0594 6856 ql40xx - ok 06:16:51.0624 6856 [ 31ac809e7707eb580b2bdb760390765a ] QWAVE C:\Windows\system32\qwave.dll 06:16:51.0644 6856 QWAVE - ok 06:16:51.0654 6856 [ 584078ca1b95ca72df2a27c336f9719d ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 06:16:51.0664 6856 QWAVEdrv - ok 06:16:51.0734 6856 [ 8f97d374ad1857e1eed85a79f29a1d3d ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll 06:16:51.0774 6856 RapiMgr - ok 06:16:51.0784 6856 [ 30a81b53c766d0133bb86d234e5556ab ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 06:16:51.0794 6856 RasAcd - ok 06:16:51.0834 6856 [ 57ec4aef73660166074d8f7f31c0d4fd ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 06:16:51.0844 6856 RasAgileVpn - ok 06:16:51.0854 6856 [ a60f1839849c0c00739787fd5ec03f13 ] RasAuto C:\Windows\System32\rasauto.dll 06:16:51.0864 6856 RasAuto - ok 06:16:51.0874 6856 [ d9f91eafec2815365cbe6d167e4e332a ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 06:16:51.0884 6856 Rasl2tp - ok 06:16:51.0954 6856 [ cb9e04dc05eacf5b9a36ca276d475006 ] RasMan C:\Windows\System32\rasmans.dll 06:16:51.0974 6856 RasMan - ok 06:16:51.0984 6856 [ 0fe8b15916307a6ac12bfb6a63e45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 06:16:51.0994 6856 RasPppoe - ok 06:16:52.0004 6856 [ 44101f495a83ea6401d886e7fd70096b ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 06:16:52.0014 6856 RasSstp - ok 06:16:52.0064 6856 [ d528bc58a489409ba40334ebf96a311b ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 06:16:52.0074 6856 rdbss - ok 06:16:52.0094 6856 [ 0d8f05481cb76e70e1da06ee9f0da9df ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 06:16:52.0104 6856 rdpbus - ok 06:16:52.0154 6856 [ 23dae03f29d253ae74c44f99e515f9a1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 06:16:52.0164 6856 RDPCDD - ok 06:16:52.0224 6856 [ b973fcfc50dc1434e1970a146f7e3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 06:16:52.0234 6856 RDPDR - ok 06:16:52.0264 6856 [ 5a53ca1598dd4156d44196d200c94b8a ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 06:16:52.0284 6856 RDPENCDD - ok 06:16:52.0304 6856 [ 44b0a53cd4f27d50ed461dae0c0b4e1f ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 06:16:52.0314 6856 RDPREFMP - ok 06:16:52.0384 6856 [ 68a0387f58e226deee23d9715955572a ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 06:16:52.0404 6856 RdpVideoMiniport - ok 06:16:52.0424 6856 [ f031683e6d1fea157abb2ff260b51e61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 06:16:52.0434 6856 RDPWD - ok 06:16:52.0480 6856 [ 518395321dc96fe2c9f0e96ac743b656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 06:16:52.0496 6856 rdyboost - ok 06:16:52.0527 6856 [ 7b5e1419717fac363a31cc302895217a ] RemoteAccess C:\Windows\System32\mprdim.dll 06:16:52.0543 6856 RemoteAccess - ok 06:16:52.0574 6856 [ cb9a8683f4ef2bf99e123d79950d7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 06:16:52.0590 6856 RemoteRegistry - ok 06:16:52.0621 6856 [ cb928d9e6daf51879dd6ba8d02f01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 06:16:52.0636 6856 RFCOMM - ok 06:16:52.0668 6856 [ 470fc46e2989f6606043c1c5365b15fd ] RICOH SmartCard Reader C:\Windows\system32\DRIVERS\rismc32.sys 06:16:52.0699 6856 RICOH SmartCard Reader - ok 06:16:52.0714 6856 [ df672613fbbcd58c38bb0bc2694bcfb0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys 06:16:52.0730 6856 rimmptsk - ok 06:16:52.0730 6856 [ 470fc46e2989f6606043c1c5365b15fd ] rismc32 C:\Windows\system32\DRIVERS\rismc32.sys 06:16:52.0730 6856 rismc32 - ok 06:16:52.0792 6856 [ b60f58f175de20a6739194e85b035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe 06:16:52.0855 6856 rpcapd - ok 06:16:52.0902 6856 [ 78d072f35bc45d9e4e1b61895c152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 06:16:52.0917 6856 RpcEptMapper - ok 06:16:52.0943 6856 [ 94d36c0e44677dd26981d2bfeef2a29d ] RpcLocator C:\Windows\system32\locator.exe 06:16:52.0963 6856 RpcLocator - ok 06:16:53.0013 6856 [ 7660f01d3b38aca1747e397d21d790af ] RpcSs C:\Windows\system32\rpcss.dll 06:16:53.0013 6856 RpcSs - ok 06:16:53.0063 6856 [ 032b0d36ad92b582d869879f5af5b928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 06:16:53.0073 6856 rspndr - ok 06:16:53.0093 6856 [ 13335d083935ab88e09c9acc077355b5 ] RsvLock C:\Windows\system32\drivers\RsvLock.sys 06:16:53.0103 6856 RsvLock - ok 06:16:53.0143 6856 [ 7fa7f2e249a5dcbb7970630e15e1f482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 06:16:53.0163 6856 s3cap - ok 06:16:53.0193 6856 [ 062b82fa74c895382ab0784d493c8c9c ] SafeBoot C:\Windows\system32\drivers\SafeBoot.sys 06:16:53.0193 6856 Suspicious file (NoAccess): C:\Windows\system32\drivers\SafeBoot.sys. md5: 062b82fa74c895382ab0784d493c8c9c 06:16:53.0193 6856 SafeBoot ( LockedFile.Multi.Generic ) - warning 06:16:53.0193 6856 SafeBoot - detected LockedFile.Multi.Generic (1) 06:16:53.0203 6856 [ 81951f51e318aecc2d68559e47485cc4 ] SamSs C:\Windows\system32\lsass.exe 06:16:53.0213 6856 SamSs - ok 06:16:53.0293 6856 [ ca7d665c871026ae6ead6e52f141f92a ] SAVAdminService C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe 06:16:53.0293 6856 SAVAdminService - ok 06:16:53.0353 6856 [ e2c05310219e327e232291543c348b73 ] SAVOnAccess C:\Windows\system32\DRIVERS\savonaccess.sys 06:16:53.0373 6856 SAVOnAccess - ok 06:16:53.0403 6856 [ b8a272d4e91efb366e16bea0fa42d7ee ] SAVService C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe 06:16:53.0423 6856 SAVService - ok 06:16:53.0443 6856 [ c9cb2c392c35cbee2733c836d23dc642 ] SbAlg C:\Windows\system32\drivers\SbAlg.sys 06:16:53.0453 6856 SbAlg - ok 06:16:53.0483 6856 [ b5a8ecdee930b52fd3ba35700a15ea53 ] SbFsLock C:\Windows\system32\drivers\SbFsLock.sys 06:16:53.0493 6856 SbFsLock - ok 06:16:53.0553 6856 [ 05d860da1040f111503ac416ccef2bca ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 06:16:53.0563 6856 sbp2port - ok 06:16:53.0593 6856 [ 8fc518ffe9519c2631d37515a68009c4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 06:16:53.0603 6856 SCardSvr - ok 06:16:53.0643 6856 [ 16b1abe7f3e35f21dac57592b6c5d464 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys 06:16:53.0653 6856 SCDEmu - ok 06:16:53.0673 6856 [ 0693b5ec673e34dc147e195779a4dcf6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 06:16:53.0683 6856 scfilter - ok 06:16:53.0743 6856 [ a04bb13f8a72f8b6e8b4071723e4e336 ] Schedule C:\Windows\system32\schedsvc.dll 06:16:53.0743 6856 Schedule - ok 06:16:53.0783 6856 [ 319c6b309773d063541d01df8ac6f55f ] SCPolicySvc C:\Windows\System32\certprop.dll 06:16:53.0783 6856 SCPolicySvc - ok 06:16:53.0823 6856 [ 0328be1c7f1cba23848179f8762e391c ] sdbus C:\Windows\system32\drivers\sdbus.sys 06:16:53.0833 6856 sdbus - ok 06:16:53.0883 6856 [ 08236c4bce5edd0a0318a438af28e0f7 ] SDRSVC C:\Windows\System32\SDRSVC.dll 06:16:53.0903 6856 SDRSVC - ok 06:16:53.0943 6856 [ 90a3935d05b494a5a39d37e71f09a677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 06:16:53.0953 6856 secdrv - ok 06:16:53.0973 6856 [ a59b3a4442c52060cc7a85293aa3546f ] seclogon C:\Windows\system32\seclogon.dll 06:16:53.0993 6856 seclogon - ok 06:16:54.0013 6856 [ dcb7fcdcc97f87360f75d77425b81737 ] SENS C:\Windows\system32\sens.dll 06:16:54.0013 6856 SENS - ok 06:16:54.0033 6856 [ 50087fe1ee447009c9cc2997b90de53f ] SensrSvc C:\Windows\system32\sensrsvc.dll 06:16:54.0043 6856 SensrSvc - ok 06:16:54.0083 6856 [ 9ad8b8b515e3df6acd4212ef465de2d1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 06:16:54.0093 6856 Serenum - ok 06:16:54.0093 6856 [ 5fb7fcea0490d821f26f39cc5ea3d1e2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 06:16:54.0113 6856 Serial - ok 06:16:54.0153 6856 [ 79bffb520327ff916a582dfea17aa813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 06:16:54.0163 6856 sermouse - ok 06:16:54.0213 6856 [ 4ae380f39a0032eab7dd953030b26d28 ] SessionEnv C:\Windows\system32\sessenv.dll 06:16:54.0233 6856 SessionEnv - ok 06:16:54.0273 6856 [ 9f976e1eb233df46fce808d9dea3eb9c ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 06:16:54.0283 6856 sffdisk - ok 06:16:54.0313 6856 [ 932a68ee27833cfd57c1639d375f2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 06:16:54.0323 6856 sffp_mmc - ok 06:16:54.0343 6856 [ 6d4ccaedc018f1cf52866bbbaa235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 06:16:54.0353 6856 sffp_sd - ok 06:16:54.0383 6856 [ db96666cc8312ebc45032f30b007a547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 06:16:54.0393 6856 sfloppy - ok 06:16:54.0443 6856 [ d1a079a0de2ea524513b6930c24527a2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 06:16:54.0463 6856 SharedAccess - ok 06:16:54.0483 6856 [ 414da952a35bf5d50192e28263b40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 06:16:54.0503 6856 ShellHWDetection - ok 06:16:54.0553 6856 [ 2565cac0dc9fe0371bdce60832582b2e ] sisagp C:\Windows\system32\drivers\sisagp.sys 06:16:54.0563 6856 sisagp - ok 06:16:54.0583 6856 [ a9f0486851becb6dda1d89d381e71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 06:16:54.0603 6856 SiSRaid2 - ok 06:16:54.0613 6856 [ 3727097b55738e2f554972c3be5bc1aa ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 06:16:54.0633 6856 SiSRaid4 - ok 06:16:54.0683 6856 [ e407a8eea2fd4bf560c05c0ebf1793b3 ] SKMScan C:\Windows\system32\DRIVERS\skmscan.sys 06:16:54.0703 6856 SKMScan - ok 06:16:54.0753 6856 [ 6128e98eaaed364ed1a32708d2fd22cb ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 06:16:54.0983 6856 SkypeUpdate - ok 06:16:55.0043 6856 [ 3e21c083b8a01cb70ba1f09303010fce ] Smb C:\Windows\system32\DRIVERS\smb.sys 06:16:55.0053 6856 Smb - ok 06:16:55.0093 6856 [ 6a984831644eca1a33ffeae4126f4f37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 06:16:55.0113 6856 SNMPTRAP - ok 06:16:55.0153 6856 [ 9de6e60ce7fd82b4985de5d9c22265ad ] SNTNLUSB C:\Windows\system32\DRIVERS\SNTNLUSB.SYS 06:16:55.0163 6856 SNTNLUSB - ok 06:16:55.0223 6856 [ 8a12ab5de877b8f97d5ee70e16a5c9b2 ] Sophos AutoUpdate Service C:\Program Files\Sophos\AutoUpdate\ALsvc.exe 06:16:55.0223 6856 Sophos AutoUpdate Service - ok 06:16:55.0263 6856 [ f2b7bd04146b3e6a895a1919e1f5da89 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys 06:16:55.0273 6856 SophosBootDriver - ok 06:16:55.0293 6856 [ 95cf1ae7527fb70f7816563cbc09d942 ] spldr C:\Windows\system32\drivers\spldr.sys 06:16:55.0303 6856 spldr - ok 06:16:55.0363 6856 [ 866a43013535dc8587c258e43579c764 ] Spooler C:\Windows\System32\spoolsv.exe 06:16:55.0383 6856 Spooler - ok 06:16:55.0493 6856 [ cf87a1de791347e75b98885214ced2b8 ] sppsvc C:\Windows\system32\sppsvc.exe 06:16:55.0613 6856 sppsvc - ok 06:16:55.0653 6856 [ b0180b20b065d89232a78a40fe56eaa6 ] sppuinotify C:\Windows\system32\sppuinotify.dll 06:16:55.0673 6856 sppuinotify - ok 06:16:55.0723 6856 [ e4c2764065d66ea1d2d3ebc28fe99c46 ] srv C:\Windows\system32\DRIVERS\srv.sys 06:16:55.0733 6856 srv - ok 06:16:55.0783 6856 [ 03f0545bd8d4c77fa0ae1ceedfcc71ab ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 06:16:55.0793 6856 srv2 - ok 06:16:55.0823 6856 [ e00fdfaff025e94f9821153750c35a6d ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS 06:16:55.0853 6856 SrvHsfHDA - ok 06:16:55.0883 6856 [ ceb4e3b6890e1e42dca6694d9e59e1a0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS 06:16:55.0923 6856 SrvHsfV92 - ok 06:16:55.0953 6856 [ bc0c7ea89194c299f051c24119000e17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 06:16:55.0973 6856 SrvHsfWinac - ok 06:16:56.0013 6856 [ be6bd660caa6f291ae06a718a4fa8abc ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 06:16:56.0033 6856 srvnet - ok 06:16:56.0063 6856 [ d887c9fd02ac9fa880f6e5027a43e118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 06:16:56.0083 6856 SSDPSRV - ok 06:16:56.0093 6856 [ d318f23be45d5e3a107469eb64815b50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 06:16:56.0113 6856 SstpSvc - ok 06:16:56.0133 6856 [ db32d325c192b801df274bfd12a7e72b ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 06:16:56.0153 6856 stexstor - ok 06:16:56.0203 6856 [ e1fb3706030fb4578a0d72c2fc3689e4 ] StiSvc C:\Windows\System32\wiaservc.dll 06:16:56.0223 6856 StiSvc - ok 06:16:56.0273 6856 [ 472af0311073dceceaa8fa18ba2bdf89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 06:16:56.0293 6856 storflt - ok 06:16:56.0343 6856 [ dcaffd62259e0bdb433dd67b5bb37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys 06:16:56.0353 6856 storvsc - ok 06:16:56.0383 6856 [ e58c78a848add9610a4db6d214af5224 ] swenum C:\Windows\system32\drivers\swenum.sys 06:16:56.0403 6856 swenum - ok 06:16:56.0533 6856 [ 6d092c11a8d706f0a0f6791b4c6fc59b ] swi_service C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe 06:16:56.0543 6856 swi_service - ok 06:16:56.0693 6856 [ b4882758dfbf19e33e50f503ad3c26b9 ] swi_update C:\ProgramData\Sophos\Web Intelligence\swi_update.exe 06:16:56.0773 6856 swi_update - ok 06:16:56.0813 6856 [ a28bd92df340e57b024ba433165d34d7 ] swprv C:\Windows\System32\swprv.dll 06:16:56.0823 6856 swprv - ok 06:16:56.0843 6856 Synth3dVsc - ok 06:16:56.0913 6856 [ 0e8676fb3bb95aa40fdf7a4a31018c8b ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 06:16:56.0995 6856 SynTP - ok 06:16:57.0058 6856 [ 36650d618ca34c9d357dfd3d89b2c56f ] SysMain C:\Windows\system32\sysmain.dll 06:16:57.0136 6856 SysMain - ok 06:16:57.0182 6856 [ 763fecdc3d30c815fe72dd57936c6cd1 ] TabletInputService C:\Windows\System32\TabSvc.dll 06:16:57.0198 6856 TabletInputService - ok 06:16:57.0260 6856 [ 98a1e6bc9f766b0b0a5bf00af847ef20 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys 06:16:57.0260 6856 tap0901 - ok 06:16:57.0307 6856 [ 613bf4820361543956909043a265c6ac ] TapiSrv C:\Windows\System32\tapisrv.dll 06:16:57.0323 6856 TapiSrv - ok 06:16:57.0338

[anoniem]

Zoals je wellicht ook al in de vorige post uit de logfile kunt halen, staat er niks over: Rootkit.Boot.SST.b en anderen zoals Sinowal, ZeroAccess of Whistler laat je herstellen Cure.

[anoniem]

We gaan door: [color=#FF0000:95deb4f28a][b:95deb4f28a]Stap •1•[/b:95deb4f28a][/color:95deb4f28a] [b:95deb4f28a]Welk programma[/b:95deb4f28a]: [color=#008000:95deb4f28a][b:95deb4f28a]ComboFix[/b:95deb4f28a][/color:95deb4f28a] [b:95deb4f28a]Waarvoor/waarom[/b:95deb4f28a]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen. [b:95deb4f28a]Moeilijkheidsgraad[/b:95deb4f28a]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:95deb4f28a]Downloadlokatie[/b:95deb4f28a]: Dit programma absoluut naar het bureaublad downloaden! [b:95deb4f28a]Download ComboFix via één van deze locaties[/b:95deb4f28a]: [list:95deb4f28a][*:95deb4f28a][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:95deb4f28a]Bleepingcomputer[/b:95deb4f28a][/url] [*:95deb4f28a][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:95deb4f28a]ForoSpyware[/b:95deb4f28a][/url] [*:95deb4f28a][url=http://subs.geekstogo.com/ComboFix.exe][b:95deb4f28a]Geekstogo[/b:95deb4f28a][/url][/list:u:95deb4f28a] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:95deb4f28a][color=#0000FF:95deb4f28a]Hier[/color:95deb4f28a][/b:95deb4f28a][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn! [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608][b:95deb4f28a][color=#0000FF:95deb4f28a]Hier[/color:95deb4f28a][/b:95deb4f28a][/url] en [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607][b:95deb4f28a][color=#0000FF:95deb4f28a]hier[/color:95deb4f28a][/b:95deb4f28a][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:95deb4f28a]Opmerkingen[/b:95deb4f28a]: [list:95deb4f28a][*:95deb4f28a] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:95deb4f28a]Alle openstaande programma's en webpagina's dienen afgesloten te zijn. [*:95deb4f28a]Indien ComboFix een melding geeft over Zero-acces, meld dat vervolgens erbij in je nieuwe bericht.[/list:u:95deb4f28a] [b:95deb4f28a]ComboFix opstarten[/b:95deb4f28a]: [list:95deb4f28a][*:95deb4f28a][b:95deb4f28a][color=#0000FF:95deb4f28a]Windows 2000[/color:95deb4f28a][/b:95deb4f28a] en [color=#0000FF:95deb4f28a][b:95deb4f28a]Windows XP[/b:95deb4f28a][/color:95deb4f28a]: dubbelklik op ComboFix.exe. [*:95deb4f28a][color=#0000FF:95deb4f28a][b:95deb4f28a]Windows Vista[/b:95deb4f28a][/color:95deb4f28a] en [color=#0000FF:95deb4f28a][b:95deb4f28a]Windows 7[/b:95deb4f28a][/color:95deb4f28a]: via rechtsklik op ComboFix.exe en kies voor "Als Administrator uitvoeren".[/list:u:95deb4f28a] [b:95deb4f28a]ComboFix is opgestart[/b:95deb4f28a]: [list:95deb4f28a][*:95deb4f28a]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:95deb4f28a]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:95deb4f28a]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:95deb4f28a]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:95deb4f28a]Post de inhoud van dit logbestand in je volgende bericht. [*:95deb4f28a]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:95deb4f28a] [b:95deb4f28a]Belangrijke opmerking[/b:95deb4f28a]: [list:95deb4f28a][*:95deb4f28a][b:95deb4f28a][color=#0000FF:95deb4f28a]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:95deb4f28a][/b:95deb4f28a] [*:95deb4f28a][b:95deb4f28a][color=#FF0000:95deb4f28a]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:95deb4f28a][/b:95deb4f28a] [*:95deb4f28a][b:95deb4f28a][color=#008000:95deb4f28a]Start dan de computer opnieuw op.[/color:95deb4f28a][/b:95deb4f28a][/list:u:95deb4f28a] [color=#FF0000:95deb4f28a][b:95deb4f28a]Stap •2•[/b:95deb4f28a][/color:95deb4f28a] [b:95deb4f28a]Welk programma[/b:95deb4f28a]: [color=#008000:95deb4f28a][b:95deb4f28a]"aswMBR.exe'[/b:95deb4f28a][/color:95deb4f28a] [b:95deb4f28a]Waarvoor/waarom[/b:95deb4f28a]: MBR-Rootkitscanner [b:95deb4f28a]Moeilijkheidsgraad[/b:95deb4f28a]: geen [b:95deb4f28a]Downloadlokatie[/b:95deb4f28a]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen! [b:95deb4f28a]Download[/b:95deb4f28a] [b:95deb4f28a]aswMBR.exe[/b:95deb4f28a] [url=http://public.avast.com/~gmerek/aswMBR.exe][b:95deb4f28a]hier[/b:95deb4f28a][/url]. [b:95deb4f28a]aswMBR.exe gebruiken[/b:95deb4f28a]: [list:95deb4f28a][*:95deb4f28a]Windows 2000 en Windows XP: dubbelklik op "aswMBR.exe". [*:95deb4f28a]Windows Vista en Windows 7: rechtsklik op "aswMBR.exe" en kies voor [b:95deb4f28a]Als Administrator uitvoeren[/b:95deb4f28a].[/list:u:95deb4f28a] [list:95deb4f28a][*:95deb4f28a] Klik in het volgende venster op "[b:95deb4f28a]Nee[/b:95deb4f28a]" [img:95deb4f28a]http://www.imgdumper.nl/uploads4/4e4115af00b45/4e4115af00378-aswmbrno.png[/img:95deb4f28a] [img:95deb4f28a]http://www.imgdumper.nl/uploads4/4db3f87694fe9/4db3f87693886-aswmbrscan.gif[/img:95deb4f28a] [*:95deb4f28a] Klik nu in het zwarte scherm op de knop [b:95deb4f28a]Scan[/b:95deb4f28a] [*:95deb4f28a] Als de melding "Scan finished successfully" komt, klik dan vervolgens op de knop [b:95deb4f28a]Save log[/b:95deb4f28a] [img:95deb4f28a]http://www.imgdumper.nl/uploads4/4db3f8e71343a/4db3f8e71288d-aswmbrsavelog.gif[/img:95deb4f28a] [*:95deb4f28a] Het makkelijkst is het, als opslaglokatie voor het log gewoon het bureaublad te kiezen. [*:95deb4f28a] Tevens vindt je nu op het bureaublad ook het bestand [b:95deb4f28a]MBR.dat[/b:95deb4f28a]! [*:95deb4f28a] [b:95deb4f28a]MBR.dat[/b:95deb4f28a] is een backupbestand, bewaar dat dus voorlopig. [*:95deb4f28a] Ook op het bureaublad staat een kladbloktekst-document genaamd [b:95deb4f28a]aswMBR.txt[/b:95deb4f28a][*:95deb4f28a] Post de inhoud van [b:95deb4f28a]aswMBR.txt[/b:95deb4f28a] in jouw volgende bericht.[/list:u:95deb4f28a] [color=#008000:95deb4f28a][b:95deb4f28a]N.B.: zorg er voor dat externe HD's/USB-sticks eerst worden verwijderd.[/b:95deb4f28a][/color:95deb4f28a]

[anoniem]

ComboFix 12-08-14.05 - LucGIS 15-08-2012 19:33:03.4.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3071.1724 [GMT 2:00] Gestart vanuit: c:\users\LucGIS\Desktop\ComboFix.exe AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A} SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))) . . 2012-08-15 17:50 . 2012-08-15 17:50 -------- d-----w- c:\users\ldavids\AppData\Local\temp 2012-08-15 17:50 . 2012-08-15 17:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-15 04:49 . 2012-08-15 17:39 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EB89D3DF-AEC2-47C6-96D9-B72EC65FD613}\offreg.dll 2012-08-13 18:17 . 2012-08-13 18:17 -------- d-----w- c:\program files\ESET 2012-08-13 17:18 . 2012-08-14 17:00 -------- d-----w- C:\TDSSStarter 2012-08-13 14:58 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EB89D3DF-AEC2-47C6-96D9-B72EC65FD613}\mpengine.dll 2012-07-25 19:31 . 2012-07-25 19:31 -------- d-----w- c:\users\LucGIS\AppData\Local\Programs 2012-07-25 19:23 . 2012-08-09 17:05 -------- d-----w- c:\program files\TunnelBear 2012-07-19 09:04 . 2012-07-19 11:08 -------- d-----w- c:\users\ldavids\AppData\Roaming\vlc 2012-07-19 08:49 . 2012-07-19 08:49 -------- d-----w- c:\users\ldavids\AppData\Roaming\Definiens 2012-07-18 14:09 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll 2012-07-18 14:09 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll 2012-07-18 14:09 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll 2012-07-18 14:09 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll 2012-07-18 14:09 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll 2012-07-18 14:09 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2012-07-18 14:09 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2012-07-18 14:09 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-18 14:09 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll 2012-07-18 14:09 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2012-07-18 14:09 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-15 17:28 . 2012-03-30 19:39 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-15 17:28 . 2011-05-17 12:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-18 17:19 . 2011-12-07 09:53 30744 ----a-w- c:\windows\system32\SophosBootTasks.exe 2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll 2012-06-22 07:55 . 2010-02-05 13:07 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-06-22 07:55 . 2010-02-05 13:07 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-06-21 06:22 . 2012-06-21 06:22 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-21 06:22 . 2010-05-14 09:28 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-06 19:14 . 2012-06-06 19:02 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll 2012-06-04 16:21 . 2012-06-04 15:57 97 ----a-w- C:\move.cmd 2012-06-02 22:19 . 2012-06-12 12:46 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-12 12:46 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-12 12:46 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-12 12:46 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-12 12:46 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-12 12:46 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-12 12:46 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-12 12:45 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:12 . 2012-06-12 12:45 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-05-31 10:25 . 2010-02-04 21:14 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-05-18 22:52 . 2012-05-18 22:52 882024 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-18 22:52 . 2012-05-18 22:52 7745896 ----a-w- c:\windows\system32\nvwgf2um.dll 2012-05-18 22:52 . 2012-05-18 22:52 5925736 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-18 22:52 . 2012-05-18 22:52 2518376 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-18 22:52 . 2012-05-18 22:52 2439016 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-18 22:52 . 2012-05-18 22:52 19512680 ----a-w- c:\windows\system32\nvoglv32.dll 2012-05-18 22:52 . 2012-05-18 22:52 17543528 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-18 22:52 . 2012-05-18 22:52 11457896 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-05-18 22:52 . 2012-05-18 22:52 1000296 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-18 22:52 . 2010-12-04 04:45 61288 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-18 22:52 . 2010-10-03 17:47 15037800 ----a-w- c:\windows\system32\nvd3dum.dll 2012-05-18 22:52 . 2010-10-03 17:47 2325352 ----a-w- c:\windows\system32\nvapi.dll 2012-05-18 16:19 . 2010-12-04 03:45 3900264 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-18 16:19 . 2010-12-04 03:45 2722152 ----a-w- c:\windows\system32\nvsvc.dll 2012-05-18 16:16 . 2010-12-04 03:45 713064 ----a-w- c:\windows\system32\nv3dappshext.dll 2012-05-18 16:16 . 2010-12-04 03:45 108392 ----a-w- c:\windows\system32\nvmctray.dll 2012-05-18 16:16 . 2010-07-09 14:20 55144 ----a-w- c:\windows\system32\nv3dappshextr.dll 2012-05-18 16:16 . 2009-11-20 18:33 62312 ----a-w- c:\windows\system32\nvshext.dll 2012-05-18 16:16 . 2010-07-09 14:20 2561384 ----a-w- c:\windows\system32\nvsvcr.dll 2012-05-18 16:16 . 2010-12-04 03:45 645480 ----a-w- c:\windows\system32\nvvsvc.exe 2009-01-20 17:48 . 2010-02-05 23:55 2826240 ----a-w- c:\program files\amtlib.dll 2012-07-19 08:47 . 2011-03-23 15:13 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll 2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll 2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\LucGIS\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\LucGIS\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\LucGIS\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MP3 Skype Recorder"="c:\program files\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-17 1975296] "Spotify Web Helper"="c:\users\LucGIS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-03 1193176] "GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-07-20 12218904] "MusicManager"="c:\users\LucGIS\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-06-01 13806592] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-08-07 354360] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-07-28 24848] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "atchk"="c:\program files\Intel\AMT\atchk.exe" [2008-05-25 408088] "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-02-06 611712] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208] "KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2012-05-01 1895424] "Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2012-07-06 900160] "SuperOffice Ribbons"="c:\program files\SuperOffice\SuperOffice Ribbons\InstallerHelper.exe" [2008-02-15 36864] "IFXSPMGT"="c:\program files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2011-09-21 1107232] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2011-09-21 186904] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-07-06 11227136] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-06-22 296056] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-18 1634112] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MP3 Skype Recorder"="c:\program files\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-17 1975296] . c:\users\LucGIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ArcGIS License Manager 10 CRACKED.lnk - c:\cracked license manager 10\start_lic_mgr_invisible.vbs [N/A] EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-6-13 1014112] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-5 813584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP] 2009-10-05 17:43 75320 ----a-w- c:\windows\System32\DeviceNP.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\HEWLET~1\IAM\Bin\APSHook.dll c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService] @="service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 . R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [x] R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x] R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x] R2 swi_update;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update.exe [x] R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 ApacheMS4WWebServer;Apache MS4W Web Server;c:\ms4w\Apache\bin\httpd.exe [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [x] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x] R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [x] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\rismc32.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x] S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [x] S0 SafeBoot;SafeBoot; [x] S0 SbAlg;SbAlg; [x] S0 SbFsLock;SbFsLock; [x] S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [x] S1 RsvLock;RsvLock; [x] S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x] S1 SKMScan;SKMScan;c:\windows\system32\DRIVERS\skmscan.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 ArcGIS License Manager;ArcGIS License Manager;c:\program files\ArcGIS\License10.1\bin\lmgrd.exe [x] S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [x] S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [x] S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x] S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x] S2 ERDAS Licensing Service;ERDAS Licensing Service;c:\program files\ERDAS\Shared\licensing\bin\Win32Release\lmgrd.exe [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x] S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x] S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x] S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x] S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [x] S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x] S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x] S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [x] S3 netw5v32;Intel(R) Wireless WiFi Link adapter stuurprogramma onder Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x] S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker Bioscrypt REG_MULTI_SZ ASChannel GPSvcGroup REG_MULTI_SZ GPSvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HsfXAudioService REG_MULTI_SZ HsfXAudioService . Inhoud van de 'Gedeelde Taken' map . 2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:28] . 2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 22:21] . 2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 22:21] . 2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3722317121-2849858582-2285873027-1001Core.job - c:\users\LucGIS\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-13 10:22] . 2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3722317121-2849858582-2285873027-1001UA.job - c:\users\LucGIS\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-13 10:22] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.nu.nl/ uInternet Settings,ProxyOverride = *.local IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {{CC88D81F-6166-4F46-AC89-B75CD9CEB292} - {76E2006B-AC76-4710-AC10-4ADE018779EB} - c:\program files\SuperOffice\SoIeExtensions.dll LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll TCP: DhcpNameServer = 192.168.2.1 DPF: {77583070-5F09-43E5-8B5C-58DCD2DA43FE} - hxxp://awsbs23k/AenWmaatwerk/faktuur/anscontrols/ansinvoice.CAB DPF: {A374D34D-CC5F-488D-ABA8-DCFDBCCA5CC1} - hxxp://awsbs23k/AenWmaatwerk/rapporten/anscontrols/ansreport.CAB DPF: {FA2CF5C4-D0FB-438F-B484-6B070FCD0459} - hxxp://awsbs23k/AenWmaatwerk/derden/anscontrols/ansderden.CAB FF - ProfilePath - c:\users\LucGIS\AppData\Roaming\Mozilla\Firefox\Profiles\jrmy02rl.default\ FF - prefs.js: browser.startup.homepage - www.nu.nl . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{BA14329E-9550-4989-B3F2-9732E92D17CC}"=hex:51,66,7a,6c,4c,1d,38,12,f0,31,07, be,62,db,e7,0c,cc,e4,d4,72,ec,73,53,d8 "{2913D3DD-9363-4C21-B205-C19A584A0674}"=hex:51,66,7a,6c,4c,1d,38,12,b3,d0,00, 2d,51,dd,4f,09,cd,13,82,da,5d,14,42,60 "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90, 43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87 "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68, 55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3 "{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f, 03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{39EA7695-B3F2-4C44-A4BC-297ADA8FD235}"=hex:51,66,7a,6c,4c,1d,38,12,fb,75,f9, 3d,c0,fd,2a,09,db,aa,6a,3a,df,d1,96,21 "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f, aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{DF21F1DB-80C6-11D3-9483-B03D0EC10000}"=hex:51,66,7a,6c,4c,1d,38,12,b5,f2,32, db,f4,ce,bd,54,eb,95,f3,7d,0b,9f,44,14 "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84, f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63 "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:7a,61,65,e9,0b,40,cc,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,a5,9a,38,37,93,ba,49,9a,87,4b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,a5,9a,38,37,93,ba,49,9a,87,4b,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000007b . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(3536) c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll c:\program files\Logitech\SetPoint\GameHook.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\users\LucGIS\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . Voltooingstijd: 2012-08-15 20:00:35 ComboFix-quarantined-files.txt 2012-08-15 18:00 ComboFix2.txt 2012-08-14 18:26 ComboFix3.txt 2012-08-14 17:26 ComboFix4.txt 2012-08-13 18:04 . Pre-Run: 23.796.887.552 bytes beschikbaar Post-Run: 23.715.713.024 bytes beschikbaar . - - End Of File - - 74918F22A1E663DD7075045A8993F419

[anoniem]

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-08-15 20:06:31 ----------------------------- 20:06:31.041 OS Version: Windows 6.1.7601 Service Pack 1 20:06:31.041 Number of processors: 2 586 0x1706 20:06:31.057 ComputerName: LucGIS UserName: 20:06:35.249 Initialize success 20:06:56.285 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 20:06:56.285 Disk 0 Vendor: ST920042 3.AH Size: 190782MB BusType: 3 20:06:56.332 Disk 0 MBR read successfully 20:06:56.332 Disk 0 MBR scan 20:06:56.348 Disk 0 Windows 7 default MBR code 20:06:56.348 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 20:06:56.363 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 190680 MB offset 206848 20:06:56.363 Disk 0 scanning sectors +390719488 20:06:56.426 Disk 0 scanning C:\Windows\system32\drivers 20:07:06.247 Service scanning 20:07:20.287 Service SafeBoot C:\Windows\System32\Drivers\SafeBoot.sys **LOCKED** 32 20:07:26.433 Modules scanning 20:07:36.150 Disk 0 trace - called modules: 20:07:36.170 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys iaStor.sys 20:07:36.510 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8753e9d8] 20:07:36.510 3 CLASSPNP.SYS[8c1b359e] -> nt!IofCallDriver -> [0x87539240] 20:07:36.520 5 hpdskflt.sys[8c15df92] -> nt!IofCallDriver -> [0x86748838] 20:07:36.530 7 ACPI.sys[8bac13d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8671d028] 20:07:36.530 Scan finished successfully 20:07:47.362 Disk 0 MBR has been saved successfully to "C:\Users\LucGIS\Desktop\MBR.dat" 20:07:47.378 The log file has been saved successfully to "C:\Users\LucGIS\Desktop\aswMBR.txt"

[anoniem]

Dat ziet er allemaal goed uit. Zijn er nog problemen?

[anoniem]

Hoi, Ik heb nogmaals TDSSKiller gerund en dan geeft hij toch weer 1 threat aan. 22:37:53.0582 8172 Scan finished 22:37:53.0582 8172 ============================================================ 22:37:53.0592 8164 Detected object count: 1 22:37:53.0592 8164 Actual detected object count: 1 22:38:00.0866 8164 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user 22:38:00.0866 8164 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip Is dit dan een false positive? mvg LucGIS

[anoniem]

Tsja leuk voorbeeld; zegt alleen niks. TDSSKiller doet dat bij alle bestanden die geen digitaal certificaat beschikken.

[anoniem]

Hoi, Bedankt voor de geboden hulp! Het was duidelijk en professioneel. Vooralsnog geen gekke dingen meer. mvg LucGIS

[anoniem]

Hoi voordat we dan gaan opruimen, dan nu graag eerst nog het volgende doen: een test, om te kijken hoe goed de huidige veiligheidssituatie in Windows is. Download naar je bureaublad [url=http://screen317.spywareinfoforum.org/SecurityCheck.exe][b:bd2a0eb480][color=#0000FF:bd2a0eb480]Security Check[/color:bd2a0eb480][/b:bd2a0eb480][/url]. [list:bd2a0eb480][*:bd2a0eb480] Klik/dubbelklik op [b:bd2a0eb480]SecurityCheck.exe[/b:bd2a0eb480] en let op de instrukties in het zwarte venster. [*:bd2a0eb480] Een Kladblok document genaamd [b:bd2a0eb480]checkup.txt[/b:bd2a0eb480] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad. [*:bd2a0eb480] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:bd2a0eb480] Post de inhoud van [b:bd2a0eb480]checkup.txt [/b:bd2a0eb480]in je volgende post. En dank jou wel voor het compliment.

[anoniem]

Er gaat iets niet goed, er komt geen log. Er staan wel dingen in het dos scherm, maar deze gaat te snel weg om het te kunnen lezen.

[anoniem]

Je bent al de tweede die vermeld. Ik denk dat het tool eeven niet bruikbaar is. Dan gaan we nu eerst opruimen. Maar eerst dit: hou de Eset Onlinescanner in jouw Windows erbij. Navigeer naar [b:0c445797e5]C:\Program Files\ESET\ESET Online Scanner[/b:0c445797e5] en klik met rechts op [color=#0000FF:0c445797e5][b:0c445797e5]OnlineScannerApp.exe[/b:0c445797e5][/color:0c445797e5] en kies dan voor Snelkoppeling op het bureaublad plaatsen. Gebruik OnlineScannerApp.exe ix maandelijks. Eset zal nu als App opstarten, dan kan je de scan-instellingen aanvinken en vervolgens zal het updateproces beginnen en daarna de scan starten. En nog een tip: hier - [url]http://www.jawwi.nl/artikelen/cookies.html[/url] - vindt je info over cookies en hoe in je browser(s) AdAware cookies te weren. [color=#FF0000:0c445797e5][b:0c445797e5]Stap •1•[/b:0c445797e5][/color:0c445797e5] Je mag de onderstaande tools handmatig verwijderen [list:0c445797e5][*:0c445797e5][color=#0000FF:0c445797e5][b:0c445797e5]Subb's DDS+ logs[/b:0c445797e5][/color:0c445797e5] [*:0c445797e5][color=#0000FF:0c445797e5][b:0c445797e5]TDSKiller + logs[/b:0c445797e5][/color:0c445797e5] [*:0c445797e5][color=#0000FF:0c445797e5][b:0c445797e5]aswMBR.exe [/b:0c445797e5][/color:0c445797e5] [*:0c445797e5][color=#0000FF:0c445797e5][b:0c445797e5]MBR.dat[/b:0c445797e5][/color:0c445797e5] [*:0c445797e5][color=#0000FF:0c445797e5][b:0c445797e5]aswMBR.txt [/b:0c445797e5][/color:0c445797e5] [*:0c445797e5][color=#0000FF:0c445797e5][b:0c445797e5]SecurityCheck.exe[/b:0c445797e5][/color:0c445797e5][/list:u:0c445797e5] [color=#FF0000:0c445797e5][b:0c445797e5]Stap •2•[/b:0c445797e5][/color:0c445797e5] ComboFix mag nu verwijderd worden: [list:0c445797e5][*:0c445797e5] ga daarvoor naar Start - Uitvoeren [*:0c445797e5] kopieer en plak hierin het volgende: [b:0c445797e5]Combofix /Uninstall[/b:0c445797e5] [*:0c445797e5] klik daarna op [b:0c445797e5]OK[/b:0c445797e5]. [*:0c445797e5] ComboFix start op en het lijkt erop dat het tool zich installeert, maar dat is niet zo; [*:0c445797e5] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:0c445797e5] Voorbeeld: [img:0c445797e5]http://www.emphyrio.be/images/SMUninstall_combofix.png[/img:0c445797e5] Uitvoeren kan ook gestart worden door de toetsen "Windowstoets + R" gelijktijdig in te drukken. [i:0c445797e5]Dit zal Combofix verwijderen inclusief gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.[/i:0c445797e5] [color=#FF0000:0c445797e5][b:0c445797e5]Stap •3•[/b:0c445797e5][/color:0c445797e5] Start OTL en klik dan op de knop [b:0c445797e5]CleanUp[/b:0c445797e5]. OTL zal ondrzoeken of er nog een tool of log opgeruimd moet worden. Na een reboot is dan OTL ook opgeruimd. [color=#FF0000:0c445797e5][b:0c445797e5]Stap •4•[/b:0c445797e5][/color:0c445797e5] [b:0c445797e5]Welk programma[/b:0c445797e5]: TFC. [b:0c445797e5]Waarvoor/waarom[/b:0c445797e5]:grondige reiniging van Windows. [b:0c445797e5]Moeilijkheidsgraad[/b:0c445797e5]: geen. [b:0c445797e5]Download: [url=http://oldtimer.geekstogo.com/TFC.exe][color=#0000FF:0c445797e5]Download TFC naar je bureaublad (klick)[/color:0c445797e5] [/b:0c445797e5][/url] [b:0c445797e5]TFC opstarten[/b:0c445797e5]: Windows 2000 en Windows XP: dubbelklik op [b:0c445797e5]TFC.exe[/b. Windows Vista en Windows 7: rechtsklik op [b]TFC.exe[/b:0c445797e5] en kies "Als Administrator uitvoeren". [list:0c445797e5][*:0c445797e5] Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen! [*:0c445797e5] Vervolgens klik je op de knop [b:0c445797e5]Start[/b:0c445797e5] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is. [*:0c445797e5] Indien TFC klaar is, dan komt de melding dat de computer opnieuw opgestart wordt. [*:0c445797e5] Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op. [*:0c445797e5] Noot: TFC vertoont geen log en je mag het tool blijven gebruiken![/list:u:0c445797e5]

[anoniem]

Alle stappen uitgevoerd met uitzondering van stap 3, deze stond niet op mijn computer.

[anoniem]

Stap 3 was ik even vergeten te verwijderen! Maar goed dat alles gelukt is. Een laatste tip: ga meermaals per jaar naar [b:9e102cd2f0][url=http://secunia.com/vulnerability_scanning/online/]Secunia PSI (klik)[/url][/b:9e102cd2f0] om te controleren of ook alles binnen Windows uptodate is. Want alleen dan is Windows op zijn veiligst! Klik op de Secunia site eerst op de knop [b:9e102cd2f0]Start Scanner[/b:9e102cd2f0] en zet vervolgens op de nieuwe pagina eerst een vinkje bij [b:9e102cd2f0]Enable thorough system inspection[/b:9e102cd2f0] aleer op [b:9e102cd2f0]Start[/b:9e102cd2f0] te klikken! Gebruik je geen Java, dan zal de site niet werken. Dan kan je de [b:9e102cd2f0]Secunia Personal Software Inspector (PSI)[/b:9e102cd2f0] downloaden en installeren. N.B.: na installatie start dit tool automatisch met Windows, maar dat is echt niet nodig en kan uitgescakeld worden! [url]http://secunia.com/vulnerability_scanning/personal/[/url]