spyware?

[anoniem]

hallo, volgens mij heb ik last van spyware, Als het iets anders is kan natuurlijk ook, ik heb er niet veel verstand van: *Internet werd ontzettend traag * een tijdje geleden had ik via posts op dit forum begrepen dat het voor als je in een studentenhuis woont ivm veiligheid beter is de optie 'printer delen' uit te vinken. nu internet zo traag was ging ik daar kijken, en 'met wachtwoord delen' stond aan. ik kon me niet herinneren dat ik dat aan had gezet, dus nu direct uit gezet. waarschijnlijk had ik internet aan laten staan, s'avonds bleken opeens een heel aantal optie's in het zelfde lijstje aangezet. Klopt het dat dit komt door spyware? wat moet ik er aan doen? hieronder een scan met hijjack this, MBAM vond niks, die had ik wel geupdate LE

[anoniem]

bij deze het log, hij jack this van een jaar oud: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:25:07, on 23-4-2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16476) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecosia.org/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://www.hotmail.com O15 - Trusted Zone: www.live.com O15 - Trusted Zone: http://www.youtube.com O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Veoh Giraffic Video Accelerator (Giraffic) - Unknown owner - C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: WajamUpdater - Wajam - C:\Program Files\Wajam\Updater\WajamUpdater.exe -- End of file - 5322 bytes

[anoniem]

Graag de drie logs in één keer posten. [color=#FF0000:0921df97fe][b:0921df97fe]Stap •1•[/b:0921df97fe][/color:0921df97fe] [b:0921df97fe]Welk programma[/b:0921df97fe]: [color=#008000:0921df97fe][b:0921df97fe]AdwCleaner[/b:0921df97fe][/color:0921df97fe] [b:0921df97fe]Waarvoor/waarom[/b:0921df97fe]: Scanner om Windows op te schonen en te ontdoen van malafide toolbars. [b:0921df97fe]Moeilijkheidsgraad[/b:0921df97fe]: Geen. [b:0921df97fe]Downloadlokatie[/b:0921df97fe]: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen! [b:0921df97fe]Download[/b:0921df97fe]: [url=http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner][color=#FF0000:0921df97fe][b:0921df97fe]AdwCleaner by Xplode[/b:0921df97fe][/color:0921df97fe][/url]. [b:0921df97fe]Opmerkingen[/b:0921df97fe]: [list:0921df97fe]Alle openstaande programma's en webpagina's dienen afgesloten te zijn. [*:0921df97fe]Dat na opstarten van [b:0921df97fe]AdwCleaner[/b:0921df97fe] de snelkoppelingen verdwijnen van bureaublad, is normaal.[/list:u:0921df97fe] [b:0921df97fe]AdwCleaner opstarten[/b:0921df97fe]: [list:0921df97fe][*:0921df97fe][b:0921df97fe][color=#0000FF:0921df97fe]Windows 2000[/color:0921df97fe][/b:0921df97fe] en [color=#0000FF:0921df97fe][b:0921df97fe]Windows XP[/b:0921df97fe][/color:0921df97fe]: dubbelklik op adwcleaner.exe. [*:0921df97fe][color=#0000FF:0921df97fe][b:0921df97fe]Windows Vista[/b:0921df97fe][/color:0921df97fe], [color=#0000FF:0921df97fe][b:0921df97fe]Windows 7[/b:0921df97fe][/color:0921df97fe] en [color=#0000FF:0921df97fe][b:0921df97fe]Windows 8[/b:0921df97fe][/color:0921df97fe]: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".[/list:u:0921df97fe] [b:0921df97fe]AdwCleaner is opgestart[/b:0921df97fe]: [list:0921df97fe][*:0921df97fe]Klik op de knop [b:0921df97fe]Verwijderen[/b:0921df97fe] [*:0921df97fe]Klik bij [b:0921df97fe]AdwCleaner – Afsluiting van de programma's[/b:0921df97fe] op [b:0921df97fe]OK[/b:0921df97fe] [*:0921df97fe]Klik bij [b:0921df97fe]AdwCleaner – Herstarten noodzakelijk[/b:0921df97fe] op [b:0921df97fe]OK[/b:0921df97fe][/list:u:0921df97fe] [b:0921df97fe]AdwCleaner logbestand[/b:0921df97fe]: [list:0921df97fe][*:0921df97fe]Nadat de PC opnieuw is opgestart, opent een logfile. [*:0921df97fe]Post vervolgens de inhoud van dit log in je volgende bericht.[/list:u:0921df97fe] [color=#FF0000:0921df97fe][b:0921df97fe]Stap •2•[/b:0921df97fe][/color:0921df97fe] [b:0921df97fe]Welk programma[/b:0921df97fe]: [color=#008000:0921df97fe][b:0921df97fe]Junkware Removal Tool by Thisisu[/b:0921df97fe][/color:0921df97fe] [b:0921df97fe]Waarvoor/waarom[/b:0921df97fe]: Scanner om Windows o.a. te ontdoen van malafide toolbars. [b:0921df97fe]Moeilijkheidsgraad[/b:0921df97fe]: Geen. [b:0921df97fe]Downloadlokatie[/b:0921df97fe]: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen! [b:0921df97fe]Download[/b:0921df97fe]: [url=http://thisisudax.org/downloads/JRT.exe][color=#FF0000:0921df97fe][b:0921df97fe]JRT.exe[/b:0921df97fe][/color:0921df97fe] [/url]. [b:0921df97fe]Opmerkingen[/b:0921df97fe]: [list:0921df97fe][*:0921df97fe]Alle openstaande programma's en webpagina's dienen afgesloten te zijn. [*:0921df97fe]Het is raadzaam de actieve beveiligingssoftware te de-activeren, zodat mogelijke conflicten met JRT.exe uitgsloten worden.: [*:0921df97fe][url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608][b:0921df97fe][color=#0000FF:0921df97fe]Hier[/color:0921df97fe][/b:0921df97fe][/url] en [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607][b:0921df97fe][color=#0000FF:0921df97fe]hier[/color:0921df97fe][/b:0921df97fe][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [*:0921df97fe]Dat tijdens de scan van [b:0921df97fe]JRT.exe[/b:0921df97fe] tijdelijk de snelkoppelingen verdwijnen van het bureaublad, is normaal.[/list:u:0921df97fe] [b:0921df97fe]Junkware Removal Tool by Thisisu opstarten[/b:0921df97fe]: [list:0921df97fe][*:0921df97fe][b:0921df97fe][color=#0000FF:0921df97fe]Windows 2000[/color:0921df97fe][/b:0921df97fe] en [color=#0000FF:0921df97fe][b:0921df97fe]Windows XP[/b:0921df97fe][/color:0921df97fe]: dubbelklik op [b:0921df97fe]JRT.exe[/b:0921df97fe]. [*:0921df97fe][color=#0000FF:0921df97fe][b:0921df97fe]Windows Vista[/b:0921df97fe][/color:0921df97fe], [color=#0000FF:0921df97fe][b:0921df97fe]Windows 7[/b:0921df97fe][/color:0921df97fe] en [color=#0000FF:0921df97fe][b:0921df97fe]Windows 8[/b:0921df97fe][/color:0921df97fe]: via rechtsklik op [b:0921df97fe]JRT.exe[/b:0921df97fe] en kies voor "Als Administrator uitvoeren". [*:0921df97fe][b:0921df97fe]JRT.exe[/b:0921df97fe] zal daarna Windows gaan scannen. [*:0921df97fe]Deze scan kan afhankelijk van de systeemspecificaties soms vrij lang duren, wees dus geduldig. [*:0921df97fe]Indien de scan voltooid is, zal een logje ([b:0921df97fe]JRT.txt[/b:0921df97fe]) op het bureaublad opgeslagen worden en automatisch openen. [*:0921df97fe]Post de inhoud van dit log in je volgende bericht.[/list:u:0921df97fe] [color=#FF0000:0921df97fe][b:0921df97fe]Stap •3•[/b:0921df97fe][/color:0921df97fe] Download [url=http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe][b:0921df97fe]RogueKiller[/b:0921df97fe][/url] naar je bureaublad. Sluit alle overige programma's. Start het programma. [b:0921df97fe][color=blue:0921df97fe]Windows Vista, Windows 7 en Windows 8 gebruikers -> rechtsklik uitvoeren als administrator[/b:0921df97fe][/color:0921df97fe] Wacht tot de 'Prescan' klaar is. Klik op [b:0921df97fe]scan[/b:0921df97fe] [img:0921df97fe]http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRScan.png[/img:0921df97fe] Wacht tot het einde van de scan. Een log wordt aangemaakt en geplaatst op het bureaublad. [b:0921df97fe][color=#008000:0921df97fe]Doe verder nog niks maar plaats eerst de inhoud van dat log in jouw volgende bericht.[/color:0921df97fe][/b:0921df97fe]

[anoniem]

dank je wel! volgens mij heb je vaker mijn ict problemen opgelost, bij deze de blog's # AdwCleaner v2.202 - Verslag gemaakt op 25/04/2013 om 17:23:06 # Geactualiseerd op 23/04/2013 door Xplode # Besturingssysteem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Gebruiker : Gebruiker - PC_VAN_GEBRUIKE # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\Gebruiker\Desktop\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** Gestopt & Verwijdert : WajamUpdater ***** [Files / Mappen] ***** File Verwijdert : C:\END Map Verwijdert : C:\Program Files\Wajam Map Verwijdert : C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\eghepdicbhhbhegihkllkmgjggcjpkma Map Verwijdert : C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Map Verwijdert : C:\Users\Gebruiker\AppData\Local\Wajam Map Verwijdert : C:\Users\Gebruiker\AppData\LocalLow\Conduit Map Verwijdert : C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Verwijdert bij het opstarten : C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\eghepdicbhhbhegihkllkmgjggcjpkma ***** [Register] ***** Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Conduit Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\SmartBar Sleutel Verwijdert : HKCU\Software\Conduit Sleutel Verwijdert : HKCU\Software\Google\Chrome\Extensions\eghepdicbhhbhegihkllkmgjggcjpkma Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Sleutel Verwijdert : HKCU\Software\Wajam Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\wajam.WajamBHO Sleutel Verwijdert : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\wajam.WajamDownloader Sleutel Verwijdert : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1 Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\eghepdicbhhbhegihkllkmgjggcjpkma Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam Sleutel Verwijdert : HKLM\Software\Wajam Sleutel Verwijdert : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater ***** [Browsers] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Google Chrome v26.0.1410.64 File : C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Preferences Verwijdert [l.47] : icon_url = "hxxp://search.conduit.com/fav.ico", Verwijdert [l.50] : keyword = "search.conduit.com", Verwijdert [l.54] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN36[...] Verwijdert [l.55] : suggest_url = "hxxp://suggest.search.conduit.com/Suggest.ashx?q=[{searchTerms}]" Verwijdert [l.2293] : homepage = "hxxp://search.conduit.com/?ctid=CT3201317&SearchSource=48&CUI=UN36011189492682731&UM[...] ************************* AdwCleaner[R1].txt - [6549 octets] - [04/08/2012 11:11:28] AdwCleaner[R2].txt - [944 octets] - [05/08/2012 00:29:40] AdwCleaner[R3].txt - [1773 octets] - [22/11/2012 09:13:43] AdwCleaner[R4].txt - [1833 octets] - [22/11/2012 09:14:07] AdwCleaner[S1].txt - [6765 octets] - [04/08/2012 11:13:02] AdwCleaner[S2].txt - [1004 octets] - [05/08/2012 00:31:38] AdwCleaner[S3].txt - [1750 octets] - [22/11/2012 09:17:29] AdwCleaner[S4].txt - [4711 octets] - [25/04/2013 17:23:06] ########## EOF - C:\AdwCleaner[S4].txt - [4771 octets] ########## RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ besturingssysteem : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Gestart vanuit : Normale modus Gebruiker : Gebruiker [Administrator rechten] Modus : Scan -- Datum : 04/25/2013 17:40:00 | ARK || FAK || MBR | ¤¤¤ Kwaadaardige processen : 0 ¤¤¤ ¤¤¤ Register verwijzingen : 6 ¤¤¤ [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> gevonden [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> gevonden [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> gevonden [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> gevonden [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> gevonden [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden ¤¤¤ Speciale Files / Folders: ¤¤¤ ¤¤¤ Driver : [Geladen] ¤¤¤ ¤¤¤ HOSTS Bestand: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Controle: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS721010G9SA00 ATA Device +++++ --- User --- [MBR] 4c5ad099b8b10c0d102856350a81599f [BSP] 99e921080f6c02e2dc20e00d35de89f2 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 95393 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: USB DISK 2.0 USB Device +++++ --- User --- [MBR] 164d47e4b100ae160437ea076f6fd48d [BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 3696 Mo User = LL1 ... OK! Error reading LL2 MBR! Gereed : << RKreport[1]_S_04252013_02d1740.txt >> RKreport[1]_S_04252013_02d1740.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.8.9 (04.22.2013:1) OS: Windows Vista (TM) Home Premium x86 Ran by Gebruiker on do 25-04-2013 at 17:29:03,27 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Chrome Successfully deleted: [Folder] C:\Users\Gebruiker\appdata\local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on do 25-04-2013 at 17:30:55,16 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ dat waren ze

[anoniem]

Zelf gebruik ik hiervoor Spyware Terminator 2012. Werkt prima.

[anoniem]

Download [b:30d5d55aeb][url=http://www.hijackthis.nl/smeenk/Tools/TDSSKStarter.exe]TDSSKStarter[/url][/b:30d5d55aeb] naar het bureaublad. [b:30d5d55aeb]"[i:30d5d55aeb]TDSSKStarter.exe[/i:30d5d55aeb]" gebruiken[/b:30d5d55aeb]: [list:30d5d55aeb][*:30d5d55aeb] [b:30d5d55aeb][color=#0000FF:30d5d55aeb]Sluit nu eerst alle nog openstaande programmavensters![/color:30d5d55aeb][/b:30d5d55aeb] [*:30d5d55aeb]Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met TDSSKStarter.exe ([url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608][b:30d5d55aeb][color=#0000FF:30d5d55aeb]hier[/color:30d5d55aeb][/b:30d5d55aeb][/url] of [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607][color=#0000FF:30d5d55aeb][b:30d5d55aeb]hier[/b:30d5d55aeb][/color:30d5d55aeb][/url]) kan je lezen hoe je dat doet. [list:30d5d55aeb][*:30d5d55aeb][i:30d5d55aeb][b:30d5d55aeb]Windows 2000[/b:30d5d55aeb][/i:30d5d55aeb] en [i:30d5d55aeb][b:30d5d55aeb]Windows XP[/b:30d5d55aeb][/i:30d5d55aeb]: start de tool middels dubbelklik op "[i:30d5d55aeb]TDSSKStarter.exe[/i:30d5d55aeb]". [*:30d5d55aeb][i:30d5d55aeb][b:30d5d55aeb]Windows Vista[/b:30d5d55aeb][/i:30d5d55aeb] en [i:30d5d55aeb][b:30d5d55aeb]Windows 7[/b:30d5d55aeb][/i:30d5d55aeb]: start de tool middels rechtsklik op "[i:30d5d55aeb]TDSSKStarter.exe[/i:30d5d55aeb]" en dan kiezen voor [i:30d5d55aeb][b:30d5d55aeb]Als Administrator uitvoeren[/b:30d5d55aeb][/i:30d5d55aeb].[/list:u:30d5d55aeb] [*:30d5d55aeb]Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten. [*:30d5d55aeb]Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.[/list:u:30d5d55aeb]

[anoniem]

bij deze het nieuwe log 13:24:34.0526 3156 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 13:24:34.0526 3156 ============================================================ 13:24:34.0526 3156 Current date / time: 2013/04/26 13:24:34.0526 13:24:34.0526 3156 SystemInfo: 13:24:34.0526 3156 13:24:34.0526 3156 OS Version: 6.0.6002 ServicePack: 2.0 13:24:34.0526 3156 Product type: Workstation 13:24:34.0526 3156 ComputerName: PC_VAN_GEBRUIKE 13:24:34.0526 3156 UserName: Gebruiker 13:24:34.0526 3156 Windows directory: C:\Windows 13:24:34.0526 3156 System windows directory: C:\Windows 13:24:34.0526 3156 Processor architecture: Intel x86 13:24:34.0526 3156 Number of processors: 2 13:24:34.0526 3156 Page size: 0x1000 13:24:34.0526 3156 Boot type: Normal boot 13:24:34.0526 3156 ============================================================ 13:24:36.0352 3156 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 13:24:36.0352 3156 ============================================================ 13:24:36.0352 3156 \Device\Harddisk0\DR0: 13:24:36.0352 3156 MBR partitions: 13:24:36.0352 3156 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA50E02 13:24:36.0352 3156 ============================================================ 13:24:36.0383 3156 C: <-> \Device\Harddisk0\DR0\Partition1 13:24:36.0383 3156 ============================================================ 13:24:36.0383 3156 Initialize success 13:24:36.0383 3156 ============================================================ 13:24:36.0476 3768 ============================================================ 13:24:36.0476 3768 Scan started 13:24:36.0476 3768 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent; 13:24:36.0476 3768 ============================================================ 13:24:39.0284 3768 ================ Scan system memory ======================== 13:24:39.0284 3768 ================ Scan services ============================= 13:24:39.0581 3768 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 13:24:39.0924 3768 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 13:24:40.0064 3768 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 13:24:40.0096 3768 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys 13:24:40.0142 3768 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 13:24:40.0205 3768 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys 13:24:40.0267 3768 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 13:24:40.0345 3768 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 13:24:40.0408 3768 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys 13:24:40.0470 3768 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 13:24:40.0564 3768 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 13:24:41.0032 3768 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys 13:24:41.0078 3768 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys 13:24:41.0110 3768 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys 13:24:41.0141 3768 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 13:24:41.0234 3768 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 13:24:41.0328 3768 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 13:24:41.0422 3768 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 13:24:41.0484 3768 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys 13:24:41.0546 3768 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys 13:24:41.0640 3768 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 13:24:41.0702 3768 [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 13:24:41.0734 3768 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys 13:24:41.0858 3768 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 13:24:41.0983 3768 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\Windows\system32\drivers\aswSP.sys 13:24:42.0046 3768 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 13:24:42.0124 3768 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 13:24:42.0202 3768 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 13:24:42.0264 3768 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 13:24:42.0342 3768 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 13:24:42.0545 3768 [ 8FA553E9AE69808D99C164733A0F9590 ] avast\Program Files\AVAST Software\Avast\AvastSvc.exe 13:24:42.0623 3768 [ 502F1C30BD50B32D00CE4DCAECC3D3C7 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 13:24:42.0748 3768 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 13:24:43.0013 3768 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 13:24:43.0122 3768 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll 13:24:43.0278 3768 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 13:24:43.0387 3768 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 13:24:43.0434 3768 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 13:24:43.0543 3768 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 13:24:43.0621 3768 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 13:24:43.0746 3768 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 13:24:43.0840 3768 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 13:24:43.0933 3768 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 13:24:44.0027 3768 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 13:24:44.0339 3768 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 13:24:44.0526 3768 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 13:24:44.0635 3768 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 13:24:44.0729 3768 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys 13:24:44.0900 3768 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 13:24:45.0212 3768 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:24:45.0384 3768 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:24:45.0478 3768 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 13:24:45.0649 3768 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys 13:24:45.0758 3768 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 13:24:45.0836 3768 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 13:24:45.0883 3768 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys 13:24:46.0086 3768 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 13:24:46.0273 3768 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 13:24:46.0476 3768 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 13:24:46.0694 3768 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 13:24:46.0882 3768 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 13:24:47.0038 3768 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 13:24:47.0178 3768 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 13:24:47.0287 3768 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 13:24:47.0552 3768 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 13:24:47.0740 3768 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 13:24:48.0052 3768 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 13:24:48.0223 3768 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 13:24:48.0379 3768 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 13:24:48.0551 3768 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 13:24:48.0722 3768 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 13:24:48.0816 3768 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 13:24:48.0894 3768 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 13:24:48.0972 3768 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys 13:24:49.0112 3768 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 13:24:49.0222 3768 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 13:24:49.0378 3768 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 13:24:49.0502 3768 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 13:24:49.0596 3768 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 13:24:49.0721 3768 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 13:24:49.0799 3768 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 13:24:49.0908 3768 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 13:24:49.0986 3768 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 13:24:50.0048 3768 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 13:24:50.0204 3768 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 13:24:50.0298 3768 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 13:24:50.0454 3768 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 13:24:50.0501 3768 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 13:24:50.0610 3768 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 13:24:50.0719 3768 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 13:24:50.0813 3768 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 13:24:51.0031 3768 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 13:24:51.0047 3768 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 13:24:51.0172 3768 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 13:24:51.0390 3768 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 13:24:51.0499 3768 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 13:24:51.0640 3768 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 13:24:51.0874 3768 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll 13:24:51.0936 3768 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 13:24:52.0030 3768 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 13:24:52.0139 3768 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 13:24:52.0295 3768 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS 13:24:52.0529 3768 [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS 13:24:52.0825 3768 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 13:24:52.0919 3768 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys 13:24:52.0997 3768 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 13:24:53.0137 3768 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 13:24:53.0309 3768 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 13:24:53.0434 3768 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 13:24:53.0527 3768 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 13:24:53.0668 3768 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 13:24:53.0761 3768 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 13:24:53.0886 3768 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 13:24:54.0026 3768 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:24:54.0198 3768 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 13:24:54.0292 3768 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 13:24:54.0401 3768 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 13:24:54.0650 3768 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 13:24:54.0728 3768 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 13:24:54.0822 3768 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys 13:24:54.0916 3768 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 13:24:55.0040 3768 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 13:24:55.0087 3768 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 13:24:55.0134 3768 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 13:24:55.0181 3768 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 13:24:55.0228 3768 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 13:24:55.0306 3768 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 13:24:55.0368 3768 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 13:24:55.0540 3768 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll 13:24:55.0680 3768 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 13:24:55.0805 3768 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 13:24:55.0914 3768 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 13:24:56.0008 3768 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 13:24:56.0148 3768 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 13:24:56.0226 3768 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 13:24:56.0288 3768 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 13:24:56.0351 3768 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 13:24:56.0460 3768 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 13:24:56.0678 3768 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 13:24:56.0788 3768 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 13:24:56.0866 3768 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys 13:24:56.0990 3768 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 13:24:57.0037 3768 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 13:24:57.0131 3768 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 13:24:57.0224 3768 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 13:24:57.0271 3768 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 13:24:57.0334 3768 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 13:24:57.0427 3768 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 13:24:57.0521 3768 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys 13:24:57.0583 3768 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 13:24:57.0646 3768 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 13:24:57.0724 3768 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 13:24:57.0770 3768 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 13:24:57.0817 3768 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 13:24:57.0926 3768 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:24:57.0958 3768 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:24:58.0004 3768 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys 13:24:58.0067 3768 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys 13:24:58.0129 3768 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 13:24:58.0238 3768 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 13:24:58.0332 3768 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 13:24:58.0426 3768 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 13:24:58.0519 3768 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 13:24:58.0628 3768 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 13:24:58.0691 3768 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 13:24:58.0784 3768 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 13:24:58.0862 3768 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 13:24:58.0909 3768 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 13:24:59.0018 3768 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 13:24:59.0112 3768 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 13:24:59.0221 3768 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 13:24:59.0346 3768 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 13:24:59.0533 3768 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 13:24:59.0705 3768 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 13:24:59.0814 3768 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 13:24:59.0954 3768 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 13:25:00.0095 3768 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 13:25:00.0313 3768 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 13:25:00.0407 3768 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 13:25:00.0734 3768 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 13:25:00.0922 3768 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 13:25:01.0031 3768 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 13:25:01.0436 3768 [ A15F219208843A5A210C8CB391384453 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys 13:25:01.0998 3768 [ 6522DD40A5F67CED020BD81B856613FB ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys 13:25:02.0248 3768 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 13:25:02.0404 3768 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 13:25:02.0528 3768 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 13:25:02.0638 3768 [ 75AC610A7481CB1F343DC971249BCB19 ] NPF_devolo C:\Windows\system32\drivers\npf_devolo.sys 13:25:02.0638 3768 NPF_devolo ( UnsignedFile.Multi.Generic ) - [b][color=red]warning[/color][/b] 13:25:02.0638 3768 NPF_devolo - detected UnsignedFile.Multi.Generic (1) 13:25:02.0669 3768 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 13:25:02.0716 3768 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 13:25:02.0950 3768 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 13:25:03.0106 3768 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 13:25:03.0215 3768 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 13:25:03.0995 3768 [ DC89868592D74DE404406C9420C3F277 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 13:25:11.0342 3768 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys 13:25:11.0389 3768 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys 13:25:11.0436 3768 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 13:25:11.0576 3768 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 13:25:11.0623 3768 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 13:25:11.0748 3768 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 13:25:11.0842 3768 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 13:25:11.0920 3768 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 13:25:12.0029 3768 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 13:25:12.0138 3768 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 13:25:12.0200 3768 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 13:25:12.0294 3768 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 13:25:12.0341 3768 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 13:25:12.0388 3768 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys 13:25:12.0419 3768 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 13:25:12.0606 3768 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 13:25:12.0934 3768 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 13:25:13.0168 3768 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 13:25:13.0464 3768 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 13:25:13.0573 3768 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 13:25:13.0807 3768 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 13:25:13.0963 3768 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 13:25:14.0041 3768 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys 13:25:14.0135 3768 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 13:25:14.0197 3768 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 13:25:14.0291 3768 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 13:25:14.0369 3768 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys 13:25:14.0462 3768 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 13:25:14.0587 3768 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 13:25:14.0712 3768 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 13:25:14.0774 3768 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 13:25:14.0884 3768 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 13:25:14.0977 3768 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 13:25:15.0102 3768 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 13:25:15.0242 3768 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 13:25:15.0414 3768 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 13:25:15.0539 3768 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 13:25:15.0632 3768 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 13:25:15.0757 3768 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 13:25:15.0913 3768 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 13:25:16.0038 3768 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 13:25:16.0147 3768 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 13:25:16.0210 3768 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 13:25:16.0288 3768 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 13:25:16.0334 3768 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 13:25:16.0444 3768 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 13:25:16.0506 3768 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 13:25:16.0568 3768 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 13:25:16.0646 3768 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 13:25:16.0834 3768 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 13:25:16.0927 3768 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 13:25:17.0021 3768 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 13:25:17.0146 3768 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 13:25:17.0255 3768 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 13:25:17.0380 3768 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll 13:25:17.0458 3768 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 13:25:17.0520 3768 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys 13:25:17.0598 3768 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 13:25:17.0707 3768 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 13:25:17.0770 3768 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 13:25:17.0832 3768 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 13:25:17.0926 3768 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 13:25:18.0019 3768 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 13:25:18.0097 3768 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 13:25:18.0175 3768 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 13:25:18.0222 3768 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys 13:25:18.0269 3768 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 13:25:18.0316 3768 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 13:25:18.0721 3768 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 13:25:19.0142 3768 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 13:25:19.0470 3768 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 13:25:19.0907 3768 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 13:25:20.0000 3768 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 13:25:20.0141 3768 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 13:25:20.0250 3768 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 13:25:20.0312 3768 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 13:25:20.0406 3768 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 13:25:20.0500 3768 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 13:25:20.0578 3768 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 13:25:20.0671 3768 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 13:25:20.0796 3768 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 13:25:20.0874 3768 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 13:25:20.0999 3768 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 13:25:21.0061 3768 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 13:25:21.0139 3768 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 13:25:21.0186 3768 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 13:25:21.0233 3768 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 13:25:21.0467 3768 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 13:25:21.0623 3768 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 13:25:21.0732 3768 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 13:25:21.0826 3768 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 13:25:22.0091 3768 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 13:25:22.0231 3768 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 13:25:22.0434 3768 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 13:25:22.0559 3768 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 13:25:22.0652 3768 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 13:25:22.0793 3768 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 13:25:22.0902 3768 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 13:25:23.0058 3768 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 13:25:23.0167 3768 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 13:25:23.0230 3768 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 13:25:23.0339 3768 [ CB258C2F726F1BE73C507022BE33EBB3 ] TPM C:\Windows\system32\drivers\tpm.sys 13:25:23.0417 3768 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 13:25:23.0573 3768 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 13:25:23.0651 3768 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 13:25:23.0713 3768 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 13:25:23.0744 3768 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 13:25:23.0807 3768 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 13:25:23.0854 3768 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 13:25:23.0963 3768 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 13:25:24.0056 3768 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 13:25:24.0119 3768 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys 13:25:24.0166 3768 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 13:25:24.0244 3768 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 13:25:24.0290 3768 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 13:25:24.0400 3768 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 13:25:24.0509 3768 [ 8BD3AE150D97BA4E633C6C5C51B41AE1 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys 13:25:24.0680 3768 [ 32C068EAF37C92D7194EEE1FAA1E7853 ] USBCCID C:\Windows\system32\DRIVERS\usbccid.sys 13:25:24.0758 3768 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 13:25:24.0883 3768 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 13:25:24.0914 3768 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 13:25:24.0977 3768 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 13:25:25.0086 3768 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 13:25:25.0164 3768 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:25:25.0211 3768 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 13:25:25.0273 3768 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 13:25:25.0414 3768 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 13:25:25.0523 3768 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 13:25:25.0616 3768 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 13:25:25.0741 3768 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys 13:25:25.0835 3768 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys 13:25:25.0944 3768 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys 13:25:25.0991 3768 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 13:25:26.0084 3768 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 13:25:26.0178 3768 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys 13:25:26.0240 3768 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 13:25:26.0521 3768 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 13:25:26.0693 3768 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 13:25:26.0786 3768 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 13:25:26.0974 3768 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 13:25:27.0036 3768 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 13:25:27.0130 3768 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 13:25:27.0286 3768 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 13:25:27.0364 3768 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys 13:25:27.0582 3768 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 13:25:27.0785 3768 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 13:25:27.0878 3768 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 13:25:27.0988 3768 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 13:25:28.0081 3768 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 13:25:28.0175 3768 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 13:25:28.0268 3768 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 13:25:28.0362 3768 [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 13:25:28.0690 3768 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 13:25:28.0814 3768 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 13:25:29.0142 3768 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 13:25:29.0345 3768 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 13:25:29.0501 3768 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 13:25:29.0626 3768 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 13:25:29.0797 3768 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 13:25:29.0953 3768 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 13:25:30.0031 3768 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 13:25:30.0203 3768 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 13:25:30.0281 3768 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 13:25:30.0406 3768 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll 13:25:30.0593 3768 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 13:25:30.0811 3768 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 13:25:30.0905 3768 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 13:25:30.0998 3768 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 13:25:31.0045 3768 ================ Scan global =============================== 13:25:31.0108 3768 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 13:25:31.0154 3768 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll 13:25:31.0170 3768 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll 13:25:31.0295 3768 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 13:25:31.0326 3768 ================ Scan MBR ================================== 13:25:31.0342 3768 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 13:25:31.0950 3768 ================ Scan VBR ================================== 13:25:31.0950 3768 [ 36737AC7DFD2C6B74FDF9E2BA34905C5 ] \Device\Harddisk0\DR0\Partition1 13:25:31.0950 3768 ================ Scan UEFI extensions ====================== 13:25:31.0950 3768 ================ Scan active images ======================== 13:25:31.0950 3768 ============================================================ 13:25:31.0950 3768 Scan finished 13:25:31.0950 3768 ============================================================ 13:25:32.0980 0712 Deinitialize success . ============================================== System Restore Point Check: . TDSSKiller Starter Restore Point Created Succesfully ============================================== . ============================================== C:\TDSSStarter\Report_26-04-2013_1322_.log ============================================== Registry Export . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] ============================================== EOF

[anoniem]

Prima, ziet er goed uit. We kijken verder: [b:f161dafac5]Welk programma[/b:f161dafac5]: [color=#008000:f161dafac5][b:f161dafac5]ComboFix[/b:f161dafac5][/color:f161dafac5] [b:f161dafac5]Waarvoor/waarom[/b:f161dafac5]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen. [b:f161dafac5]Moeilijkheidsgraad[/b:f161dafac5]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:f161dafac5]Downloadlokatie[/b:f161dafac5]: Dit programma absoluut naar het bureaublad downloaden! [b:f161dafac5]Download [color=#008000:f161dafac5]ComboFix[/color:f161dafac5] via één van deze locaties[/b:f161dafac5]: [list:f161dafac5][*:f161dafac5][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][color=#FF0000:f161dafac5][b:f161dafac5]Bleepingcomputer[/b:f161dafac5][/color:f161dafac5][/url] [*:f161dafac5][url=http://www.forospyware.com/sUBs/ComboFix.exe][color=#FF0000:f161dafac5][b:f161dafac5]ForoSpyware[/b:f161dafac5][/color:f161dafac5][/url] [*:f161dafac5][url=http://subs.geekstogo.com/ComboFix.exe][color=#FF0000:f161dafac5][b:f161dafac5]Geekstogo[/b:f161dafac5][/color:f161dafac5][/url][/list:u:f161dafac5] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:f161dafac5][color=#0000FF:f161dafac5]Hier[/color:f161dafac5][/b:f161dafac5][/url] zie je hoe je [b:f161dafac5]ComboFix[/b:f161dafac5] moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor je [b:f161dafac5]ComboFix[/b:f161dafac5] start gedeaktiveert zijn! [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608][b:f161dafac5][color=#0000FF:f161dafac5]Hier[/color:f161dafac5][/b:f161dafac5][/url] en [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607][b:f161dafac5][color=#0000FF:f161dafac5]hier[/color:f161dafac5][/b:f161dafac5][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:f161dafac5]Opmerkingen[/b:f161dafac5]: [list:f161dafac5][*:f161dafac5] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:f161dafac5]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:f161dafac5] [b:f161dafac5][color=#008000:f161dafac5]ComboFix[/color:f161dafac5] opstarten[/b:f161dafac5]: [list:f161dafac5][*:f161dafac5][b:f161dafac5][color=#0000FF:f161dafac5]Windows 2000[/color:f161dafac5][/b:f161dafac5] en [color=#0000FF:f161dafac5][b:f161dafac5]Windows XP[/b:f161dafac5][/color:f161dafac5]: dubbelklik op ComboFix.exe. [*:f161dafac5][color=#0000FF:f161dafac5][b:f161dafac5]Windows Vista[/b:f161dafac5][/color:f161dafac5], [color=#0000FF:f161dafac5][b:f161dafac5]Windows 7[/b:f161dafac5][/color:f161dafac5] en [color=#0000FF:f161dafac5][b:f161dafac5]Windows 8[/b:f161dafac5][/color:f161dafac5]: via rechtsklik op [color=#008000:f161dafac5][b:f161dafac5]ComboFix.exe[/b:f161dafac5][/color:f161dafac5] en kies voor "Als Administrator uitvoeren".[/list:u:f161dafac5] [b:f161dafac5][color=#008000:f161dafac5]ComboFix[/color:f161dafac5] is opgestart[/b:f161dafac5]: [list:f161dafac5][*:f161dafac5]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:f161dafac5]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:f161dafac5]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:f161dafac5]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:f161dafac5]Post de inhoud van dit logbestand in je volgende bericht. [*:f161dafac5]Indien het log niet opstart, is dit terug tevinden in [b:f161dafac5]C:\ComboFix.txt[/b:f161dafac5][/list:u:f161dafac5] [b:f161dafac5]Belangrijke opmerking[/b:f161dafac5]: [list:f161dafac5][*:f161dafac5][b:f161dafac5][color=#0000FF:f161dafac5]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:f161dafac5][/b:f161dafac5] [*:f161dafac5][b:f161dafac5][color=#FF0000:f161dafac5]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:f161dafac5][/b:f161dafac5] [*:f161dafac5][b:f161dafac5][color=#008000:f161dafac5]Start dan de computer opnieuw op.[/color:f161dafac5][/b:f161dafac5][/list:u:f161dafac5]

[anoniem]

ik krijg bij het downloaden de melding: dit bestand lijkt schadelijk te zijn, maar neem aan dat het goed zit

[anoniem]

ComboFix 13-04-26.01 - Gebruiker 26-04-2013 15:15:40.5.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1021.415 [GMT 2:00] Gestart vanuit: c:\users\Gebruiker\AppData\Local\Google\Chrome\Application\26.0.1410.64\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2013-03-26 to 2013-04-26 )))))))))))))))))))))))))))))) . . 2013-04-26 13:22 . 2013-04-26 13:22 -------- d-----w- c:\users\Gebruiker\AppData\Local\temp 2013-04-26 13:22 . 2013-04-26 13:22 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-04-26 13:22 . 2013-04-26 13:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-26 11:21 . 2013-04-26 11:25 -------- d-----w- C:\TDSSStarter 2013-04-25 15:28 . 2013-04-25 15:28 -------- d-----w- c:\windows\ERUNT 2013-04-25 15:28 . 2013-04-25 15:28 -------- d-----w- C:\JRT 2013-04-25 15:23 . 2013-04-25 15:23 176 ----a-w- c:\windows\DeleteOnReboot.bat 2013-04-11 19:41 . 2013-03-11 13:25 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-04-11 19:41 . 2013-03-11 13:25 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-11 19:41 . 2013-03-09 01:28 64000 ----a-w- c:\windows\system32\smss.exe 2013-04-11 19:41 . 2013-03-09 03:45 49152 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-11 19:41 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-11 19:41 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll 2013-04-11 19:41 . 2013-03-05 01:40 2049024 ----a-w- c:\windows\system32\win32k.sys 2013-04-11 19:40 . 2013-03-08 03:53 376320 ----a-w- c:\windows\system32\winsrv.dll 2013-04-07 05:28 . 2013-04-07 05:28 -------- d-----w- c:\users\Gebruiker\AppData\Local\ElevatedDiagnostics 2013-04-07 05:09 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14048000-F10B-473C-8FF6-1C4BD9895A48}\mpengine.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-11 23:10 . 2011-06-24 11:12 237088 ------w- c:\windows\system32\MpSigStub.exe 2013-02-12 01:57 . 2013-03-13 17:05 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2012-11-03 16:24 . 2012-11-03 16:24 7723546 ----a-w- c:\program files\peazip-4.7.3.WINDOWS.exe 2012-07-23 19:51 . 2012-07-23 19:51 4583914 ----a-r- c:\program files\ComboFix.exe 2012-07-23 18:56 . 2012-07-23 18:57 388608 ----a-w- c:\program files\HijackThis.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-09-11 07:09 136176 ----atw- c:\users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2009-02-26 16:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-03-27 03:09 421736 ----a-w- c:\program files\itunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-07-03 11:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2007-10-04 19:24 8497696 ----a-w- c:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey] 2007-10-04 19:24 86016 ----a-w- c:\windows\System32\nvhotkey.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2007-10-04 19:24 81920 ----a-w- c:\windows\System32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] 2007-10-04 19:24 86016 ----a-w- c:\windows\System32\nvsvc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-04-18 18:56 421888 ----a-w- c:\program files\quicktime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify] 2013-04-08 12:54 4503448 ----a-w- c:\users\Gebruiker\AppData\Roaming\Spotify\spotify.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] 2013-04-08 12:51 1104280 ----a-w- c:\users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2012-06-05 20:23 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - 65742251 *NewlyCreated* - 71865553 *Deregistered* - 65742251 *Deregistered* - 71865553 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2013-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-25 16:29] . 2013-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-25 16:29] . 2013-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3632470845-1243836632-4002592152-1000Core.job - c:\users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 07:09] . 2013-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3632470845-1243836632-4002592152-1000UA.job - c:\users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 07:09] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.ecosia.org/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html Trusted Zone: hotmail.com\www Trusted Zone: live.com\dub114.mail Trusted Zone: live.com\login Trusted Zone: live.com\www Trusted Zone: youtube.com\www TCP: DhcpNameServer = 192.168.156.1 . - - - - ORPHANS VERWIJDERD - - - - . SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-26 15:22 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(3908) c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll c:\windows\system32\ieframe.dll . Voltooingstijd: 2013-04-26 15:24:58 ComboFix-quarantined-files.txt 2013-04-26 13:24 ComboFix2.txt 2012-08-06 14:12 ComboFix3.txt 2012-08-06 13:57 ComboFix4.txt 2012-08-05 21:26 ComboFix5.txt 2013-04-26 13:13 . Pre-Run: 44.720.267.264 bytes beschikbaar Post-Run: 44.716.425.216 bytes beschikbaar . - - End Of File - - 62917568873A203853B42BC82B6AABA3

[anoniem]

Het log ziet er prima uit, laat maar weten hoe het inmiddels gaat.

[anoniem]

het gaat goed, weer normale snelheid van internet. die gevonden bestanden van Roguekiller hoef ik niks mee te doen? ik gebruik een dell latitude d820, is het verstandig de gedownloade programma's te houden? kan me voorstellen dat het met een nieuwere sneller apparaat het niet uitmaakt, maar bij mij wel? RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ besturingssysteem : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Gestart vanuit : Normale modus Gebruiker : Gebruiker [Administrator rechten] Modus : Scan -- Datum : 04/26/2013 16:43:19 | ARK || FAK || MBR | ¤¤¤ Kwaadaardige processen : 0 ¤¤¤ ¤¤¤ Register verwijzingen : 7 ¤¤¤ [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> gevonden [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> gevonden [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> gevonden [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> gevonden [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> gevonden [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> gevonden [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden ¤¤¤ Speciale Files / Folders: ¤¤¤ ¤¤¤ Driver : [Geladen] ¤¤¤ ¤¤¤ HOSTS Bestand: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Controle: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS721010G9SA00 ATA Device +++++ --- User --- [MBR] 4c5ad099b8b10c0d102856350a81599f [BSP] 99e921080f6c02e2dc20e00d35de89f2 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 95393 Mo User = LL1 ... OK! User = LL2 ... OK! Gereed : << RKreport[2]_S_04262013_02d1643.txt >> RKreport[1]_S_04252013_02d1740.txt ; RKreport[2]_S_04262013_02d1643.txt

[anoniem]

Je hoeft verder niks te doen met RogueKiller hoor. Wat betreft jouw notebook, met een SSD en Windows 7 kan je er nog weer een tijdje tegenaan zonder echt naar een nieuwer notebook te gaan. Anderzijds op Marktplaats staan wel een paar mooie aanbiedingen betreffende Latitudes uit de E6500 en 6510 serie. Vooral die met LED-scherm zijn ook voor je ogen een weldaad wat betreft kleuren weergave en helderheid. Download naar je bureaublad [url=http://screen317.spywareinfoforum.org/SecurityCheck.exe][b:5cc8efe870][color=#0000FF:5cc8efe870]Security Check[/color:5cc8efe870][/b:5cc8efe870][/url]. [list:5cc8efe870][*:5cc8efe870] Klik/dubbelklik op [b:5cc8efe870]SecurityCheck.exe[/b:5cc8efe870] en let op de instrukties in het zwarte venster. [*:5cc8efe870] Een Kladblok document genaamd [b:5cc8efe870]checkup.txt[/b:5cc8efe870] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad. [*:5cc8efe870] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:5cc8efe870] Post de inhoud van [b:5cc8efe870]checkup.txt [/b:5cc8efe870]in je volgende post.

[anoniem]

nu eerst het log, vanmiddag de rest: Results of screen317's Security Check version 0.99.63 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 [b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u] avast! Antivirus Antivirus up to date! [b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u] Malwarebytes Anti-Malware versie 1.62.0.1300 CCleaner JavaFX 2.1.1 Java 7 Update 9 [color=red][b]Java version out of Date![/b][/color] Adobe Reader 10.1.0 [color=red][b]Adobe Reader out of Date![/b][/color] Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 [b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u] Malwarebytes Anti-Malware mbamservice.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe [b][u]`````````````````System Health check`````````````````[/b][/u] Total Fragmentation on Drive C: % [b][u]````````````````````End of Log``````````````````````[/b][/u]

[anoniem]

Daar moet dus een en ander geregeld worden. Daar moet dringend wat aan gedaan worden! Ga naar [b:78f893a127][color=#0000FF:78f893a127]Start\Configuratiescherm[/color:78f893a127]\[color=#008000:78f893a127]Programma's en onderdelen[/color:78f893a127][/b:78f893a127] en verwijder daar de volgende onderdelen: [list:78f893a127][*:78f893a127][b:78f893a127]JavaFX 2.1.1 [/b:78f893a127] [*:78f893a127][b:78f893a127]Java 7 Update 9 [/b:78f893a127] [*:78f893a127][b:78f893a127]Adobe Reader 10.1.0[/b:78f893a127][/list:u:78f893a127] [color=#008000:78f893a127][b:78f893a127]Java[/b:78f893a127][/color:78f893a127] Download en installeer [url=http://javadl.sun.com/webapps/download/AutoDL?BundleId=76860][color=#FF0000:78f893a127][b:78f893a127]Java SE Runtime Environment 7 Update 21 Windows x86 Offline[/b:78f893a127][/color:78f893a127][/url] groot [b:78f893a127][color=#0000FF:78f893a127]30,2 MB [/color:78f893a127][/b:78f893a127] N.B.: aktiveer Java in Chrome alleen, wanneer Java echt nodig is. Want de Java engine van Chrome zelf is feitelijk voldoende. [b:78f893a127][color=#008000:78f893a127]Adobe Reader[/color:78f893a127][/b:78f893a127] [b:78f893a127]Adobe Reader XI (11.0)[/b:78f893a127] is uit - deze is veiliger dan de voorgaande Readers, doordat deze versie in een virtuele omgeving opstart! Ga naar [url]http://get.adobe.com/nl/reader/[/url] om de nieuwste Adobe Reader XI (11.0) te verkrijgen! Vink wel eerst de meeliftende software van Google of McAfee uit, indien je die niet erbij wil hebben! Als veel beter alternatief kan je Adobe inwisselen voor een andere PDF-reader, dan ben je AdobeReader met zijn telkens opduikende veiligheidsproblemen kwijt. [b:78f893a127]PDF XChange Viewer van Tracker Software[/b:78f893a127] is wat de gratis Readers betreft de favoriete software. http://www.chip.de/downloads/PDF-XChange-Viewer_29539244.html Je zal merken dat deze het minstens net zo goed doet en bovendien veel sneller opstart.

[anoniem]

mooi, ga ik doen als ik thuis ben, zit nu achter een andere pc.\ over een andere pc kopen: als ik een tweedehans laptop/nootebook zie kan ik niet beoordelen wat ik koop, of iemand ermee heeft zitten prutsen, etc. daarom kocht ik tot nu toe een tweedehands dell via een winkel, met garantie, liever een paar euros meer voor meer zekerheid, maar mijn laatste aankoop is mij toch niet zo goed bevallen. nog een paar vragen: ik moest mijn netwerk opnieuw instellen, als ik invul: thuis netwerk, dan worden een aantal netwerk instellingen verkeerd ingesteld, dus ik stel in particuliere computer? en netwerk detecteren: dit kan ik uit zetten omdat ik wlan heb? last but not least: bedankt voor alle hulp!

[anoniem]

Je kiest altijd voor openbaar netwerk, indien je niet in je thuisnetwerkzit. En heb je thuis ook geen eigen netwerk, ook dan voor openbaar kiezen. Netwerkdetectie niet uitzetten als je ook WLAN gebruikt. Al mijn Dell's zijn via Marktplaats gekomen, zo ook mijn nieuwste M6700!

[anoniem]

mbt marktplaats: je kijkt dan of diegene betrouwbaar over komt, of het goed werkt, etc. en dan neem je hem mee?

[anoniem]

Mijn huidige is opgestuurd! Het ging hierbij om een volkomen nieuwe M6700 waar ik de servicetag code van kreeg en dus via Dell support alles kon inzien en heb daarna de laptop via Dell geconfigureerd en daaruit bleek dat ik spekkoper werd! Ik was namelijk bijna de helft goedkoper met deze aanschaf. En dat alles doordat degene die hem had aangeschaft, het notebook te groot vond!

[anoniem]

dat klinkt heel goed, maar lijkt me wel eerder uitzondering dan regel? ik heb geen ervaring met dit soort dingen kopen via marktplaats, maar de volgende keer dat ik iets anders zoek zal ik zeker kijken. verder nog de vraag: je schrijft: alleen als java echt nodig is: wat merk ik dan dat ik dat nodig zou hebben? iets doet het niet, gaat langzaam?