Volledige versie bekijken : Virus gevonden.
Natazja 14 July 2011, 12:54 Goedemiddag,
ik heb een schijnbaar door een fout cookie ofzo een virus gekregen op de pc.
Nu heb ik eerst Nod laten scannen en die heeft wat verwijderd. Daarna heb ik jullie stappen gevolgt [Mbam en TFC] en Mbam heeft nog dingen verwijderd.
Nu lijkt t erop dat t virus weg is maar ik krijg nog wel steeds de melding: Windows Security Center-service is uitgeschakelt.
Nu heb ik zelf ook even al rondgesnuffelt en daarover wat gevonden en die stap uitgevoerd. [services.msc ingetikt] daar naar Security Center gezocht en die stond uitgeschakeld. Die dus op automatisch [vertraagd] aangezet, op toepassen en op start geklikt. Dan is hij even aan. Echter een aantal seconden later wordt hij weer zomaar uitgeschakeld.
Ik heb dus t vermoeden dat er ergens nog iets rommelt. Zouden jullie kunnen kijken of er nog iets is? Voor ik evt een schone install moet gaan doen? Systeemherstel sond helaas nog niet ingeschakeld [pc is vrij nieuw nog].
Dank jullie wel alvast.
Mbam log:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Databaseversie (http://www.malwarebytes.orgDatabaseversie): 7124
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
14-7-2011 8:40:18
mbam-log-2011-07-14 (08-40-18).txt
Scantype: Snelle scan
Objecten gescand: 169804
Verstreken tijd: 2 minuut/minuten, 15 seconde(n)
Geheugenprocessen geïnfecteerd: 4
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 4
Registerwaarden geïnfecteerd: 3
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 10
Geheugenprocessen geïnfecteerd:
c:\Users\Pascal\AppData\Local\Temp\Yqd.exe (Trojan.FraudPack.Gen) -> 1892 -> Unloaded process successfully.
c:\tempsetup\install\ieupdater.exe (Backdoor.IRCBot) -> 2736 -> Unloaded process successfully.
c:\tempsetup\install\ieupdater.exe (Backdoor.IRCBot) -> 2744 -> Unloaded process successfully.
c:\Windows\Yryqya.exe (Trojan.FraudPack.Gen) -> 4008 -> Unloaded process successfully.
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\CLSID\{7P8GJOP0-2F67-76HO-2088-813C0Y61476S} (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7P8GJOP0-2F67-76HO-2088-813C0Y61476S} (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\8DDYX0ZBPZ (Trojan.FraudPack.Gen) -> Value: 8DDYX0ZBPZ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run\Policies (Backdoor.IRCBot) -> Value: Policies -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\Run\Policies (Backdoor.IRCBot) -> Value: Policies -> Quarantined and deleted successfully.
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
c:\Users\Pascal\AppData\Local\Temp\Yqd.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\tempsetup\install\ieupdater.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\Yryqya.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-1217253734-2632112794-3331067575-1001\$RQI6XUL.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\Pascal\local settings\temporary internet files\Content.IE5\P4NINVC3\installer_free_mp3_wma_ wav_converter_2_0_dutch[1].exe (PUP.SmsPay.PGen) -> Quarantined and deleted successfully.
c:\Users\Pascal\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Pascal\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
Hijacklog:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:46:14, on 14-7-2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ESET\nod32kui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Pascal\Desktop\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQCON/7
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.heavens-dream.com/ipb/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQCON/7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQCON/7
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files (x86)\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UpdateReminder] C:\Program Files (x86)\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download met MiPony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Open Selected URL - C:\Program Files (x86)\Right Click Google Search Open Selected URL\openselectedurl.htm
O8 - Extra context menu item: Search &Google - C:\Program Files (x86)\Right Click Google Search Open Selected URL\google.htm
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files (x86)\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8584 bytes
EvelineGirl 14 July 2011, 15:31 Hoi,
1.
Download ComboFix van één van deze locaties:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) kunt u lezen hoe u Combofix dient te gebruiken.
1. Bij Windows XP gebruikers zal er indien nodig gevraagd worden om de "Recovery Console" te installeren, sta dit dan toe (hiervoor is een actieve internet verbinding vereist)
2. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
* (hier (http://www.bleepingcomputer.com/forums/topic114351.html) of hier (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) staat een handleiding over hoe je deze kan uitschakelen
3. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
4. Dubbelklik op "Combofix.exe" om de tool te starten.
5. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.
* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.
6. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
2.
Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) en plaats het op je bureaublad.
Pak de bestanden in tdsskiller.zip uit.
Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
Windows 7 en Windows Vista gebruikers:
Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.
Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.
http://www.imgdumper.nl/uploads4/4dc1d6438f791/4dc1d6438d897-TDSSKiller_2011-05-05_00-26-21.jpg
Klik op de knop "Start Scan" en volg de instructies.
Wanneer de scan klaar is klik je op de knop "Report".
Er opent een kladblokbestand. Post de inhoud van dit bestand.
Herstart de pc als TDSSKiller die optie geeft. (Reboot now)
Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt
Succes,
Eveline.
Natazja 14 July 2011, 15:54 Dank je wel voor je antwoord.
Hier zijn de logjes:
Combofix:
ComboFix 11-07-13.04 - Pascal 14-07-2011 15:42:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.2545 [GMT 2:00]
Gestart vanuit: c:\users\Pascal\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pascal\AppData\Roaming\Microsoft\Windows\ Recent\Heavens - Dream .url
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-06-14 to 2011-07-14 ))))))))))))))))))))))))))))))
.
.
2011-07-14 13:46 . 2011-07-14 13:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-14 10:45 . 2011-07-14 10:45 388096 ----a-r- c:\users\Pascal\AppData\Roaming\Microsoft\Installe r\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-14 10:45 . 2011-07-14 10:45 -------- d-----w- c:\program files (x86)\Trend Micro
2011-07-14 06:35 . 2011-07-14 06:35 -------- d-----w- c:\users\Pascal\AppData\Roaming\Malwarebytes
2011-07-14 06:35 . 2011-07-14 06:35 -------- d-----w- c:\programdata\Malwarebytes
2011-07-14 06:35 . 2011-05-29 07:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-14 06:35 . 2011-07-14 06:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-14 06:35 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-14 05:11 . 2011-07-14 05:11 115712 --sha-r- c:\windows\SysWow64\KBDMACO.dll
2011-07-13 05:39 . 2011-07-13 05:39 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-07-13 05:21 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{608E5FE5-15E6-4E88-8E2C-28B89D05EC9F}\mpengine.dll
2011-07-09 09:58 . 2011-07-09 09:58 -------- d-----w- C:\tempsetup
2011-06-29 20:32 . 2011-06-29 20:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-29 12:27 . 2011-06-29 12:27 -------- d-----w- c:\users\Pascal\AppData\Roaming\SpinTop Games
2011-06-28 20:32 . 2011-06-16 04:49 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-06-28 20:32 . 2010-01-01 08:00 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-28 20:32 . 2010-01-01 08:00 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-26 12:58 . 2011-06-26 12:58 -------- d-----w- c:\users\Pascal\AppData\Roaming\Media Player Classic
2011-06-21 21:24 . 2011-06-21 21:31 -------- d-----w- c:\users\Pascal\AppData\Roaming\Mipony
2011-06-18 09:23 . 2011-06-18 09:23 -------- d-----w- c:\users\Pascal\AppData\Roaming\Anarchy
2011-06-17 16:05 . 2011-06-17 16:05 -------- d-----w- c:\users\Pascal\AppData\Roaming\Orneon
2011-06-17 16:03 . 2011-06-17 16:04 -------- d-----w- c:\program files (x86)\Hide and Secret 4- The Lost World
2011-06-17 16:03 . 2011-06-17 16:04 -------- d-----w- c:\program files (x86)\Secrets of the Dark - Temple of Night CE
2011-06-15 05:23 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 05:23 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 05:23 . 2011-04-29 05:55 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-15 05:23 . 2011-04-29 04:57 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-15 05:23 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 05:23 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 05:23 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-14 17:41 . 2011-06-14 17:41 -------- d-----w- c:\program files (x86)\MSECache
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-07-05 21:45 . 2011-05-14 12:39 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-07 10:46 . 2011-06-07 10:46 2890984 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2011-06-07 09:40 . 2011-06-07 09:40 1559656 ----a-w- c:\windows\system32\RTSnMg64.cpl
2011-06-03 05:57 . 2011-07-13 05:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-03 04:11 . 2011-06-03 04:11 1805928 ----a-w- c:\windows\system32\RtkApi64.dll
2011-06-02 07:03 . 2011-06-02 07:03 92264 ----a-w- c:\windows\system32\RCoInst64.dll
2011-05-31 00:09 . 2011-05-31 00:09 3114088 ----a-w- c:\windows\system32\RtkAPO64.dll
2011-05-24 17:14 . 2010-05-27 20:22 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-23 07:12 . 2011-05-23 07:12 1245288 ----a-w- c:\windows\system32\RTCOM64.dll
2011-05-20 00:35 . 2011-05-20 00:35 2399232 ----a-w- c:\windows\system32\RtPgEx64.dll
2011-05-05 05:24 . 2011-05-05 05:24 2085440 ----a-w- c:\windows\system32\FMAPO64.dll
2011-05-04 02:52 . 2010-06-17 17:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-29 15:48 . 2011-04-29 15:48 34816 ----a-w- c:\windows\SysWow64\~bwcrc32.dll
2011-04-28 10:28 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-04-28 10:28 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-04-22 22:15 . 2011-05-25 05:25 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]
"nod32kui"="c:\program files (x86)\Eset\nod32kui.exe" [2010-05-27 949376]
"UpdateReminder"="c:\program files (x86)\Eset\UpdateReminder.exe" [2011-02-05 434176]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\ windows\currentversion\explorer\ShellExecuteHooks]
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 IEupdate;IEupdate;c:\tempsetup\install\test_binded .exe [2011-07-13 1709568]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\nmwcdcx64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\nmwcdx64.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TF sExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Inhoud van de 'Gedeelde Taken' map
.
2011-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.heavens-dream.com/ipb/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download met MiPony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Open Selected URL - c:\program files (x86)\Right Click Google Search Open Selected URL\openselectedurl.htm
IE: Search &Google - c:\program files (x86)\Right Click Google Search Open Selected URL\google.htm
LSP: c:\windows\system32\imon.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Pascal\AppData\Roaming\Mozilla\Firefox\Pr ofiles\i9oygx2c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.heavens-dream.com/ipb/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKLM-Run-Corel Photo Downloader - c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe
Wow6432Node-HKLM-Run-NPSStartup - (no file)
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Windows Media Audio 10 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Arrange Audio] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Audio Info] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Channel Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ID Tag Update] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Length Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Multi Encoder] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ReplayGain] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Tag From Filename] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1217253734-2632112794-3331067575-1001_Classes\Wow6432Node\CLSID\{4e51649e-c59e-4634-98b7-6e84c2275d71}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000b7
"Therad"=dword:00000007
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca, fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68 ,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-1217253734-2632112794-3331067575-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):95,06,14,95,1a,af,e1,62,2b,94,2f,f5,fb,42, ca,8c,cd,ff,32,76,08,
b6,8d,47,10,66,26,bd,64,f7,62,22,6b,1e,4a,b7,29,29 ,d4,ff,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil 10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil1 0u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.o cx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.o cx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.o cx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.o cx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-07-14 15:48:14
ComboFix-quarantined-files.txt 2011-07-14 13:48
.
Pre-Run: 457.762.275.328 bytes beschikbaar
Post-Run: 457.691.832.320 bytes beschikbaar
.
- - End Of File - - 4698AB9C967FEDE522384FD862AC0E30
TDS:
2011/07/14 15:49:25.0844 2300 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/14 15:49:26.0031 2300 ================================================== ==============================
2011/07/14 15:49:26.0031 2300 SystemInfo:
2011/07/14 15:49:26.0031 2300
2011/07/14 15:49:26.0031 2300 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/14 15:49:26.0031 2300 Product type: Workstation
2011/07/14 15:49:26.0031 2300 ComputerName: NATAZJA
2011/07/14 15:49:26.0031 2300 UserName: Pascal
2011/07/14 15:49:26.0031 2300 Windows directory: C:\Windows
2011/07/14 15:49:26.0031 2300 System windows directory: C:\Windows
2011/07/14 15:49:26.0031 2300 Running under WOW64
2011/07/14 15:49:26.0031 2300 Processor architecture: Intel x64
2011/07/14 15:49:26.0031 2300 Number of processors: 4
2011/07/14 15:49:26.0031 2300 Page size: 0x1000
2011/07/14 15:49:26.0031 2300 Boot type: Normal boot
2011/07/14 15:49:26.0031 2300 ================================================== ==============================
2011/07/14 15:49:26.0936 2300 Initialize success
2011/07/14 15:49:29.0136 3284 ================================================== ==============================
2011/07/14 15:49:29.0136 3284 Scan started
2011/07/14 15:49:29.0136 3284 Mode: Manual;
2011/07/14 15:49:29.0136 3284 ================================================== ==============================
2011/07/14 15:49:30.0384 3284 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/07/14 15:49:30.0430 3284 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/07/14 15:49:30.0446 3284 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/07/14 15:49:30.0477 3284 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/14 15:49:30.0508 3284 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/14 15:49:30.0540 3284 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/14 15:49:30.0602 3284 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/07/14 15:49:30.0618 3284 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/07/14 15:49:30.0649 3284 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/07/14 15:49:30.0680 3284 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/07/14 15:49:30.0711 3284 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/14 15:49:30.0727 3284 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/14 15:49:30.0758 3284 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/07/14 15:49:30.0789 3284 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/14 15:49:30.0805 3284 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/07/14 15:49:30.0852 3284 AMON (7a3594db0e6b9a07ef1c08fb7d689b77) C:\Windows\system32\drivers\amon.sys
2011/07/14 15:49:30.0898 3284 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/07/14 15:49:30.0945 3284 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/14 15:49:30.0976 3284 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/14 15:49:31.0008 3284 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/14 15:49:31.0039 3284 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/07/14 15:49:31.0086 3284 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/14 15:49:31.0117 3284 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/14 15:49:31.0148 3284 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/14 15:49:31.0179 3284 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/14 15:49:31.0210 3284 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/14 15:49:31.0242 3284 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/14 15:49:31.0257 3284 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/14 15:49:31.0288 3284 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/14 15:49:31.0304 3284 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/14 15:49:31.0320 3284 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/14 15:49:31.0351 3284 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/14 15:49:31.0382 3284 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/14 15:49:31.0429 3284 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/14 15:49:31.0460 3284 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/07/14 15:49:31.0491 3284 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/14 15:49:31.0507 3284 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/14 15:49:31.0554 3284 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/14 15:49:31.0585 3284 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/07/14 15:49:31.0616 3284 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/07/14 15:49:31.0632 3284 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/14 15:49:31.0663 3284 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/14 15:49:31.0694 3284 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/14 15:49:31.0741 3284 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/07/14 15:49:31.0756 3284 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/14 15:49:31.0788 3284 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/14 15:49:31.0834 3284 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/14 15:49:31.0866 3284 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/14 15:49:31.0959 3284 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/14 15:49:32.0162 3284 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/14 15:49:32.0209 3284 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/07/14 15:49:32.0256 3284 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/14 15:49:32.0271 3284 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/14 15:49:32.0302 3284 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/14 15:49:32.0318 3284 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/14 15:49:32.0349 3284 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/14 15:49:32.0365 3284 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/14 15:49:32.0396 3284 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/07/14 15:49:32.0427 3284 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/14 15:49:32.0458 3284 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/14 15:49:32.0490 3284 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/14 15:49:32.0505 3284 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/14 15:49:32.0536 3284 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/14 15:49:32.0568 3284 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/14 15:49:32.0583 3284 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/14 15:49:32.0614 3284 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/14 15:49:32.0630 3284 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/14 15:49:32.0677 3284 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/14 15:49:32.0755 3284 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/14 15:49:32.0802 3284 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/07/14 15:49:32.0848 3284 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/14 15:49:32.0880 3284 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/07/14 15:49:32.0911 3284 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/07/14 15:49:32.0958 3284 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/14 15:49:33.0067 3284 IntcAzAudAddService (392d5c87f282e8e36df5154418a7bb20) C:\Windows\system32\drivers\RTKVHD64.sys
2011/07/14 15:49:33.0145 3284 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/07/14 15:49:33.0176 3284 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/14 15:49:33.0223 3284 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/14 15:49:33.0238 3284 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/14 15:49:33.0270 3284 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/14 15:49:33.0285 3284 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/14 15:49:33.0301 3284 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/07/14 15:49:33.0332 3284 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/07/14 15:49:33.0363 3284 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/14 15:49:33.0379 3284 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/14 15:49:33.0410 3284 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/14 15:49:33.0441 3284 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/14 15:49:33.0472 3284 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/14 15:49:33.0519 3284 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/14 15:49:33.0566 3284 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/14 15:49:33.0597 3284 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/14 15:49:33.0613 3284 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/14 15:49:33.0628 3284 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/14 15:49:33.0675 3284 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/14 15:49:33.0722 3284 MBAMProtector (ed49fd1373de93617a1f6d128d98fe4d) C:\Windows\system32\drivers\mbam.sys
2011/07/14 15:49:33.0769 3284 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/14 15:49:33.0784 3284 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/14 15:49:33.0816 3284 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/14 15:49:33.0831 3284 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/14 15:49:33.0862 3284 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/14 15:49:33.0878 3284 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/14 15:49:33.0909 3284 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/07/14 15:49:33.0925 3284 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/07/14 15:49:33.0956 3284 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/14 15:49:33.0987 3284 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/07/14 15:49:34.0018 3284 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/14 15:49:34.0065 3284 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/14 15:49:34.0096 3284 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/14 15:49:34.0128 3284 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/07/14 15:49:34.0159 3284 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/07/14 15:49:34.0206 3284 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/14 15:49:34.0221 3284 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/14 15:49:34.0237 3284 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/07/14 15:49:34.0268 3284 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/14 15:49:34.0284 3284 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/14 15:49:34.0315 3284 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/14 15:49:34.0330 3284 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/07/14 15:49:34.0362 3284 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/07/14 15:49:34.0377 3284 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/14 15:49:34.0408 3284 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/14 15:49:34.0424 3284 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/14 15:49:34.0471 3284 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/14 15:49:34.0518 3284 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/07/14 15:49:34.0564 3284 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/14 15:49:34.0596 3284 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/14 15:49:34.0627 3284 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/14 15:49:34.0658 3284 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/14 15:49:34.0705 3284 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/07/14 15:49:34.0720 3284 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/14 15:49:34.0752 3284 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/14 15:49:34.0814 3284 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/14 15:49:34.0876 3284 nmwcdcx64 (65b09204520e92bb56d06a170aede598) C:\Windows\system32\drivers\nmwcdcx64.sys
2011/07/14 15:49:34.0908 3284 nmwcdx64 (ad8c3895155ee8d057f073856b2d5851) C:\Windows\system32\drivers\nmwcdx64.sys
2011/07/14 15:49:34.0939 3284 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/14 15:49:34.0954 3284 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/14 15:49:35.0017 3284 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/07/14 15:49:35.0064 3284 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/14 15:49:35.0095 3284 NVHDA (17a7e888e330c7dfe59c97be44ddcf16) C:\Windows\system32\drivers\nvhda64v.sys
2011/07/14 15:49:35.0329 3284 nvlddmkm (f0fbfe1e29ff233b0e000054c1fb968a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/14 15:49:35.0547 3284 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
2011/07/14 15:49:35.0578 3284 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/07/14 15:49:35.0610 3284 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/07/14 15:49:35.0641 3284 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
2011/07/14 15:49:35.0672 3284 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/07/14 15:49:35.0688 3284 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/07/14 15:49:35.0734 3284 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/14 15:49:35.0766 3284 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/07/14 15:49:35.0781 3284 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/07/14 15:49:35.0812 3284 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/07/14 15:49:35.0844 3284 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/14 15:49:35.0859 3284 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/14 15:49:35.0890 3284 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/14 15:49:35.0968 3284 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/14 15:49:35.0984 3284 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/14 15:49:36.0062 3284 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/14 15:49:36.0093 3284 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/14 15:49:36.0124 3284 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/14 15:49:36.0171 3284 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/14 15:49:36.0187 3284 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/14 15:49:36.0218 3284 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/14 15:49:36.0249 3284 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/14 15:49:36.0280 3284 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/14 15:49:36.0296 3284 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/14 15:49:36.0327 3284 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/14 15:49:36.0358 3284 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/14 15:49:36.0374 3284 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/14 15:49:36.0405 3284 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/14 15:49:36.0421 3284 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/14 15:49:36.0468 3284 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/07/14 15:49:36.0499 3284 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/07/14 15:49:36.0561 3284 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/14 15:49:36.0592 3284 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/07/14 15:49:36.0624 3284 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/14 15:49:36.0655 3284 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/14 15:49:36.0686 3284 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/14 15:49:36.0717 3284 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/14 15:49:36.0733 3284 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/14 15:49:36.0780 3284 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/07/14 15:49:36.0795 3284 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/14 15:49:36.0811 3284 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/14 15:49:36.0842 3284 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/14 15:49:36.0889 3284 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/14 15:49:36.0904 3284 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/14 15:49:36.0936 3284 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/14 15:49:36.0967 3284 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/14 15:49:37.0014 3284 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/07/14 15:49:37.0045 3284 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/14 15:49:37.0060 3284 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/14 15:49:37.0107 3284 ss_bbus (ef806d212d34b0e173baeb3564d53e37) C:\Windows\system32\DRIVERS\ss_bbus.sys
2011/07/14 15:49:37.0154 3284 ss_bmdfl (08b1b34abebeb6ac2dea06900c56411e) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
2011/07/14 15:49:37.0154 3284 ss_bmdm (71a9da6beaa4cb54dfb827fb78600a5d) C:\Windows\system32\DRIVERS\ss_bmdm.sys
2011/07/14 15:49:37.0185 3284 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/14 15:49:37.0201 3284 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/07/14 15:49:37.0294 3284 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
2011/07/14 15:49:37.0404 3284 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/14 15:49:37.0435 3284 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/14 15:49:37.0466 3284 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/14 15:49:37.0482 3284 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/14 15:49:37.0513 3284 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/14 15:49:37.0528 3284 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/07/14 15:49:37.0575 3284 TFsExDisk (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
2011/07/14 15:49:37.0638 3284 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/14 15:49:37.0653 3284 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/14 15:49:37.0684 3284 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/14 15:49:37.0716 3284 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/14 15:49:37.0762 3284 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/14 15:49:37.0794 3284 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/14 15:49:37.0825 3284 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/07/14 15:49:37.0840 3284 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/14 15:49:37.0872 3284 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/14 15:49:37.0903 3284 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/07/14 15:49:37.0934 3284 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/14 15:49:37.0950 3284 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/14 15:49:37.0981 3284 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/14 15:49:38.0028 3284 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/14 15:49:38.0059 3284 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/14 15:49:38.0074 3284 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/14 15:49:38.0106 3284 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/14 15:49:38.0137 3284 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/14 15:49:38.0168 3284 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/14 15:49:38.0184 3284 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/14 15:49:38.0199 3284 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/07/14 15:49:38.0230 3284 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/07/14 15:49:38.0262 3284 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/07/14 15:49:38.0293 3284 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/07/14 15:49:38.0324 3284 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/07/14 15:49:38.0355 3284 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/14 15:49:38.0371 3284 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/07/14 15:49:38.0402 3284 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/14 15:49:38.0433 3284 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/14 15:49:38.0449 3284 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/14 15:49:38.0511 3284 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/14 15:49:38.0527 3284 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/14 15:49:38.0589 3284 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/14 15:49:38.0605 3284 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/14 15:49:38.0667 3284 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/14 15:49:38.0698 3284 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/14 15:49:38.0745 3284 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/07/14 15:49:38.0761 3284 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/14 15:49:38.0808 3284 MBR (0x1B8) (407c1f524ee2f9f3b855ff6223fc93ba) \Device\Harddisk0\DR0
2011/07/14 15:49:38.0870 3284 Boot (0x1200) (2775b2b90706b95c5369fc32d6300017) \Device\Harddisk0\DR0\Partition0
2011/07/14 15:49:38.0901 3284 Boot (0x1200) (40c23b25a4a59cfca1bbeff3fcfcc0a4) \Device\Harddisk0\DR0\Partition1
2011/07/14 15:49:38.0932 3284 Boot (0x1200) (f430b680264b8f132b91b75ea9561021) \Device\Harddisk0\DR0\Partition2
2011/07/14 15:49:38.0979 3284 Boot (0x1200) (5b3f484438ed35016c6382490ee44a8e) \Device\Harddisk0\DR0\Partition3
2011/07/14 15:49:38.0995 3284 Boot (0x1200) (c87ebc2cbfd891340a820a95fa20535d) \Device\Harddisk0\DR0\Partition4
2011/07/14 15:49:38.0995 3284 ================================================== ==============================
2011/07/14 15:49:38.0995 3284 Scan finished
2011/07/14 15:49:38.0995 3284 ================================================== ==============================
2011/07/14 15:49:39.0010 2700 Detected object count: 0
2011/07/14 15:49:39.0010 2700 Actual detected object count: 0
EvelineGirl 14 July 2011, 18:32 1.
Maak verborgen mappen en bestanden zichtbaar.
Ga naar Computer
Kies Organiseren > Map- en zoekopties
Ga naar het tabblad Weergave
Scroll in het venster naar Verborgen bestanden en mappen
Selecteer de optie Verborgen bestanden en mappen weergeven
Klik op Toepassen > OK
Upload dit bestand naar virustotal: http://www.virustotal.com/
c:\windows\SysWow64\KBDMACO.dll
Druk op heranalyseren als het bestand eerder is gescant.
Post hier de resultaten.
Natazja 14 July 2011, 21:43 Ik kan dat bestand niet vinden?
Heb verborgen bestanden en mappen weergaven aangevinkt.. Heb er een KBDMAC.dll staan en een KBDMACST.dll maar niet t t dll bestandje dat jij aangeeft?
EvelineGirl 15 July 2011, 12:42 Download zoek.exe (http://home.zonnet.nl/wopereis41/Tools/zoek.exe)
Plaats hem op je bureaublad.
Rechtsklik op zoek.exe ->uitvoeren als Administrator.
Typ B gevolgd door Enter om de "Custom search" te starten.
Een bestand met de naam "input.txt" zal openen.
Kopieer hier de volgende code in:
KBDMACO.dll;
Als je de code in het bestand geplaatst hebt mag je input.txt sluiten, laat wijzigingen opslaan.
Hierna begint de scan te lopen, wacht geduldig tot een log opent en post het resultaat in je volgende bericht.
P.S ik zal waarschijnlijk pas zondag avond weer kunnen reageren. :)
Natazja 15 July 2011, 13:07 Log:
==================
Zoek.exe by smeenk
Updated 22-03-2011
==================
*************Folders************
**************Files*************
--- C:\Windows\System32\KBDMACO.dll ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 115712
Created time: 2011-07-14 05:11:38
Modified time: 2011-07-14 05:11:38
MD5: !HASH: COULD NOT OPEN FILE !!!!!
SHA1: !HASH: COULD NOT OPEN FILE !!!!!
--- C:\Windows\SysWOW64\KBDMACO.dll ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 115712
Created time: 2011-07-14 05:11:38
Modified time: 2011-07-14 05:11:38
MD5: !HASH: COULD NOT OPEN FILE !!!!!
SHA1: !HASH: COULD NOT OPEN FILE !!!!!
********************************
Oke..ik zie vanzelf wel wanneer er reactie komt ;)
EvelineGirl 15 July 2011, 13:15 Nu dus nog, maar ga zo weg.
Het bestand staat ook in de system32 map.
C:\Windows\System32\KBDMACO.dll
Upload dat bestand dan maar. :)
Natazja 15 July 2011, 14:24 Sorry...ook in die map is hij niet te vinden.
Ik zie t zelfde als in reactie 5 maar t dll bestandje waar jij t over hebt zit er niet in :(
EvelineGirl 17 July 2011, 20:24 Ik kan er in ieder geval niks over vinden. Wat meestal betekend dat het niet op je systeem thuis hoort. We gaan ze verzenden.
Als combofix aan geeft dat er een update beschikbaar is dan sta je toe dat deze bijgewerkt wordt.
Open een kladblok kopieer en plak de onderstaande code:
http://www.minatica.be/newreply.php?do=postreply&t=76094
Suspect::
C:\Windows\System32\KBDMACO.dll
C:\Windows\SysWOW64\KBDMACO.dll
Sla dit op op je Bureaublad als CFScript.txt.
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
http://crew.nucia.eu/smeenk/CFScript.gif
Dit zal ComboFix doen herstarten, post het nieuwe Combofix logje in je volgende antwoord.
Hoe gaat het nu inmiddels?
Natazja 17 July 2011, 21:00 De melding van Windows Security Center-service is inmiddels verholpen. Die staat nu in ieder geval weer gewoon aan.
Dus dat probleem is opgelost lijkt t.
De log:
ComboFix 11-07-17.03 - Pascal 17-07-2011 20:51:12.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.2659 [GMT 2:00]
Gestart vanuit: c:\users\Pascal\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Pascal\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-06-17 to 2011-07-17 ))))))))))))))))))))))))))))))
.
.
2011-07-17 18:55 . 2011-07-17 18:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-14 10:45 . 2011-07-14 10:45 388096 ----a-r- c:\users\Pascal\AppData\Roaming\Microsoft\Installe r\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-14 10:45 . 2011-07-14 10:45 -------- d-----w- c:\program files (x86)\Trend Micro
2011-07-14 06:35 . 2011-07-14 06:35 -------- d-----w- c:\users\Pascal\AppData\Roaming\Malwarebytes
2011-07-14 06:35 . 2011-07-14 06:35 -------- d-----w- c:\programdata\Malwarebytes
2011-07-14 06:35 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-14 05:11 . 2011-07-14 05:11 115712 ------w- c:\windows\SysWow64\KBDMACO.dll
2011-07-13 05:39 . 2011-07-13 05:39 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-07-13 05:21 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{608E5FE5-15E6-4E88-8E2C-28B89D05EC9F}\mpengine.dll
2011-07-09 09:58 . 2011-07-09 09:58 -------- d-----w- C:\tempsetup
2011-06-29 20:32 . 2011-06-29 20:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-29 12:27 . 2011-06-29 12:27 -------- d-----w- c:\users\Pascal\AppData\Roaming\SpinTop Games
2011-06-28 20:32 . 2011-06-16 04:49 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-06-28 20:32 . 2010-01-01 08:00 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-28 20:32 . 2010-01-01 08:00 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-26 12:58 . 2011-06-26 12:58 -------- d-----w- c:\users\Pascal\AppData\Roaming\Media Player Classic
2011-06-21 21:24 . 2011-06-21 21:31 -------- d-----w- c:\users\Pascal\AppData\Roaming\Mipony
2011-06-18 09:23 . 2011-06-18 09:23 -------- d-----w- c:\users\Pascal\AppData\Roaming\Anarchy
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-07-05 21:45 . 2011-05-14 12:39 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-07 10:46 . 2011-06-07 10:46 2890984 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2011-06-07 09:40 . 2011-06-07 09:40 1559656 ----a-w- c:\windows\system32\RTSnMg64.cpl
2011-06-03 05:57 . 2011-07-13 05:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-03 04:11 . 2011-06-03 04:11 1805928 ----a-w- c:\windows\system32\RtkApi64.dll
2011-06-02 07:03 . 2011-06-02 07:03 92264 ----a-w- c:\windows\system32\RCoInst64.dll
2011-05-31 00:09 . 2011-05-31 00:09 3114088 ----a-w- c:\windows\system32\RtkAPO64.dll
2011-05-28 03:30 . 2011-06-15 05:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 02:53 . 2011-06-15 05:22 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-24 17:14 . 2010-05-27 20:22 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-23 07:12 . 2011-05-23 07:12 1245288 ----a-w- c:\windows\system32\RTCOM64.dll
2011-05-20 00:35 . 2011-05-20 00:35 2399232 ----a-w- c:\windows\system32\RtPgEx64.dll
2011-05-05 05:24 . 2011-05-05 05:24 2085440 ----a-w- c:\windows\system32\FMAPO64.dll
2011-05-04 02:52 . 2010-06-17 17:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-05-03 05:29 . 2011-06-15 05:22 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:30 . 2011-06-15 05:22 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-29 15:48 . 2011-04-29 15:48 34816 ----a-w- c:\windows\SysWow64\~bwcrc32.dll
2011-04-29 03:06 . 2011-06-15 05:22 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:05 . 2011-06-15 05:22 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:05 . 2011-06-15 05:22 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-28 10:28 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-04-28 10:28 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-04-27 02:40 . 2011-06-15 05:23 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-27 02:39 . 2011-06-15 05:23 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-27 02:39 . 2011-06-15 05:23 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-25 05:33 . 2011-06-15 05:23 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:34 . 2011-06-15 05:23 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 22:15 . 2011-05-25 05:25 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-22 22:08 . 2011-06-15 05:22 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-04-22 19:10 . 2011-06-15 05:22 981504 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-14_13.46.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-07-16 05:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-14 07:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-14 07:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-16 05:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-14 07:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-07-14 04:54 . 2011-07-16 05:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2010-01-16 02:21 . 2011-07-17 08:23 42942 c:\windows\system32\wdi\ShutdownPerformanceDiagnos tics_SystemData.bin
- 2009-07-14 05:10 . 2011-07-14 07:55 29202 c:\windows\system32\wdi\BootPerformanceDiagnostics _SystemData.bin
+ 2009-07-14 05:10 . 2011-07-17 08:23 29202 c:\windows\system32\wdi\BootPerformanceDiagnostics _SystemData.bin
+ 2010-05-27 19:54 . 2011-07-17 08:23 11898 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1217253734-2632112794-3331067575-1001_UserData.bin
- 2010-05-27 19:49 . 2011-07-14 10:37 16384 c:\windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-27 19:49 . 2011-07-17 18:47 16384 c:\windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-14 10:37 . 2011-07-14 10:37 32768 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-07-14 10:37 . 2011-07-17 18:47 32768 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-14 10:37 16384 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-07-14 04:54 . 2011-07-17 18:47 16384 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2010-05-27 20:06 . 2011-07-14 07:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-27 20:06 . 2011-07-17 08:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-27 20:06 . 2011-07-17 08:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-27 20:06 . 2011-07-14 07:53 32768 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-27 20:06 . 2011-07-17 08:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
- 2010-05-27 20:06 . 2011-07-14 07:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
- 2010-05-27 19:55 . 2011-07-14 13:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-27 19:55 . 2011-07-17 18:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
- 2010-05-27 19:55 . 2011-07-14 13:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
+ 2010-05-27 19:55 . 2011-07-17 18:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
+ 2011-07-17 08:21 . 2011-07-17 08:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2011-07-14 07:53 . 2011-07-14 07:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2011-07-14 07:53 . 2011-07-14 07:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2011-07-17 08:21 . 2011-07-17 08:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2010-01-16 11:06 . 2011-07-14 11:48 701326 c:\windows\system32\perfh013.dat
+ 2010-01-16 11:06 . 2011-07-17 08:27 701326 c:\windows\system32\perfh013.dat
- 2009-07-14 02:36 . 2011-07-14 11:48 615810 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-07-17 08:27 615810 c:\windows\system32\perfh009.dat
- 2010-01-16 11:06 . 2011-07-14 11:48 133358 c:\windows\system32\perfc013.dat
+ 2010-01-16 11:06 . 2011-07-17 08:27 133358 c:\windows\system32\perfc013.dat
- 2009-07-14 02:36 . 2011-07-14 11:48 106190 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-07-17 08:27 106190 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2011-07-14 10:37 262144 c:\windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-07-17 18:47 262144 c:\windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
- 2010-05-27 20:03 . 2011-07-09 10:25 4184360 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache3.0.0.0.dat
+ 2010-05-27 20:03 . 2011-07-16 18:08 4184360 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2011-07-14 07:50 1070526 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-16 23:25 1070526 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat
+ 2011-04-28 21:34 . 2011-07-16 18:08 7551580 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-1217253734-2632112794-3331067575-1001-12288.dat
- 2011-04-28 21:34 . 2011-07-14 06:27 7551580 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-1217253734-2632112794-3331067575-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]
"nod32kui"="c:\program files (x86)\Eset\nod32kui.exe" [2010-05-27 949376]
"UpdateReminder"="c:\program files (x86)\Eset\UpdateReminder.exe" [2011-02-05 434176]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\ windows\currentversion\explorer\ShellExecuteHooks]
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 IEupdate;IEupdate;c:\tempsetup\install\test_binded .exe [2011-07-16 1712640]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\nmwcdcx64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\nmwcdx64.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TF sExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Inhoud van de 'Gedeelde Taken' map
.
2011-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.heavens-dream.com/ipb/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download met MiPony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Open Selected URL - c:\program files (x86)\Right Click Google Search Open Selected URL\openselectedurl.htm
IE: Search &Google - c:\program files (x86)\Right Click Google Search Open Selected URL\google.htm
LSP: c:\windows\system32\imon.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Pascal\AppData\Roaming\Mozilla\Firefox\Pr ofiles\i9oygx2c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.heavens-dream.com/ipb/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1217253734-2632112794-3331067575-1001_Classes\Wow6432Node\CLSID\{4e51649e-c59e-4634-98b7-6e84c2275d71}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000b7
"Therad"=dword:00000007
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca, fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68 ,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-1217253734-2632112794-3331067575-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):95,06,14,95,1a,af,e1,62,2b,94,2f,f5,fb,42, ca,8c,cd,ff,32,76,08,
b6,8d,47,10,66,26,bd,64,f7,62,22,6b,1e,4a,b7,29,29 ,d4,ff,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil 10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil1 0u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.o cx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.o cx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.o cx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.o cx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-07-17 20:57:15
ComboFix-quarantined-files.txt 2011-07-17 18:57
.
Pre-Run: 455.854.518.272 bytes beschikbaar
Post-Run: 456.148.492.288 bytes beschikbaar
.
- - End Of File - - C6B2431D4B94C27012DFD7F0A45B607C
Upload was successvol
EvelineGirl 17 July 2011, 21:10 Dat is goed om te horen.
De bestanden zijn geupload dus mochten ze kwaadaardig zijn dan hoor je nog van me.:)
Je mag vast de programma's verwijderen die we hebben gebruikt.
Voor Combofix doe je dit:
1.
Ga naar Start
Kopieer en plak: Combofix /Uninstall in de startzoekbalk
Druk daarna op OK.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.
De rest verwijder je handmatig.
2.
Download of Update Ccleaner (http://www.piriform.com/ccleaner/download/slim)
Start CCleaner op.
Run Ccleaner en klik in de linkse kolom op Opties
Selecteer het tabblad Geavanceerd
Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
Selecteer het tabblad Instellingen
Haal het vinkje weg bij "Computer automatisch schoonmaken...."
Klik in de linkse kolom op Cleaner.
Klik dan achtereenvolgens op Analyseer en Schoonmaken.
Klik vervolgens in de linkse kolom op Register
Klik op Scan naar problemen.
Als er fouten gevonden worden klik je op Herstel geselecteerde problemen en OK
3.
Systeemherstel.
Als de computer geïnfecteerd is geweest met een malware infectie is het raadzaam om alle aanwezige systeemherstelpunten te verwijderen, want hier kunnen namelijk besmette herstelpunten tussen zitten.
Hoe u de herstelpunten verwijderd leest u hier. (http://www.malwareinfo.nl/malware/systeemherstel.html)
4.
Meer informatie over het op to date houden van uw software en tips om herinfectie te voorkomen vind u oa hier:
http://www.malwareinfo.nl/handigetips/updates.html en hier: http://users.telenet.be/marcvn/spyware/1564073.htm
Voorkomen is immers beter dan genezen.
Natazja 17 July 2011, 21:30 Dank je wel..alle laatste stapjes nog ff gevolgt ;)
Dank je wel voor je hulp en ik merk nog wel of je antwoord krijgt hoe of wat als t nodig is.
Fijne avond nog..
Groetjes
Natazja 21 July 2011, 00:41 Ik heb Nod32 er eens afgegooid en nu heb ik AVG erop gezet.
Die heeft t betreffende bestand: KBDMACO.dll wel gevonden in de map syswow64 terwijl ik hem echt niet kon zien.
Hij heeft t desbetreffende bestandje in quarantaine gezet want volgens AVG is t een Trojaans paard Generic32.BHWY
Dacht..laat t toch even weten ;)
Groetjes
EvelineGirl 21 July 2011, 12:33 Ik had nog steeds niets gehoord, maar ik had natuurlijk al zo mijn vermoedens.
Slotje dus maar?
Natazja 22 July 2011, 07:19 Ja hoor is prima.
Dank je wel voor je hulp ;)
Groetjes
EvelineGirl 22 July 2011, 12:40 Graag gedaam. bij deze ook een 'slotje'.
|
|