Volledige versie bekijken : Computer doet geen systeemherstel meer
planina 11 January 2012, 07:10 Goeiemorgen deze morgen,
Mijn computer doet geen systeemherstel meer en is traag bij het opstarten.
Soms loop hij ook vast dat ik terug moet opstarten.
Hierbij het log van hijack.
Mvg
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:03:54, on 11/01/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\APPS\SAXO\HIDSERV.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Norton AntiVirus\Engine\19.2.0.10\ccSvcHst.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Packard Bell\SrvCDEject.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton AntiVirus\Engine\19.2.0.10\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\WINDOWS\System32\drivers\Tray900.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Documents and Settings\Eddegar\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Eddegar\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Eddegar\Local Settings\Temporary Internet Files\Content.IE5\D0QFOWKT\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=BENL&range=AD&phase=6&key=SEARCH
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.2.0.10\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\s wg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll
O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DriveIcons] "C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PostOOBE] C:\WINDOWS\system32\wscript.exe C:\DRIVERS\POSTOOBE.NEC //E:VBS
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Eddegar\Local Settings\Application Data\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\benl.htm
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20111013105747
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1308929716312
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://webcam.sint-niklaas.be/activex/AMC.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - C:\APPS\SAXO\HIDSERV.EXE
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\19.2.0.10\ccSvcHst.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
Rosty 11 January 2012, 23:11 Download de Emsisoft Emergency Kit (http://download11.emsisoft.com/EmsisoftEmergencyKit.zip) naar het bureaublad en pak het ZIP bestand uit.
Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"
http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK11.jpg
Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"
http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK2.jpg
Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
Herstart nu de computer.[/
planina 13 January 2012, 00:46 Hoi Rosty,
Bedankt voor de info...ik deed zoals gevraagd in stukken omdat de dieptescan veel tijd in beslag nam.
hierbij het rapport na de scan.
Emsisoft Emergency Kit - Versie 1.0
Laatste Update: 12/01/2012 6:58:41
Scaninstellingen:
Scantype: Diepe Scan
Objecten: Geheugen, Sporen, Cookies, C:\, D:\, E:\, G:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan
Scan gestart: 12/01/2012 6:59:06
c:\windows\system32\ndisapi.dll Ontdekt: Trace.File.softprodefender.com!A2
c:\documents and settings\eddegar\bureaublad\Check PC For Errors.lnk Ontdekt: Trace.File.Registry Cleaner 4.0!A2
Value: HKEY_CLASSES_ROOT\CLSID\{0AF8185C-26D7-4607-A005-7D586B750C38}\InprocServer32 --> ThreadingModel Ontdekt: Trace.Registry.Blubster!A2
Value: HKEY_CLASSES_ROOT\CLSID\{5BF31631-3D94-4267-B6F4-0CE18B008928}\InprocServer32 --> ThreadingModel Ontdekt: Trace.Registry.Blubster!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AF8185 C-26D7-4607-A005-7D586B750C38}\InprocServer32 --> ThreadingModel Ontdekt: Trace.Registry.Blubster!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BF3163 1-3D94-4267-B6F4-0CE18B008928}\InprocServer32 --> ThreadingModel Ontdekt: Trace.Registry.Blubster!A2
C:\Documents and Settings\Eddegar\Application Data\Sun\Java\Deployment\cache\6.0\63\306de57f-50fbf20e/bingo\haskalu.class Ontdekt: Exploit.Java.CVE-2010!IK
C:\Documents and Settings\Eddegar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dld odtizgubnd.jar-677ec3d8-397434e7.zip/bingo\haskalu.class Ontdekt: Exploit.Java.CVE-2010!IK
Gescand
Bestanden: 304311
Sporen: 511239
Cookies: 203
Processen: 69
Gevonden
Bestanden: 2
Sporen: 6
Cookies: 0
Processen: 0
Registersleutels: 0
Scan Geëindigd: 12/01/2012 17:19:25
Scantijd: 10:20:19
C:\Documents and Settings\Eddegar\Application Data\Sun\Java\Deployment\cache\6.0\63\306de57f-50fbf20e/bingo\haskalu.class In Quarantaine Exploit.Java.CVE-2010!IK
C:\Documents and Settings\Eddegar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dld odtizgubnd.jar-677ec3d8-397434e7.zip/bingo\haskalu.class In Quarantaine Exploit.Java.CVE-2010!IK
Value: HKEY_CLASSES_ROOT\CLSID\{0AF8185C-26D7-4607-A005-7D586B750C38}\InprocServer32 --> ThreadingModel In Quarantaine Trace.Registry.Blubster!A2
Value: HKEY_CLASSES_ROOT\CLSID\{5BF31631-3D94-4267-B6F4-0CE18B008928}\InprocServer32 --> ThreadingModel In Quarantaine Trace.Registry.Blubster!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AF8185 C-26D7-4607-A005-7D586B750C38}\InprocServer32 --> ThreadingModel In Quarantaine Trace.Registry.Blubster!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BF3163 1-3D94-4267-B6F4-0CE18B008928}\InprocServer32 --> ThreadingModel In Quarantaine Trace.Registry.Blubster!A2
c:\documents and settings\eddegar\bureaublad\Check PC For Errors.lnk In Quarantaine Trace.File.Registry Cleaner 4.0!A2
c:\windows\system32\ndisapi.dll In Quarantaine Trace.File.softprodefender.com!A2
In Quarantaine
Bestanden: 2
Sporen: 6
Cookies: 0
Na het herstarten geprobeerd of systeemherstel werkte, maar die deed het nog niet..
Mvg
Eddy
Rosty 13 January 2012, 18:41 Krijg je een bepaalde melding als je systeemherstel probeerd?
planina 14 January 2012, 08:42 Krijg je een bepaalde melding als je systeemherstel probeerd?
Goede morgen deze morgen,
De enige melding die ik krijg is het volgende.
De computer kan niet worden hersteld naar: (datum systeemherstel)
Er zijn geen wijzigingen aangebracht op de computer.
Merkwaardig is ook, dat als ik de computer uitzet en terug opstart..het nummerieke bord werd uitgeschakeld.
Groeten
Eddy
Rosty 14 January 2012, 09:15 Is er wel een herstelpunt aanwezig op die dag? Het nummerieke bord word uitgeschakeld zeg je! Kun je via software niet zien hoe dit ingesteld staat? Als je de knop NumLk indrukt werkt het wel dan?
planina 14 January 2012, 14:15 Is er wel een herstelpunt aanwezig op die dag? Het nummerieke bord word uitgeschakeld zeg je! Kun je via software niet zien hoe dit ingesteld staat? Als je de knop NumLk indrukt werkt het wel dan?
Ja hoor, als ik de toets NumLock terug indruk gaat ie weer, maar ik had het nog nooit dat ie zichzelf uitschakelde na het afzetten van de computer.
En ik ging toch wel naar een datum met een herstelpunt.
Mvg
Eddy
Rosty 14 January 2012, 15:45 Hoi probeer eens volgende: http://www.pcleek.com/tips-windows/241-systeemherstel-werkt-niet-windowsxp
planina 16 January 2012, 09:33 Hoi probeer eens volgende: http://www.pcleek.com/tips-windows/241-systeemherstel-werkt-niet-windowsxp
Hoi Rosty,
Heb ik geprobeerd..maar neen hoor, hij doet het niet.
Er gebeuren in elk geval merkwaardige dingen, mijn nummeriek toetsenbord dat zichzelf uitschakelt bij afsluiten, als ik op bepaalde links druk, bvb om een foto te vergroten krijg ik een blanco windowsscherm..ik denk dat mijn computer behekst is. ;)
Rosty 16 January 2012, 19:24 Dan gaan we verder zoeken!
Download ComboFix van één van deze locaties:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op
Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
Klik hier (http://www.bleepingcomputer.com/forums/topic114351.html)
Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap. Dubbeklik op ComboFix.exe en volg de meldingen op het scherm. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.https://vorming.minatica.be/handleiding/canned_speech/cf-rc-auto.jpg
Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:
https://vorming.minatica.be/handleiding/canned_speech/rc-auto-done.jpg
Klik op Ja om verder te gaan met het scannen naar malware.
Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
planina 16 January 2012, 21:18 Hoi Rosty,
Bedankt voor de moeite..hierbij het logbestand van combofix.
ComboFix 12-01-16.02 - Eddegar 16/01/2012 19:56:03.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2046.365 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Eddegar\Bureaublad\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\All Users\Application Data\4D
C:\Documents and Settings\All Users\Application Data\4D\EngV6Prf.RSR
C:\Documents and Settings\All Users\Application Data\4D\tcp.opt
C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\All Users\Application Data\TEMP\{889C6F39-241F-4119-8026-1B2F4A124839}\PostBuild.exe
C:\Documents and Settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.exe.lnk
C:\Documents and Settings\Eddegar\Application Data\1240408.exe
C:\Documents and Settings\Eddegar\Application Data\3314125.exe
C:\Documents and Settings\Eddegar\Application Data\4387295.exe
C:\Documents and Settings\Eddegar\Application Data\4877159.exe
C:\Documents and Settings\Eddegar\WINDOWS
C:\WINDOWS\IsUn0413.exe
C:\WINDOWS\kb913800.exe
C:\WINDOWS\system32\sysmwwod.dll
C:\WINDOWS\UA000079.DLL
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-16 to 2012-01-16 ))))))))))))))))))))))))))))))
2012-01-14 12:44:05 . 2012-01-16 12:21:04 -------- d--h--r- C:\Documents and Settings\Eddegar\Onlangs geopend
2012-01-11 13:30:13 . 2012-01-11 13:30:13 -------- d-----w- C:\Documents and Settings\Eddegar\Application Data\Sammsoft
2012-01-11 13:29:54 . 2012-01-11 13:29:56 -------- d-----w- C:\Program Files\ARO 2011
2012-01-11 05:00:28 . 2012-01-11 05:00:28 -------- d-----w- C:\Documents and Settings\Eddegar\Local Settings\Application Data\PCHealth
2012-01-08 10:50:43 . 2012-01-08 10:53:22 -------- d-----w- C:\Documents and Settings\Eddegar\Local Settings\Application Data\Nero
2012-01-08 10:46:29 . 2012-01-08 11:28:07 -------- d-----w- C:\Documents and Settings\Eddegar\Application Data\Nero
2012-01-08 10:21:35 . 2010-05-26 10:41:02 2106216 ----a-w- C:\WINDOWS\system32\D3DCompiler_43.dll
2012-01-08 10:21:32 . 2010-05-26 10:41:02 1868128 ----a-w- C:\WINDOWS\system32\d3dcsx_43.dll
2012-01-08 10:21:30 . 2010-05-26 10:41:02 248672 ----a-w- C:\WINDOWS\system32\d3dx11_43.dll
2012-01-08 10:21:25 . 2010-05-26 10:41:02 470880 ----a-w- C:\WINDOWS\system32\d3dx10_43.dll
2012-01-08 10:21:21 . 2010-05-26 10:41:02 1998168 ----a-w- C:\WINDOWS\system32\D3DX9_43.dll
2012-01-08 10:21:07 . 2009-09-04 16:29:32 1974616 ----a-w- C:\WINDOWS\system32\D3DCompiler_42.dll
2012-01-08 10:20:52 . 2009-09-04 16:29:30 1892184 ----a-w- C:\WINDOWS\system32\D3DX9_42.dll
2012-01-08 10:20:39 . 2008-10-15 05:22:52 4379984 ----a-w- C:\WINDOWS\system32\D3DX9_40.dll
2012-01-08 10:20:24 . 2007-07-19 17:14:42 3727720 ----a-w- C:\WINDOWS\system32\d3dx9_35.dll
2012-01-08 10:20:06 . 2007-05-16 15:45:16 3497832 ----a-w- C:\WINDOWS\system32\d3dx9_34.dll
2012-01-08 10:19:13 . 2012-01-08 10:19:13 -------- d-----w- C:\WINDOWS\Logs
2012-01-08 09:22:37 . 2012-01-08 09:22:37 -------- d-----w- C:\Documents and Settings\Eddegar\Application Data\ElevatedDiagnostics
2012-01-08 09:01:10 . 2007-08-31 17:36:28 36864 ----a-w- C:\WINDOWS\system32\trayicon_handler.ocx
2012-01-08 09:01:10 . 2003-01-26 12:41:24 40960 ----a-w- C:\WINDOWS\system32\ssubtmr6.dll
2012-01-01 12:16:08 . 2008-04-13 19:46:22 15232 ----a-w- C:\WINDOWS\system32\drivers\MPE.sys
2012-01-01 12:16:08 . 2008-04-13 19:46:22 15232 ----a-w- C:\WINDOWS\system32\dllcache\mpe.sys
2012-01-01 12:15:50 . 2008-04-14 18:03:22 18432 ----a-w- C:\WINDOWS\system32\BdaPlgIn.ax
2012-01-01 12:15:50 . 2008-04-13 19:46:22 11776 ----a-w- C:\WINDOWS\system32\drivers\BdaSup.sys
2012-01-01 12:15:50 . 2008-04-13 19:46:22 11776 ----a-w- C:\WINDOWS\system32\dllcache\bdasup.sys
2012-01-01 12:11:28 . 2005-06-10 02:44:02 81920 ------r- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
2012-01-01 12:11:28 . 2005-06-10 02:44:02 368640 ------r- C:\Program Files\Common Files\InstallShield\UpdateService\_isusres.dll
2012-01-01 12:11:28 . 2005-06-10 02:44:02 278528 ------r- C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe
2012-01-01 12:08:23 . 2009-09-17 15:08:24 81408 ----a-w- C:\WINDOWS\emMON.exe
2012-01-01 12:08:23 . 2009-09-17 15:01:18 579840 ----a-w- C:\WINDOWS\system32\drivers\emBDA.sys
2012-01-01 12:08:23 . 2009-09-17 15:01:16 27648 ----a-w- C:\WINDOWS\system32\drivers\emAudio.sys
2012-01-01 12:08:23 . 2009-09-17 15:01:06 113664 ----a-w- C:\WINDOWS\system32\emPRP.ax
2012-01-01 12:08:23 . 2009-09-17 15:00:38 543744 ----a-w- C:\WINDOWS\system32\drivers\emOEM.sys
2012-01-01 12:08:14 . 2012-01-01 12:08:16 -------- d-----w- C:\Program Files\USB_video_device
2012-01-01 12:08:01 . 2012-01-01 12:08:01 -------- d-----w- C:\Documents and Settings\Eddegar\Application Data\InstallShield
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
2011-12-10 14:24:06 . 2011-05-30 04:59:37 20464 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-11-25 21:57:58 . 2011-06-24 07:39:09 293888 ----a-w- C:\WINDOWS\system32\winsrv.dll
2011-11-23 14:40:48 . 2011-06-24 07:39:07 1859712 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-11-20 08:33:18 . 2011-05-30 11:54:56 414368 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-11-20 06:12:53 . 2011-06-24 07:39:16 60928 ----a-w- C:\WINDOWS\system32\packager.exe
2011-11-16 14:22:18 . 2011-06-24 07:39:47 354816 ----a-w- C:\WINDOWS\system32\winhttp.dll
2011-11-16 14:22:18 . 2011-06-24 07:39:07 152064 ----a-w- C:\WINDOWS\system32\schannel.dll
2011-11-04 19:13:23 . 2004-10-08 15:42:33 916992 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-11-04 19:13:22 . 2004-10-08 15:42:00 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-11-04 19:13:22 . 2004-10-08 15:41:58 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2011-11-04 11:25:39 . 2004-10-08 15:41:56 385024 ----a-w- C:\WINDOWS\system32\html.iec
2011-11-03 15:29:18 . 2011-06-24 07:39:15 386560 ----a-w- C:\WINDOWS\system32\qdvd.dll
2011-11-03 15:29:18 . 2011-06-24 07:39:15 1296384 ----a-w- C:\WINDOWS\system32\quartz.dll
2011-11-01 16:07:16 . 2011-06-24 07:39:17 1288192 ----a-w- C:\WINDOWS\system32\ole32.dll
2011-10-29 09:59:21 . 2011-10-29 09:59:10 69948784 ----a-w- C:\iTunesSetup.exe
2011-10-28 05:32:20 . 2011-06-24 07:39:08 33280 ----a-w- C:\WINDOWS\system32\csrsrv.dll
2011-10-26 10:50:01 . 2011-06-24 07:39:03 2153472 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe
2011-10-26 10:50:01 . 2011-06-24 07:39:03 2031616 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 22:07:38 718720]
"Garmin Lifetime Updater"="C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-07-28 07:10:48 1406824]
"Akamai NetSession Interface"="C:\Documents and Settings\Eddegar\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-12-12 22:20:56 3305760]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2010-11-23 14:05:17 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-09-02 13:00:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 13:00:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 13:00:00 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01:14 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 12:27:06 16207872]
"SkyTel"="SkyTel.EXE" [2006-05-16 16:04:26 2879488]
"DriveIcons"="C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe" [2005-12-09 18:44:20 656896]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 22:47:00 7573504]
"nwiz"="nwiz.exe" [2006-04-27 22:47:00 1519616]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-27 22:47:00 86016]
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 05:15:00 102400]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 02:44:02 81920]
"PostOOBE"="C:\WINDOWS\system32\wscript.exe" [2008-05-08 11:24:44 155648]
"PhiBtn"="C:\WINDOWS\System32\drivers\PhiBtn.exe" [2005-08-25 17:41:44 155648]
"Traymin900"="C:\WINDOWS\System32\drivers\Tray900.exe" [2005-08-25 17:41:58 266240]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 19:34:40 49152]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 08:54:08 150016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-09 12:50:23 98304]
"beid"="C:\Program Files\Belgium Identity Card\beid35gui.exe" [2011-05-23 11:36:30 2068480]
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 12:54:26 91520]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 10:55:28 937920]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 05:22:28 59240]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-10-09 16:06:40 421736]
"UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 13:27:48 36864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 17:02:53 15360]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-14 596584]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"C:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"C:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"C:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"C:\\APPS\\skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Eddegar\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [29/09/2011 6:08:21 64512]
R0 SymDS;Symantec Data Store;C:\WINDOWS\system32\drivers\NAV\1302000.00A\ symds.sys [9/11/2011 6:26:25 340088]
R0 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\system32\drivers\NAV\1302000 .00A\symefa.sys [9/11/2011 6:26:25 897656]
R1 BHDrvx86;BHDrvx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20 111223.001\BHDrvx86.sys [1/12/2011 3:25:03 820344]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\WINDOWS\system32\drivers\NAV\1302000.00 A\ccsetx86.sys [9/11/2011 6:26:19 132744]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfw tdir.sys [7/10/2009 8:18:36 35168]
R1 SymIRON;Symantec Iron Driver;C:\WINDOWS\system32\drivers\NAV\1302000.00A \ironx86.sys [9/11/2011 6:26:20 149624]
R2 Akamai;Akamai NetSession Interface;C:\WINDOWS\System32\svchost.exe -k Akamai [24/06/2011 8:39:11 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [18/08/2011 14:25:12 2152152]
R2 NAV;Norton AntiVirus;C:\Program Files\Norton AntiVirus\Engine\19.2.0.10\ccsvchst.exe [9/11/2011 6:25:46 138760]
R3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOWS\system32\drivers\camdrv41.sys [29/05/2011 19:04:03 1240576]
R3 cxbu0wdm;OMNIKEY 3x21;C:\WINDOWS\system32\drivers\cxbu0wdm.sys [25/01/2010 13:56:26 115712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [10/11/2011 6:27:20 106104]
R3 IDSxpx86;IDSxpx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\201 20113.002\IDSXpx86.sys [14/01/2012 7:57:55 356280]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys [18/08/2011 14:25:12 15232]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [9/01/2010 20:37:50 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16:28 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18/03/2010 12:16:28 130384]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [10/10/2010 5:15:16 136176]
S2 MioNet;MioNet Service;C:\Program Files\MioNet\MioNetManager.exe [15/07/2005 21:38:33 139264]
S2 SrvCDEject;SrvCDEject;C:\Program Files\Packard Bell\SrvCDEject.exe [9/11/2006 13:44:20 613376]
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [10/10/2010 5:15:16 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [12/06/2011 10:15:00 31125880]
--- Andere Services/Drivers In Geheugen ---
*NewlyCreated* - ALERTER
*Deregistered* - NDISRD
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqddsvc hpqcxs08
Akamai REG_MULTI_SZ Akamai
Inhoud van de 'Gedeelde Taken' map
2012-01-16 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 13:25:12 . 2011-10-27 04:56:34]
2012-01-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57:16 . 2011-06-01 15:57:16]
2012-01-16 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-10 04:15:16 . 2010-10-10 04:15:12]
2012-01-16 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-10 04:15:16 . 2010-10-10 04:15:12]
2012-01-16 C:\WINDOWS\Tasks\PC instellen.job
- C:\Apps\SMP\PCSETUP.EXE [2005-11-17 09:03:56 . 2005-11-17 09:03:56]
2011-12-12 C:\WINDOWS\Tasks\prismDowngrade.job
- C:\Program Files\NCH Software\Prism\prism.exe [2011-01-14 19:37:40 . 2011-07-27 10:07:58]
2011-12-21 C:\WINDOWS\Tasks\prismShakeIcon.job
- C:\Program Files\NCH Software\Prism\prism.exe [2011-01-14 19:37:40 . 2011-07-27 10:07:58]
2011-12-03 C:\WINDOWS\Tasks\switchDowngrade.job
- C:\Program Files\NCH Software\Switch\switch.exe [2011-10-23 05:28:25 . 2011-10-23 05:28:26]
2011-12-09 C:\WINDOWS\Tasks\switchShakeIcon.job
- C:\Program Files\NCH Software\Switch\switch.exe [2011-10-23 05:28:25 . 2011-10-23 05:28:26]
------- Bijkomende Scan -------
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 195.130.131.2 195.130.130.130
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20111013105747
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam.sint-niklaas.be/activex/AMC.cab
- - - - ORPHANS VERWIJDERD - - - -
Toolbar-Locked - (no file)
AddRemove-Adobe Photoshop 5.5 - C:\WINDOWS\ISUN0413.EXE
Mvg
Eddy
Rosty 16 January 2012, 23:17 Hey Eddy,
je hebt niet de volledige log van ComboFix gepost!! Ik mis namelijk volgende:
Voltooingstijd: 2011-12-17 12:03:36 - machine werd herstart
ComboFix-quarantined-files.txt 2011-12-17 11:03
ComboFix2.txt 2011-06-18 09:16
.
Pre-Run: 64.206.110.720 bytes beschikbaar
Post-Run: 64.119.017.472 bytes beschikbaar
.
- - End Of File - - DCAD43CDC707533A063262EA6D0B23EA
Kun je de log eens opnieuw posten aub?
planina 17 January 2012, 07:44 Hoi Rosty,
Sorry, hier de volledige log
ComboFix 12-01-16.05 - Eddegar 17/01/2012 6:33.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2046.1221 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Eddegar\Bureaublad\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Voorgaande Run -------
.
c:\documents and settings\All Users\Application Data\4D
c:\documents and settings\All Users\Application Data\4D\EngV6Prf.RSR
c:\documents and settings\All Users\Application Data\4D\tcp.opt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{889C6F39-241F-4119-8026-1B2F4A124839}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.exe.lnk
c:\documents and settings\Eddegar\Application Data\1240408.exe
c:\documents and settings\Eddegar\Application Data\3314125.exe
c:\documents and settings\Eddegar\Application Data\4387295.exe
c:\documents and settings\Eddegar\Application Data\4877159.exe
c:\documents and settings\Eddegar\WINDOWS
c:\windows\IsUn0413.exe
c:\windows\kb913800.exe
c:\windows\system32\sysmwwod.dll
c:\windows\UA000079.DLL
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-17 to 2012-01-17 ))))))))))))))))))))))))))))))
.
.
2012-01-14 12:44 . 2012-01-16 12:21 -------- d--h--r- c:\documents and settings\Eddegar\Onlangs geopend
2012-01-11 13:30 . 2012-01-11 13:30 -------- d-----w- c:\documents and settings\Eddegar\Application Data\Sammsoft
2012-01-11 13:29 . 2012-01-11 13:29 -------- d-----w- c:\program files\ARO 2011
2012-01-11 05:00 . 2012-01-11 05:00 -------- d-----w- c:\documents and settings\Eddegar\Local Settings\Application Data\PCHealth
2012-01-08 10:50 . 2012-01-08 10:53 -------- d-----w- c:\documents and settings\Eddegar\Local Settings\Application Data\Nero
2012-01-08 10:46 . 2012-01-08 11:28 -------- d-----w- c:\documents and settings\Eddegar\Application Data\Nero
2012-01-08 10:21 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-01-08 10:21 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-01-08 10:21 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-01-08 10:21 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-01-08 10:21 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-01-08 10:21 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-01-08 10:20 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-01-08 10:20 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-01-08 10:20 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2012-01-08 10:20 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2012-01-08 10:19 . 2012-01-08 10:19 -------- d-----w- c:\windows\Logs
2012-01-08 09:22 . 2012-01-08 09:22 -------- d-----w- c:\documents and settings\Eddegar\Application Data\ElevatedDiagnostics
2012-01-08 09:01 . 2007-08-31 17:36 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
2012-01-08 09:01 . 2003-01-26 12:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2012-01-01 12:16 . 2008-04-13 19:46 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2012-01-01 12:16 . 2008-04-13 19:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2012-01-01 12:15 . 2008-04-14 18:03 18432 ----a-w- c:\windows\system32\BdaPlgIn.ax
2012-01-01 12:15 . 2008-04-13 19:46 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2012-01-01 12:15 . 2008-04-13 19:46 11776 ----a-w- c:\windows\system32\dllcache\bdasup.sys
2012-01-01 12:11 . 2005-06-10 02:44 81920 ------r- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
2012-01-01 12:11 . 2005-06-10 02:44 368640 ------r- c:\program files\Common Files\InstallShield\UpdateService\_isusres.dll
2012-01-01 12:11 . 2005-06-10 02:44 278528 ------r- c:\program files\Common Files\InstallShield\UpdateService\ISDM.exe
2012-01-01 12:08 . 2009-09-17 15:08 81408 ----a-w- c:\windows\emMON.exe
2012-01-01 12:08 . 2009-09-17 15:01 579840 ----a-w- c:\windows\system32\drivers\emBDA.sys
2012-01-01 12:08 . 2009-09-17 15:01 27648 ----a-w- c:\windows\system32\drivers\emAudio.sys
2012-01-01 12:08 . 2009-09-17 15:01 113664 ----a-w- c:\windows\system32\emPRP.ax
2012-01-01 12:08 . 2009-09-17 15:00 543744 ----a-w- c:\windows\system32\drivers\emOEM.sys
2012-01-01 12:08 . 2012-01-01 12:08 -------- d-----w- c:\program files\USB_video_device
2012-01-01 12:08 . 2012-01-01 12:08 -------- d-----w- c:\documents and settings\Eddegar\Application Data\InstallShield
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-12-10 14:24 . 2011-05-30 04:59 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2011-06-24 07:39 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2011-06-24 07:39 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 08:33 . 2011-05-30 11:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-20 06:12 . 2011-06-24 07:39 60928 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:22 . 2011-06-24 07:39 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:22 . 2011-06-24 07:39 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:13 . 2004-10-08 15:42 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2004-10-08 15:42 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2004-10-08 15:41 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:25 . 2004-10-08 15:41 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:29 . 2011-06-24 07:39 386560 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:29 . 2011-06-24 07:39 1296384 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2011-06-24 07:39 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-29 09:59 . 2011-10-29 09:59 69948784 ----a-w- C:\iTunesSetup.exe
2011-10-28 05:32 . 2011-06-24 07:39 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2011-06-24 07:39 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2011-06-24 07:39 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-16_19.05.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-17 05:28 . 2012-01-17 05:28 16384 c:\windows\Temp\Perflib_Perfdata_768.dat
+ 2012-01-17 05:38 . 2012-01-17 05:38 16384 c:\windows\Temp\Perflib_Perfdata_4e4.dat
+ 2012-01-17 05:28 . 2012-01-17 05:28 16384 c:\windows\Temp\Perflib_Perfdata_4a8.dat
+ 2011-05-29 17:44 . 2012-01-16 19:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
- 2011-05-29 17:44 . 2012-01-16 11:06 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2011-05-29 17:44 . 2012-01-16 19:11 16384 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
- 2011-05-29 17:44 . 2012-01-16 11:06 16384 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-07-28 1406824]
"Akamai NetSession Interface"="c:\documents and settings\Eddegar\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-12-12 3305760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2010-11-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-02 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"DriveIcons"="c:\program files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe" [2005-12-09 656896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"nwiz"="nwiz.exe" [2006-04-27 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"PostOOBE"="c:\windows\system32\wscript.exe" [2008-05-08 155648]
"PhiBtn"="c:\windows\System32\drivers\PhiBtn.exe" [2005-08-25 155648]
"Traymin900"="c:\windows\System32\drivers\Tray900.exe" [2005-08-25 266240]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-09 98304]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-05-23 2068480]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-14 596584]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\APPS\\skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Eddegar\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1062:TCP"= 1062:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [29/09/2011 6:08 64512]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1302000.00A\ symds.sys [9/11/2011 6:26 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1302000 .00A\symefa.sys [9/11/2011 6:26 897656]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20 111223.001\BHDrvx86.sys [1/12/2011 3:25 820344]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1302000.00 A\ccsetx86.sys [9/11/2011 6:26 132744]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [7/10/2009 8:18 35168]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1302000.00A \ironx86.sys [9/11/2011 6:26 149624]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [24/06/2011 8:39 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/08/2011 14:25 2152152]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\19.2.0.10\ccsvchst.exe [9/11/2011 6:25 138760]
R3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [29/05/2011 19:04 1240576]
R3 cxbu0wdm;OMNIKEY 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [25/01/2010 13:56 115712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [10/11/2011 6:27 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\201 20114.005\IDSXpx86.sys [17/01/2012 6:17 356280]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [18/08/2011 14:25 15232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2010 5:15 136176]
S2 MioNet;MioNet Service;c:\program files\MioNet\MioNetManager.exe [15/07/2005 21:38 139264]
S2 SrvCDEject;SrvCDEject;c:\program files\Packard Bell\SrvCDEject.exe [9/11/2006 13:44 613376]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2010 5:15 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12/06/2011 10:15 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [9/01/2010 20:37 4640000]
.
--- Andere Services/Drivers In Geheugen ---
.
*Deregistered* - NDISRD
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqddsvc hpqcxs08
Akamai REG_MULTI_SZ Akamai
.
Inhoud van de 'Gedeelde Taken' map
.
2012-01-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 04:56]
.
2012-01-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-10 04:15]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-10 04:15]
.
2012-01-16 c:\windows\Tasks\PC instellen.job
- c:\apps\SMP\PCSETUP.EXE [2005-11-17 09:03]
.
2011-12-12 c:\windows\Tasks\prismDowngrade.job
- c:\program files\NCH Software\Prism\prism.exe [2011-01-14 10:07]
.
2011-12-21 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-01-14 10:07]
.
2011-12-03 c:\windows\Tasks\switchDowngrade.job
- c:\program files\NCH Software\Switch\switch.exe [2011-10-23 05:28]
.
2011-12-09 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Software\Switch\switch.exe [2011-10-23 05:28]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 195.130.130.130 195.130.131.130
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20111013105747
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam.sint-niklaas.be/activex/AMC.cab
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-17 06:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
************************************************** ************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N AV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.2.0.10\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.2.0.10\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A kamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(2956)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\of fice.odf
c:\progra~1\MICROS~3\Office14\1043\GrooveIntlResou rce.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2012-01-17 06:41:47
ComboFix-quarantined-files.txt 2012-01-17 05:41
.
Pre-Run: 101.223.821.312 bytes beschikbaar
Post-Run: 101.221.822.464 bytes beschikbaar
.
- - End Of File - - D102554D1F230AB0B3F59530B0277F8A
Rosty 17 January 2012, 19:35 Hoe staat het nu met de problemen?
planina 18 January 2012, 08:53 Hoe staat het nu met de problemen?
Hoi Rosty,
Nog niets beter eigenlijk, wat wel merkwaardig is, dat hij bij het aanklikken van een link zoals die van combofix in #10, enkel reageert met een leeg scherm en de vermelding ' connecting'. Maar daar blijft het bij. Ik ben dan via google naar combofix gegaan en dan ging het wel. Hij schijnt niet te reageren op onrechtsstreekse links..wat best irritant is natuurlijk.
;)
Groeten
Eddy
Rosty 18 January 2012, 22:29 We gaan Combofix eens verwijderen.
Ga naar Start - Uitvoeren
en Geef hier het volgende in: Combofix /Uninstall
Druk daarna op OK.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.
Voorbeeld:
http://home.kpn.nl/stefsmeenk/CFUninstall.PNG
Uitvoeren kan ook gestart worden door de toetsencombinatie http://home.kpn.nl/stefsmeenk/W+R.jpg
Vertel nu even of je nog problemen ondervindt?
planina 19 January 2012, 08:02 We gaan Combofix eens verwijderen.
Ga naar Start - Uitvoeren
en Geef hier het volgende in: Combofix /Uninstall
Druk daarna op OK.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.
Voorbeeld:
http://home.kpn.nl/stefsmeenk/CFUninstall.PNG
Uitvoeren kan ook gestart worden door de toetsencombinatie http://home.kpn.nl/stefsmeenk/W+R.jpg
Vertel nu even of je nog problemen ondervindt?
Hoi Rosty,
Het is pure hekserij, ik kreeg niet eens de kans combofix te verwijderen..nadat ik met m'n e-mail bezig was, bleek plots het icoon van combofix op m'n bureaublad verdwenen. Toch maar naar uitvoeren geweest en combofix/uninstall ingebracht, resultaat was dat ik de melding kreeg dat hij combofix niet kon vinden.
Dan maar terug opgestart in de hoop dat dat iets zou veranderen, maar helaas. Het is nu zelfs zo dat als ik een e-mail wil uitprinten ik daar ook dat blancoblad krijg en er gewoon niets gebeurt.
Wat een merde hé. :wall:
Groeten
Eddy
Rosty 19 January 2012, 19:46 Even advies vragen aan de collega's!!
Rosty 20 January 2012, 15:57 Ik post zo snel mogelijk terug hoor!
Rosty 20 January 2012, 17:57 Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) en plaats het op je bureaublad.
Pak de bestanden in tdsskiller.zip uit.
Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
Let op!!! Windows Vista & 7 gebruikers dienen TDSSkiller als administrator uit te voeren "Rechtermuisknop uitvoeren als",
Als er door TDSSkiller een update wordt gevonden klikt u op de knop "Load update"
http://www.malwareinfo.nl/files/screens/TDSSkiller(update).jpg
Een nieuwe versie van TDSSkiller zal nu gedownload worden en sla deze op het bureaublad op.
Start nu TDSSkiller opnieuw.
Klik op "Change parameters" en zorg dat de onderstaande opties allemaal aangevinkt zijn.
http://www.malwareinfo.nl/files/screens/TDSSkiller(opties).jpg
Klik op de knop "Start Scan" en volg de instructies.
Wanneer de scan klaar is klik je op de knop "Report".
Selecteer de inhoud (log) en plaats deze in uw volgende bericht.
Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt
Note: Indien je een waarschuwing krijgt over sptd.sys dan mag je deze 'skippen' deze hoort bij Emulatiesoftware zoals Daemon Tools.
planina 20 January 2012, 18:14 Ok Rosty,
Hierbij de log..een serieuze boterham. ;)
2012/01/20 17:11:33.0687 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2012/01/20 17:11:33.0687 ================================================== ==============================
2012/01/20 17:11:33.0687 SystemInfo:
2012/01/20 17:11:33.0687
2012/01/20 17:11:33.0687 OS Version: 5.1.2600 ServicePack: 3.0
2012/01/20 17:11:33.0687 Product type: Workstation
2012/01/20 17:11:33.0687 ComputerName: SNZ123455567896
2012/01/20 17:11:33.0687 UserName: Eddegar
2012/01/20 17:11:33.0687 Windows directory: C:\WINDOWS
2012/01/20 17:11:33.0687 System windows directory: C:\WINDOWS
2012/01/20 17:11:33.0687 Processor architecture: Intel x86
2012/01/20 17:11:33.0687 Number of processors: 2
2012/01/20 17:11:33.0687 Page size: 0x1000
2012/01/20 17:11:33.0687 Boot type: Normal boot
2012/01/20 17:11:33.0687 ================================================== ==============================
2012/01/20 17:11:34.0578 Initialize success
2012/01/20 17:11:55.0828 ================================================== ==============================
2012/01/20 17:11:55.0828 Scan started
2012/01/20 17:11:55.0828 Mode: Manual;
2012/01/20 17:11:55.0828 ================================================== ==============================
2012/01/20 17:11:57.0375 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2012/01/20 17:11:57.0468 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2012/01/20 17:11:57.0656 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
2012/01/20 17:11:57.0718 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2012/01/20 17:11:57.0812 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2012/01/20 17:11:57.0968 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
2012/01/20 17:11:58.0046 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2012/01/20 17:11:58.0156 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2012/01/20 17:11:58.0234 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2012/01/20 17:11:58.0390 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2012/01/20 17:11:58.0484 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2012/01/20 17:11:58.0703 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2012/01/20 17:11:58.0765 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2012/01/20 17:11:58.0984 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2012/01/20 17:11:59.0093 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2012/01/20 17:11:59.0203 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2012/01/20 17:11:59.0250 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2012/01/20 17:11:59.0296 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2012/01/20 17:11:59.0390 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2012/01/20 17:11:59.0640 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2012/01/20 17:11:59.0718 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2012/01/20 17:11:59.0875 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2012/01/20 17:12:00.0031 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2012/01/20 17:12:00.0140 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2012/01/20 17:12:00.0343 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20 111223.001\BHDrvx86.sys
2012/01/20 17:12:00.0640 btaudio (faba1418646a2b433c0bded6ff92d2fa) C:\WINDOWS\system32\drivers\btaudio.sys
2012/01/20 17:12:00.0718 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
2012/01/20 17:12:00.0812 BTKRNL (aef038061bc1cafb4865d43a85beb1a1) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2012/01/20 17:12:00.0968 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2012/01/20 17:12:01.0062 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2012/01/20 17:12:01.0140 btwmodem (5922bae0cd84924b9cd7e6bb515ee070) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2012/01/20 17:12:01.0312 BTWUSB (179a37c86fd2b9cc28eb93d093d394c7) C:\WINDOWS\system32\Drivers\btwusb.sys
2012/01/20 17:12:01.0421 camvid40 (275c2928d4333f29e8a654869072a61b) C:\WINDOWS\system32\DRIVERS\camdrv41.sys
2012/01/20 17:12:01.0812 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2012/01/20 17:12:01.0890 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2012/01/20 17:12:02.0015 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2012/01/20 17:12:02.0156 ccSet_NAV (2b2f9b4a08190334a9c36446b208bae9) C:\WINDOWS\system32\drivers\NAV\1302000.00A\ccSetx 86.sys
2012/01/20 17:12:02.0234 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2012/01/20 17:12:02.0328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2012/01/20 17:12:02.0406 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2012/01/20 17:12:02.0500 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2012/01/20 17:12:02.0906 CmdIde (026ba1f2d9c9f742ec3823d0214cd67c) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2012/01/20 17:12:03.0046 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2012/01/20 17:12:03.0234 cxbu0wdm (0a33faf49af96d5b220d86ac784d0869) C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys
2012/01/20 17:12:03.0421 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2012/01/20 17:12:03.0484 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2012/01/20 17:12:03.0703 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2012/01/20 17:12:03.0906 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
2012/01/20 17:12:04.0109 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
2012/01/20 17:12:04.0250 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2012/01/20 17:12:04.0421 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2012/01/20 17:12:04.0609 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2012/01/20 17:12:04.0671 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2012/01/20 17:12:04.0796 eamon (a777d095402b31b0aafe7f19c89fb3a1) C:\WINDOWS\system32\DRIVERS\eamon.sys
2012/01/20 17:12:04.0953 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2012/01/20 17:12:05.0203 emAudio (81961b16a766c337389041b8804ba959) C:\WINDOWS\system32\drivers\emAudio.sys
2012/01/20 17:12:05.0265 epfwtdir (bb2e195088af3f6091ef9f8e42f0581f) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2012/01/20 17:12:05.0421 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2012/01/20 17:12:05.0656 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2012/01/20 17:12:05.0734 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2012/01/20 17:12:05.0843 FETND5BV (fc3b2083e1fffc2bf6a3cd688dc728c8) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2012/01/20 17:12:05.0984 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
2012/01/20 17:12:06.0062 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2012/01/20 17:12:06.0187 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2012/01/20 17:12:06.0281 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2012/01/20 17:12:06.0343 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2012/01/20 17:12:06.0406 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2012/01/20 17:12:06.0578 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2012/01/20 17:12:06.0781 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2012/01/20 17:12:06.0968 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2012/01/20 17:12:07.0062 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2012/01/20 17:12:07.0187 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2012/01/20 17:12:07.0390 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2012/01/20 17:12:07.0437 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2012/01/20 17:12:07.0609 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2012/01/20 17:12:07.0828 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\201 20119.006\IDSxpx86.sys
2012/01/20 17:12:08.0000 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2012/01/20 17:12:08.0109 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2012/01/20 17:12:08.0328 IntcAzAudAddService (fa9a9468f982835e99c1ec21257f7e60) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2012/01/20 17:12:09.0812 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys
2012/01/20 17:12:10.0125 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2012/01/20 17:12:10.0625 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2012/01/20 17:12:11.0000 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2012/01/20 17:12:11.0062 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2012/01/20 17:12:11.0125 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2012/01/20 17:12:11.0203 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2012/01/20 17:12:11.0375 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2012/01/20 17:12:11.0609 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2012/01/20 17:12:11.0750 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2012/01/20 17:12:11.0812 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2012/01/20 17:12:11.0890 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2012/01/20 17:12:12.0078 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2012/01/20 17:12:12.0234 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2012/01/20 17:12:12.0421 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2012/01/20 17:12:12.0671 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2012/01/20 17:12:12.0828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2012/01/20 17:12:12.0921 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
2012/01/20 17:12:13.0031 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2012/01/20 17:12:13.0109 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2012/01/20 17:12:13.0187 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2012/01/20 17:12:13.0281 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2012/01/20 17:12:13.0343 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2012/01/20 17:12:13.0406 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2012/01/20 17:12:13.0640 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2012/01/20 17:12:13.0734 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2012/01/20 17:12:13.0921 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2012/01/20 17:12:14.0015 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2012/01/20 17:12:14.0125 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2012/01/20 17:12:14.0171 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2012/01/20 17:12:14.0218 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2012/01/20 17:12:14.0343 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2012/01/20 17:12:14.0453 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2012/01/20 17:12:14.0703 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\2 0120119.035\NAVENG.SYS
2012/01/20 17:12:14.0796 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\2 0120119.035\NAVEX15.SYS
2012/01/20 17:12:14.0984 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2012/01/20 17:12:15.0109 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2012/01/20 17:12:15.0171 NDISRD (31c97e19ad9bb0030349e55d42d5e5d1) C:\WINDOWS\system32\drivers\NDISRD.sys
2012/01/20 17:12:15.0250 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2012/01/20 17:12:15.0328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2012/01/20 17:12:15.0453 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2012/01/20 17:12:15.0562 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2012/01/20 17:12:15.0718 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2012/01/20 17:12:15.0765 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2012/01/20 17:12:15.0984 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2012/01/20 17:12:16.0187 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2012/01/20 17:12:16.0234 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2012/01/20 17:12:16.0468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2012/01/20 17:12:16.0593 nv (dc0b33c6c7321714be4e6c1a005a75d9) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2012/01/20 17:12:16.0906 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2012/01/20 17:12:17.0015 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2012/01/20 17:12:17.0156 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2012/01/20 17:12:17.0390 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
2012/01/20 17:12:17.0453 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2012/01/20 17:12:17.0531 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
2012/01/20 17:12:17.0609 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
2012/01/20 17:12:17.0890 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
2012/01/20 17:12:17.0953 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
2012/01/20 17:12:18.0468 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2012/01/20 17:12:18.0500 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2012/01/20 17:12:18.0703 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2012/01/20 17:12:18.0750 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys
2012/01/20 17:12:18.0906 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2012/01/20 17:12:18.0968 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2012/01/20 17:12:19.0187 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2012/01/20 17:12:19.0234 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2012/01/20 17:12:19.0421 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2012/01/20 17:12:19.0546 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2012/01/20 17:12:19.0765 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2012/01/20 17:12:19.0812 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2012/01/20 17:12:19.0953 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2012/01/20 17:12:20.0093 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2012/01/20 17:12:20.0296 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2012/01/20 17:12:20.0359 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2012/01/20 17:12:20.0484 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2012/01/20 17:12:20.0546 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2012/01/20 17:12:20.0750 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2012/01/20 17:12:20.0859 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2012/01/20 17:12:20.0968 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
2012/01/20 17:12:21.0187 RTSTOR (a7659b06c6c31e754a2a1323e3ab7f6a) C:\WINDOWS\system32\drivers\RTSTOR.SYS
2012/01/20 17:12:21.0359 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2012/01/20 17:12:21.0546 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys
2012/01/20 17:12:21.0859 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2012/01/20 17:12:22.0078 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2012/01/20 17:12:22.0187 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2012/01/20 17:12:22.0328 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2012/01/20 17:12:22.0406 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2012/01/20 17:12:22.0578 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
2012/01/20 17:12:22.0765 SRTSP (2c5fbf6a00a4a3dcf643e46e8acb20c2) C:\WINDOWS\System32\Drivers\NAV\1302000.00A\SRTSP. SYS
2012/01/20 17:12:22.0953 SRTSPX (9034ea58552b55f370e5293a7175c5ac) C:\WINDOWS\system32\drivers\NAV\1302000.00A\SRTSPX .SYS
2012/01/20 17:12:23.0109 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2012/01/20 17:12:23.0250 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
2012/01/20 17:12:23.0453 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2012/01/20 17:12:23.0562 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2012/01/20 17:12:23.0687 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2012/01/20 17:12:23.0890 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2012/01/20 17:12:23.0953 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2012/01/20 17:12:24.0078 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NAV\1302000.00A\SYMDS. SYS
2012/01/20 17:12:24.0281 SymEFA (fc6d4a81b3611693f4e14e75908b6767) C:\WINDOWS\system32\drivers\NAV\1302000.00A\SYMEFA .SYS
2012/01/20 17:12:24.0406 SymEvent (98d28d08e68145fb550ee7670b43baf2) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2012/01/20 17:12:24.0562 SymIRON (39c35ddbb570e9f334f239248e4de34d) C:\WINDOWS\system32\drivers\NAV\1302000.00A\Ironx8 6.SYS
2012/01/20 17:12:24.0625 SYMTDI (aaae36e8235dab7da8a64bd10de281e5) C:\WINDOWS\System32\Drivers\NAV\1302000.00A\SYMTDI .SYS
2012/01/20 17:12:24.0828 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2012/01/20 17:12:24.0937 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2012/01/20 17:12:25.0062 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2012/01/20 17:12:25.0218 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2012/01/20 17:12:25.0359 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2012/01/20 17:12:25.0437 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2012/01/20 17:12:25.0593 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2012/01/20 17:12:25.0828 TosIde (5bc2144ab4f6090f12e49e9648b5a702) C:\WINDOWS\system32\DRIVERS\toside.sys
2012/01/20 17:12:25.0953 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2012/01/20 17:12:26.0093 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2012/01/20 17:12:26.0203 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2012/01/20 17:12:26.0375 USB28xxBGA (75860c1e8f36d13a96a8cb426e4c18ae) C:\WINDOWS\system32\DRIVERS\emBDA.sys
2012/01/20 17:12:26.0453 USB28xxOEM (a8ffe391c198f86392eaf7ab8b9baab2) C:\WINDOWS\system32\DRIVERS\emOEM.sys
2012/01/20 17:12:26.0609 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2012/01/20 17:12:26.0703 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2012/01/20 17:12:26.0843 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2012/01/20 17:12:26.0984 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2012/01/20 17:12:27.0062 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2012/01/20 17:12:27.0140 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2012/01/20 17:12:27.0234 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2012/01/20 17:12:27.0343 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2012/01/20 17:12:27.0453 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2012/01/20 17:12:27.0515 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2012/01/20 17:12:27.0609 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2012/01/20 17:12:27.0734 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2012/01/20 17:12:27.0796 ViaIde (a5d8b6c8d43786d4215c1df6fab0aae0) C:\WINDOWS\system32\DRIVERS\viaidexp.sys
2012/01/20 17:12:28.0015 viamraid (fbf18f9f5fb852c2976723587b44f346) C:\WINDOWS\system32\DRIVERS\viamraid.sys
2012/01/20 17:12:28.0093 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
2012/01/20 17:12:28.0312 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2012/01/20 17:12:28.0468 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2012/01/20 17:12:28.0796 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2012/01/20 17:12:28.0968 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2012/01/20 17:12:29.0078 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2012/01/20 17:12:29.0171 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2012/01/20 17:12:29.0515 ================================================== ==============================
2012/01/20 17:12:29.0515 Scan finished
2012/01/20 17:12:29.0515 ================================================== ==============================
Rosty 20 January 2012, 19:52 Dit is niet de volledige log hoor!
planina 21 January 2012, 10:32 2012/01/21 09:30:23.0508 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2012/01/21 09:30:23.0508 ================================================== ==============================
2012/01/21 09:30:23.0508 SystemInfo:
2012/01/21 09:30:23.0508
2012/01/21 09:30:23.0508 OS Version: 5.1.2600 ServicePack: 3.0
2012/01/21 09:30:23.0508 Product type: Workstation
2012/01/21 09:30:23.0508 ComputerName: SNZ123455567896
2012/01/21 09:30:23.0508 UserName: Eddegar
2012/01/21 09:30:23.0508 Windows directory: C:\WINDOWS
2012/01/21 09:30:23.0508 System windows directory: C:\WINDOWS
2012/01/21 09:30:23.0508 Processor architecture: Intel x86
2012/01/21 09:30:23.0508 Number of processors: 2
2012/01/21 09:30:23.0508 Page size: 0x1000
2012/01/21 09:30:23.0508 Boot type: Normal boot
2012/01/21 09:30:23.0508 ================================================== ==============================
2012/01/21 09:30:27.0789 Initialize success
2012/01/21 09:30:33.0616 ================================================== ==============================
2012/01/21 09:30:33.0616 Scan started
2012/01/21 09:30:33.0616 Mode: Manual;
2012/01/21 09:30:33.0616 ================================================== ==============================
2012/01/21 09:30:35.0538 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2012/01/21 09:30:35.0663 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2012/01/21 09:30:35.0850 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
2012/01/21 09:30:35.0991 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2012/01/21 09:30:36.0147 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2012/01/21 09:30:36.0303 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
2012/01/21 09:30:36.0428 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2012/01/21 09:30:36.0491 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2012/01/21 09:30:36.0647 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2012/01/21 09:30:36.0725 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2012/01/21 09:30:36.0835 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2012/01/21 09:30:37.0022 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2012/01/21 09:30:37.0210 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2012/01/21 09:30:37.0303 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2012/01/21 09:30:37.0475 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2012/01/21 09:30:37.0647 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2012/01/21 09:30:37.0694 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2012/01/21 09:30:37.0741 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2012/01/21 09:30:37.0928 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2012/01/21 09:30:38.0069 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2012/01/21 09:30:38.0194 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2012/01/21 09:30:38.0350 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2012/01/21 09:30:38.0491 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2012/01/21 09:30:38.0663 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2012/01/21 09:30:38.0866 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20 111223.001\BHDrvx86.sys
2012/01/21 09:30:39.0163 btaudio (faba1418646a2b433c0bded6ff92d2fa) C:\WINDOWS\system32\drivers\btaudio.sys
2012/01/21 09:30:39.0256 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
2012/01/21 09:30:39.0397 BTKRNL (aef038061bc1cafb4865d43a85beb1a1) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2012/01/21 09:30:39.0522 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2012/01/21 09:30:39.0647 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2012/01/21 09:30:39.0694 btwmodem (5922bae0cd84924b9cd7e6bb515ee070) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2012/01/21 09:30:39.0897 BTWUSB (179a37c86fd2b9cc28eb93d093d394c7) C:\WINDOWS\system32\Drivers\btwusb.sys
2012/01/21 09:30:39.0991 camvid40 (275c2928d4333f29e8a654869072a61b) C:\WINDOWS\system32\DRIVERS\camdrv41.sys
2012/01/21 09:30:40.0397 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2012/01/21 09:30:40.0475 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2012/01/21 09:30:40.0553 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2012/01/21 09:30:40.0756 ccSet_NAV (2b2f9b4a08190334a9c36446b208bae9) C:\WINDOWS\system32\drivers\NAV\1302000.00A\ccSetx 86.sys
2012/01/21 09:30:40.0850 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2012/01/21 09:30:40.0897 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2012/01/21 09:30:41.0100 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2012/01/21 09:30:41.0162 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2012/01/21 09:30:41.0584 CmdIde (026ba1f2d9c9f742ec3823d0214cd67c) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2012/01/21 09:30:41.0678 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2012/01/21 09:30:41.0897 cxbu0wdm (0a33faf49af96d5b220d86ac784d0869) C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys
2012/01/21 09:30:42.0037 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2012/01/21 09:30:42.0147 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2012/01/21 09:30:42.0334 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2012/01/21 09:30:42.0490 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
2012/01/21 09:30:42.0662 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
2012/01/21 09:30:42.0818 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2012/01/21 09:30:42.0912 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2012/01/21 09:30:43.0068 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2012/01/21 09:30:43.0131 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2012/01/21 09:30:43.0225 eamon (a777d095402b31b0aafe7f19c89fb3a1) C:\WINDOWS\system32\DRIVERS\eamon.sys
2012/01/21 09:30:43.0397 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2012/01/21 09:30:43.0600 emAudio (81961b16a766c337389041b8804ba959) C:\WINDOWS\system32\drivers\emAudio.sys
2012/01/21 09:30:43.0678 epfwtdir (bb2e195088af3f6091ef9f8e42f0581f) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2012/01/21 09:30:43.0834 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2012/01/21 09:30:44.0068 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2012/01/21 09:30:44.0146 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2012/01/21 09:30:44.0240 FETND5BV (fc3b2083e1fffc2bf6a3cd688dc728c8) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2012/01/21 09:30:44.0334 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
2012/01/21 09:30:44.0428 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2012/01/21 09:30:44.0568 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2012/01/21 09:30:44.0771 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2012/01/21 09:30:44.0834 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2012/01/21 09:30:44.0928 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2012/01/21 09:30:45.0053 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2012/01/21 09:30:45.0240 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2012/01/21 09:30:45.0396 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2012/01/21 09:30:45.0521 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2012/01/21 09:30:45.0740 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2012/01/21 09:30:45.0865 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2012/01/21 09:30:45.0912 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2012/01/21 09:30:46.0053 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2012/01/21 09:30:46.0303 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\201 20120.002\IDSxpx86.sys
2012/01/21 09:30:46.0490 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2012/01/21 09:30:46.0584 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2012/01/21 09:30:46.0865 IntcAzAudAddService (fa9a9468f982835e99c1ec21257f7e60) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2012/01/21 09:30:47.0162 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys
2012/01/21 09:30:47.0240 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2012/01/21 09:30:47.0302 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2012/01/21 09:30:47.0427 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2012/01/21 09:30:47.0521 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2012/01/21 09:30:47.0599 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2012/01/21 09:30:47.0756 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2012/01/21 09:30:47.0818 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2012/01/21 09:30:48.0021 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2012/01/21 09:30:48.0240 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2012/01/21 09:30:48.0302 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2012/01/21 09:30:48.0459 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2012/01/21 09:30:48.0537 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2012/01/21 09:30:48.0709 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2012/01/21 09:30:48.0896 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2012/01/21 09:30:49.0130 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2012/01/21 09:30:49.0334 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2012/01/21 09:30:49.0474 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
2012/01/21 09:30:49.0646 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2012/01/21 09:30:49.0771 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2012/01/21 09:30:49.0896 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2012/01/21 09:30:49.0990 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2012/01/21 09:30:50.0083 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2012/01/21 09:30:50.0193 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2012/01/21 09:30:50.0365 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2012/01/21 09:30:50.0505 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2012/01/21 09:30:50.0662 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2012/01/21 09:30:50.0787 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2012/01/21 09:30:50.0974 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2012/01/21 09:30:51.0052 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2012/01/21 09:30:51.0146 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2012/01/21 09:30:51.0302 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2012/01/21 09:30:51.0474 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2012/01/21 09:30:51.0708 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\2 0120120.019\NAVENG.SYS
2012/01/21 09:30:51.0802 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\2 0120120.019\NAVEX15.SYS
2012/01/21 09:30:52.0036 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2012/01/21 09:30:52.0083 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2012/01/21 09:30:52.0193 NDISRD (31c97e19ad9bb0030349e55d42d5e5d1) C:\WINDOWS\system32\drivers\NDISRD.sys
2012/01/21 09:30:52.0333 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2012/01/21 09:30:52.0427 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2012/01/21 09:30:52.0552 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2012/01/21 09:30:52.0677 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2012/01/21 09:30:52.0739 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2012/01/21 09:30:52.0833 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2012/01/21 09:30:53.0083 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2012/01/21 09:30:53.0333 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2012/01/21 09:30:53.0396 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2012/01/21 09:30:53.0646 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2012/01/21 09:30:53.0771 nv (dc0b33c6c7321714be4e6c1a005a75d9) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2012/01/21 09:30:54.0067 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2012/01/21 09:30:54.0146 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2012/01/21 09:30:54.0286 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2012/01/21 09:30:54.0474 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
2012/01/21 09:30:54.0599 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2012/01/21 09:30:54.0724 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
2012/01/21 09:30:54.0817 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
2012/01/21 09:30:55.0021 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
2012/01/21 09:30:55.0099 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
2012/01/21 09:30:55.0552 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2012/01/21 09:30:55.0645 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2012/01/21 09:30:55.0942 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2012/01/21 09:30:56.0020 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys
2012/01/21 09:30:56.0161 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2012/01/21 09:30:56.0192 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2012/01/21 09:30:56.0349 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2012/01/21 09:30:56.0411 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2012/01/21 09:30:56.0489 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2012/01/21 09:30:56.0645 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2012/01/21 09:30:56.0833 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2012/01/21 09:30:56.0895 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2012/01/21 09:30:57.0083 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2012/01/21 09:30:57.0223 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2012/01/21 09:30:57.0348 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2012/01/21 09:30:57.0552 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2012/01/21 09:30:57.0630 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2012/01/21 09:30:57.0770 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2012/01/21 09:30:57.0895 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2012/01/21 09:30:58.0083 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2012/01/21 09:30:58.0270 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
2012/01/21 09:30:58.0567 RTSTOR (a7659b06c6c31e754a2a1323e3ab7f6a) C:\WINDOWS\system32\drivers\RTSTOR.SYS
2012/01/21 09:30:58.0708 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2012/01/21 09:30:58.0848 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys
2012/01/21 09:30:59.0067 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2012/01/21 09:30:59.0379 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2012/01/21 09:30:59.0536 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2012/01/21 09:30:59.0645 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2012/01/21 09:30:59.0708 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2012/01/21 09:30:59.0911 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
2012/01/21 09:31:00.0083 SRTSP (2c5fbf6a00a4a3dcf643e46e8acb20c2) C:\WINDOWS\System32\Drivers\NAV\1302000.00A\SRTSP. SYS
2012/01/21 09:31:00.0145 SRTSPX (9034ea58552b55f370e5293a7175c5ac) C:\WINDOWS\system32\drivers\NAV\1302000.00A\SRTSPX .SYS
2012/01/21 09:31:00.0270 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2012/01/21 09:31:00.0458 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
2012/01/21 09:31:00.0661 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2012/01/21 09:31:00.0723 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2012/01/21 09:31:00.0817 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2012/01/21 09:31:01.0020 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2012/01/21 09:31:01.0067 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2012/01/21 09:31:01.0270 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NAV\1302000.00A\SYMDS. SYS
2012/01/21 09:31:01.0473 SymEFA (fc6d4a81b3611693f4e14e75908b6767) C:\WINDOWS\system32\drivers\NAV\1302000.00A\SYMEFA .SYS
2012/01/21 09:31:01.0567 SymEvent (98d28d08e68145fb550ee7670b43baf2) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2012/01/21 09:31:01.0707 SymIRON (39c35ddbb570e9f334f239248e4de34d) C:\WINDOWS\system32\drivers\NAV\1302000.00A\Ironx8 6.SYS
2012/01/21 09:31:01.0848 SYMTDI (aaae36e8235dab7da8a64bd10de281e5) C:\WINDOWS\System32\Drivers\NAV\1302000.00A\SYMTDI .SYS
2012/01/21 09:31:01.0926 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2012/01/21 09:31:01.0957 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2012/01/21 09:31:02.0145 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2012/01/21 09:31:02.0364 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2012/01/21 09:31:02.0520 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2012/01/21 09:31:02.0645 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2012/01/21 09:31:02.0692 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2012/01/21 09:31:02.0895 TosIde (5bc2144ab4f6090f12e49e9648b5a702) C:\WINDOWS\system32\DRIVERS\toside.sys
2012/01/21 09:31:03.0051 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2012/01/21 09:31:03.0254 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2012/01/21 09:31:03.0348 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2012/01/21 09:31:03.0551 USB28xxBGA (75860c1e8f36d13a96a8cb426e4c18ae) C:\WINDOWS\system32\DRIVERS\emBDA.sys
2012/01/21 09:31:03.0645 USB28xxOEM (a8ffe391c198f86392eaf7ab8b9baab2) C:\WINDOWS\system32\DRIVERS\emOEM.sys
2012/01/21 09:31:03.0738 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2012/01/21 09:31:03.0832 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2012/01/21 09:31:03.0926 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2012/01/21 09:31:04.0129 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2012/01/21 09:31:04.0207 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2012/01/21 09:31:04.0332 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2012/01/21 09:31:04.0473 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2012/01/21 09:31:04.0613 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2012/01/21 09:31:04.0676 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2012/01/21 09:31:04.0738 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2012/01/21 09:31:04.0863 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2012/01/21 09:31:04.0957 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2012/01/21 09:31:05.0035 ViaIde (a5d8b6c8d43786d4215c1df6fab0aae0) C:\WINDOWS\system32\DRIVERS\viaidexp.sys
2012/01/21 09:31:05.0191 viamraid (fbf18f9f5fb852c2976723587b44f346) C:\WINDOWS\system32\DRIVERS\viamraid.sys
2012/01/21 09:31:05.0316 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
2012/01/21 09:31:05.0582 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2012/01/21 09:31:05.0707 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2012/01/21 09:31:06.0066 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2012/01/21 09:31:06.0207 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2012/01/21 09:31:06.0394 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2012/01/21 09:31:06.0613 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2012/01/21 09:31:06.0957 ================================================== ==============================
2012/01/21 09:31:06.0957 Scan finished
2012/01/21 09:31:06.0957 ================================================== ==============================
planina 21 January 2012, 10:34 Hoy Rosty
Als ik het log volledig knip en plak krijg ik dit, erbij zeggen dat na de scan ik de melding kreeg dat er geen bedreigingen werden gevonden.
Ik weet niet of het belangrijk is, maar boven in mijn toolbars zie ik iets staan van Bing.
In de zoek bar staat het volgende .
http://support.google.com/toolbar/bin/request.py?hl=nl&contact_type=disable
Wat komt die Bing er eigenlijk doen?
Mvg
Eddy
Rosty 21 January 2012, 11:30 Gebruik jij incredimail als mail programma? Of heb je iets geinstaleerd die Bing mee instaleert!!
planina 21 January 2012, 15:10 Gebruik jij incredimail als mail programma? Of heb je iets geinstaleerd die Bing mee instaleert!!
Hoy Rosty,
Ik gebruik webmail van Telenet. Maar ik had wel opgemerkt dat er iets gebeurd is tijdens het behandelen van mijn e-mail. In dit geval dus het plotse verdwijnen van de icoon van combofix.
Zowel de icoon als het programma was plotseling spoorloos verdwenen.
Rosty 21 January 2012, 23:59 Hoy Rosty,
Ik gebruik webmail van Telenet. Maar ik had wel opgemerkt dat er iets gebeurd is tijdens het behandelen van mijn e-mail. In dit geval dus het plotse verdwijnen van de icoon van combofix.
Zowel de icoon als het programma was plotseling spoorloos verdwenen.
Dus je hebt geen apart mailprogramma?
planina 22 January 2012, 07:31 Dus je hebt geen apart mailprogramma?
Ik gebruik ook g.mail.
Groeten
Rosty 22 January 2012, 09:57 Download Sophos Anti-rootkit (http://www.sophos.com/support/cleaners/sarsfx.exe) (mirror (http://www.majorgeeks.com/Sophos_Anti-Rootkit_d5238.html)) naar het bureaublad.
Belangrijk!!!
1. Schakel uw gebruikte beveiligingssoftware (http://www.bleepingcomputer.com/forums/topic114351.html) uit.
2. Verbreek de internet verbinding door de netwerk kabel uit de computer te halen.
Dubbelklik op "sarsfx.exe" om de installatie te starten.
Klik op "Accept" om akkoord te gaan met de licentievoorwaarden.
Installeer het programma op de standaard locatie C:\Program Files\Sophos\Sophos Anti-Rootkit.
Als de installatie gereed is krijg u deze melding te zien "Sophos Anti-Rootkit was successfully installed."
Klik nu op "Yes" om het programma te starten.
De onderstaande 3 opties moeten aangevinkt zijn.
Running processes
Windows Registry
Local hard drives
Klik nu op "Start scan"
Doe tijdens de scan verder niets op de computer.
Als de scan compleet is komt er een popup met de "Rootkit Scan Results"
Klik hier op "Ok" om door te gaan.
Info:
Door het klikken op een 'item' word er in het onderste venster meer informatie getoond.
Files tagged as Removable: No are not marked for removal and cannot be removed.
Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
Selecteer alle items "recommended for removal", en klik dan op "Clean up checked items"
Wanneer de tool gereed is klikt u op "restart now"
Na de reboot verschijnt er een venster met de files die verwijderd zijn.
Klik nu op "empty list" en dan op "continue" om het systeem voor een tweede keer te scannen om te kijken of alles wel degelijk is verwijderd.
Als de scan gereed is gaat u naar start>uitvoeren of kopieert en plakt u het onderstaande blauw gedrukte commando in het zoekvenster van het startmenu gevolgd door enter.
%temp%\sarscan.log
De logfile van de scan word nu geopend plaats de inhoud hiervan in uw volgende bericht.
planina 22 January 2012, 15:10 Hoi Rosty
Sophos gestart en laten scannen zoals beschreven, maar er waren geen files tussen ' recommanded for removal'.
Enkel 'unknown hidden files... removable? Yes....(but clean up not recommended for this files)
Dan stopt het ook aangezien Clean up checked niet hoefde te gebeuren en ik enkel terug naar Back kon gaan.
Wel best een moeilijk geval den deze hé. ;)
Groeten
Eddy
Rosty 23 January 2012, 22:40 Je print dit best even uit!!
Doe even volgende: in veilige modus ga je naar -> Start -> Uitvoeren: %systemroot%\system32\restore\rstrui.exe in te tikken en op OK klikken.
Hoe start je op in veilige modus:
Methode 1:
Sluit alle programma's af.
Ga naar Start - Uitvoeren en tik in: msconfig en druk op "Enter".
In het scherm dat verschijnt klik je op het tabblad "Boot.ini"
Bij "Opstartopties" zet je een vinkje bij de regel "/safeboot".
Klik op "OK".
Start de computer opnieuw.
De pc zal opstarten in veilige modus. Dit kan enige minuten duren.
Wil je de computer opnieuw starten in gewone windows modus, dan haal je het vinkje terug weg bij de regel "/safeboot".
Methode 2:
Start de computer opnieuw.
Tijdens het opstarten hou je de F8-toets ingedrukt tot het opstartmenu verschijnt.
In dit menu kies je de optie "Veilige modus".
Note: (De F8-methode is alleen van toepassing als Windows XP het enige besturingssysteem is op de computer.)
planina 24 January 2012, 08:07 Je print dit best even uit!!
Doe even volgende: in veilige modus ga je naar -> Start -> Uitvoeren: %systemroot%\system32\restore\rstrui.exe in te tikken en op OK klikken.
Hoe start je op in veilige modus:
Methode 1:
Sluit alle programma's af.
Ga naar Start - Uitvoeren en tik in: msconfig en druk op "Enter".
In het scherm dat verschijnt klik je op het tabblad "Boot.ini"
Bij "Opstartopties" zet je een vinkje bij de regel "/safeboot".
Klik op "OK".
Start de computer opnieuw.
De pc zal opstarten in veilige modus. Dit kan enige minuten duren.
Wil je de computer opnieuw starten in gewone windows modus, dan haal je het vinkje terug weg bij de regel "/safeboot".
Methode 2:
Start de computer opnieuw.
Tijdens het opstarten hou je de F8-toets ingedrukt tot het opstartmenu verschijnt.
In dit menu kies je de optie "Veilige modus".
Note: (De F8-methode is alleen van toepassing als Windows XP het enige besturingssysteem is op de computer.)
Hoi Rosty,
Bedankt voor alle moeite, maar merkwaardig genoeg schijnt zelfs opstarten in veilige modus niet mogelijk bij geen van beide methoden.
Bij methode 1 geraak in tot "Boot.ini", maar de mogelijkheid om een vinkje te zetten bij "safeboot" is er niet..dat staat allemaal in 't grijs.
Bij methode 2 bij indrukken van F8 laat ie eerst de keuze tussen HD en exterior disk..dan gaat ie naar een ander scherm waar normaal gezien ook de keuze mogelijk moet zijn om in veilige modus te starten, dat scherm komt en verdwijnt zo snel dat ik het niet eens duidelijk kan lezen en hij start dan normaal weer op.
Ik denk dat de tijd rijp is om de hele boel eens terug in maagdelijke toestand te zetten..daar gaat 'n zaterdag. ;)
Groetjes
Eddy
Rosty 24 January 2012, 19:50 Hoi Rosty,
Bedankt voor alle moeite,
Graag gedaan hoor!
Ik denk dat de tijd rijp is om de hele boel eens terug in maagdelijke toestand te zetten..daar gaat 'n zaterdag. ;)
Groetjes
Eddy
Jammer dat ik je niet beter van dienst kon zijn!:frown:
planina 25 January 2012, 00:01 Graag gedaan hoor!
Jammer dat ik je niet beter van dienst kon zijn!:frown:
Je deed je uiterste best..maar soms is het een wirwar van je welste.
Het kan in een klein hoekje liggen, maar de vraag is..in welk hoekje.
Toch bedankt voor je hulpzaamheid..en wie weet..tot later.
Eddy. ;)
|