Volledige versie bekijken : problemen met Google in IE8
Gilberto 9 February 2012, 17:37 sedert een tijdje kan ik niet meer via een link van Google op een andere site geraken, als ik de link kopieër en plak in de adresbalk van IE, dan lukt het wel
wil iemand eens mijn logje nazien aub
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:32:30, on 9/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PskSvc.exe
C:\WINDOWS\system32\svchost.exe
D:\Mijn documenten\TomTom HOME 2\TomTomHOMEService.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2011\WebProxy.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\pavsrvx86.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\APVXDWIN.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Mijn documenten\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\Iface.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PAVJOBS.EXE
C:\Program Files\hijac this\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.nl/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2011\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2011\Inicio.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Mijn documenten\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Carine Mattheus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2011\pavsrvx86.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PskSvc.exe
O23 - Service: TomTomHOMEService - TomTom - D:\Mijn documenten\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2011\TPSrv.exe
--
End of file - 9996 bytes
EvelineGirl 10 February 2012, 11:25 Hallo,
1.
Download MalwareBytes' Anti-Malware (http://www.malwarebytes.org/mbam/program/mbam-setup.exe) en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg dat er na de installatie een vinkje is geplaatst bij:
Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
Bij problemen!!! (Lees de onderstaande instructies)
Malwarebytes' Anti-Malware Chameleon (http://www.pcwebplus.nl/phpbb/viewtopic.php?f=231&t=5650&p=21861#p21861)
Problemen bij het installeren van Malwarebytes' Anti-Malware (http://www.pcwebplus.nl/phpbb/viewtopic.php?f=207&t=3419)
Problemen bij het updaten van Malwarebytes' Anti-Malware (http://www.pcwebplus.nl/phpbb/viewtopic.php?f=207&t=3420)
Problemen bij het starten van Malwarebytes' Anti-Malware (http://www.pcwebplus.nl/phpbb/viewtopic.php?f=207&t=3421)
Het venster met de vraag of je de "Evaluatie wil starten" mag je in principe weigeren, deze kan je later ook nog inschakelen.
Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.
2.
Download TDSSKStarter (http://home.kpn.nl/stefsmeenk/tools/TDSSKStarter.exe) naar het bureaublad.
"TDSSKStarter.exe" gebruiken:
Sluit nu eerst alle nog openstaande programmavensters!
Windows 2000 en Windows XP: start het tool middels dubbelklik op "TDSSKStarter.exe".
Windows Vista en Windows 7: start het tool middels rechtsklik op "TDSSKStarter.exe" en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten.
Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.
3.
Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download (http://download.bleepingcomputer.com/sUBs/dds.com).
DDS - Bleeping Computer download (http://download.bleepingcomputer.com/sUBs/dds.scr).
DDS - Infospyware (http://www.infospyware.net/sUBs/dds).
http://img.photobucket.com/albums/v666/sUBs/dds_scr.gif
DDS is een diagnosetool en maakt gebruik van scripts.
Schakel je beveiligings software uit voordat je DDS uitvoert!
Dubbelklik op DDS om de tool te starten.
DDS zal 2 logfiles openen:
* DDS.txt
* Attach.txt
Een scherm vraagt je om beide logjes op te slaan omdat de logjes weg zullen zijn als je ze sluit.
Sla de logjes op bijvoorbeeld op je bureaublad of een andere plaats waar je ze makkelijk terug vind.
Post het DDS.txt logje met je volgende antwoord. De Attach.txt post je alleen wanneer ik hier om vraag.
Succes,
Eveline.
Gilberto 10 February 2012, 20:45 TDSSKStarter kan je niet downloaden
EvelineGirl 10 February 2012, 21:38 Nee klopt inderdaad. Doe dit dan maar.
Lees deze instructies goed. Weet je het niet zeker of twijfel je vraag het dan eerst en 'skip' dan het item. Dit is zeer belangrijk anders wordt er straks wat verwijderd wat niet nodig geweest was.
Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) en plaats het op je bureaublad.
Pak de bestanden in tdsskiller.zip uit.
Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
Let op!!! Windows Vista & 7 gebruikers dienen TDSSkiller als administrator uit te voeren "Rechtermuisknop uitvoeren als",
Als er door TDSSkiller een update wordt gevonden klikt u op de knop "Load update"
http://www.malwareinfo.nl/files/screens/TDSSkiller(update).jpg
Een nieuwe versie van TDSSkiller zal nu gedownload worden en sla deze op het bureaublad op.
Start nu TDSSkiller opnieuw.
Klik op "Change parameters" en zorg dat de onderstaande opties allemaal aangevinkt zijn.
http://www.malwareinfo.nl/files/screens/TDSSkiller(opties).jpg
Klik op de knop "Start Scan" en volg de instructies.
Note!
Als er "Threats" gevonden worden volgt er automatisch een vervolgscherm na de scan.
Bij een "Fail signature" melding hoef je geen actie te ondernemen.( Gebruik Skip.)
Standaard wordt bij een "Suspicious object" Skip ingevuld. Laat deze actie zo staan. Eventueel zeggen we later wat je hiermee moet doen.
Bij een "Malicious object" wordt er automatisch de actie Cure of Delete ingevuld.
Kies hierbij altijd voor Cure. Wanneer dit niet mogelijk is, selecteer dan Skip.
Alleen bij een "TDSS File System" kies je voor Delete als Cure niet mogelijk is.
Als je niet weet wat in te vullen, gebruik dan Skip en wacht even op wat we adviseren, voordat je iets Delete.
Klik nu op Continue om verder te gaan.
[LIST]
Wanneer de scan klaar is klik je op de knop "Report"( bovenin).
Er opent een kladblokbestand. Post de inhoud van dit bestand.
Herstart de pc als TDSSKiller die optie geeft. (Reboot now)
Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt
Vergeet niet het malwarebytes en DDS logje te plaatsen. :)
Gilberto 11 February 2012, 17:09 Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org (http://www.malwarebytes.org/)
Databaseversie: v2012.02.08.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Carine Mattheus :: CARINE-5569325D [administrator]
11/02/2012 12:53:29
mbam-log-2012-02-11 (12-53-29).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 0
Verstreken tijd: 7 seconde(n) [beëindigd]
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
12:42:38.0359 3432 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
12:42:38.0781 3432 ================================================== ==========
12:42:38.0781 3432 Current date / time: 2012/02/11 12:42:38.0781
12:42:38.0781 3432 SystemInfo:
12:42:38.0781 3432
12:42:38.0781 3432 OS Version: 5.1.2600 ServicePack: 3.0
12:42:38.0781 3432 Product type: Workstation
12:42:38.0781 3432 ComputerName: CARINE-5569325D
12:42:38.0781 3432 UserName: Carine Mattheus
12:42:38.0781 3432 Windows directory: C:\WINDOWS
12:42:38.0781 3432 System windows directory: C:\WINDOWS
12:42:38.0781 3432 Processor architecture: Intel x86
12:42:38.0781 3432 Number of processors: 2
12:42:38.0781 3432 Page size: 0x1000
12:42:38.0781 3432 Boot type: Normal boot
12:42:38.0781 3432 ================================================== ==========
12:42:40.0984 3432 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:42:40.0984 3432 \Device\Harddisk0\DR0:
12:42:40.0984 3432 MBR used
12:42:40.0984 3432 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
12:42:41.0000 3432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x6DF8F4B
12:42:41.0046 3432 Initialize success
12:42:41.0046 3432 ================================================== ==========
12:43:29.0828 3868 ================================================== ==========
12:43:29.0828 3868 Scan started
12:43:29.0828 3868 Mode: Manual; SigCheck; TDLFS;
12:43:29.0828 3868 ================================================== ==========
12:43:30.0171 3868 Abiosdsk - ok
12:43:30.0203 3868 abp480n5 - ok
12:43:30.0265 3868 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:43:30.0640 3868 ACPI - ok
12:43:30.0734 3868 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:43:30.0890 3868 ACPIEC - ok
12:43:30.0953 3868 adpu160m - ok
12:43:31.0015 3868 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:43:31.0218 3868 aec - ok
12:43:31.0328 3868 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:43:31.0390 3868 AFD - ok
12:43:31.0468 3868 Aha154x - ok
12:43:31.0500 3868 aic78u2 - ok
12:43:31.0531 3868 aic78xx - ok
12:43:31.0734 3868 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
12:43:32.0390 3868 ALCXWDM - ok
12:43:32.0484 3868 AliIde - ok
12:43:32.0546 3868 AmFSM (ef9dd27aa5a3baaf2fd2b44c08a3e622) C:\WINDOWS\system32\DRIVERS\amm8651.sys
12:43:32.0609 3868 AmFSM - ok
12:43:32.0656 3868 amsint - ok
12:43:32.0703 3868 asc - ok
12:43:32.0750 3868 asc3350p - ok
12:43:32.0781 3868 asc3550 - ok
12:43:32.0859 3868 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:43:33.0015 3868 AsyncMac - ok
12:43:33.0109 3868 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:43:33.0296 3868 atapi - ok
12:43:33.0359 3868 Atdisk - ok
12:43:33.0421 3868 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:43:33.0593 3868 Atmarpc - ok
12:43:33.0703 3868 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:43:33.0875 3868 audstub - ok
12:43:33.0937 3868 AvFlt - ok
12:43:34.0015 3868 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:43:34.0187 3868 Beep - ok
12:43:34.0312 3868 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:43:34.0500 3868 cbidf2k - ok
12:43:34.0562 3868 cd20xrnt - ok
12:43:34.0625 3868 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:43:34.0796 3868 Cdaudio - ok
12:43:34.0890 3868 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:43:35.0046 3868 Cdfs - ok
12:43:35.0140 3868 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:43:35.0328 3868 Cdrom - ok
12:43:35.0390 3868 Changer - ok
12:43:35.0468 3868 CmdIde - ok
12:43:35.0531 3868 Cpqarray - ok
12:43:35.0562 3868 dac2w2k - ok
12:43:35.0593 3868 dac960nt - ok
12:43:35.0671 3868 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:43:35.0843 3868 Disk - ok
12:43:35.0968 3868 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
12:43:36.0265 3868 dmboot - ok
12:43:36.0359 3868 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
12:43:36.0531 3868 dmio - ok
12:43:36.0593 3868 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:43:36.0765 3868 dmload - ok
12:43:36.0875 3868 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:43:37.0015 3868 DMusic - ok
12:43:37.0078 3868 dpti2o - ok
12:43:37.0140 3868 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:43:37.0312 3868 drmkaud - ok
12:43:37.0375 3868 esgiguard - ok
12:43:37.0500 3868 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:43:37.0671 3868 Fastfat - ok
12:43:37.0781 3868 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:43:37.0968 3868 Fdc - ok
12:43:38.0078 3868 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
12:43:38.0265 3868 Fips - ok
12:43:38.0390 3868 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:43:38.0578 3868 Flpydisk - ok
12:43:38.0671 3868 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:43:38.0843 3868 FltMgr - ok
12:43:38.0953 3868 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:43:39.0125 3868 Fs_Rec - ok
12:43:39.0203 3868 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:43:39.0390 3868 Ftdisk - ok
12:43:39.0453 3868 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:43:39.0484 3868 GEARAspiWDM - ok
12:43:39.0531 3868 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:43:39.0703 3868 Gpc - ok
12:43:39.0796 3868 HBtnKey (3368b1f4eda3ff206dc58cd124963468) C:\WINDOWS\system32\DRIVERS\a2ptbtn.sys
12:43:39.0843 3868 HBtnKey - ok
12:43:39.0968 3868 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:43:40.0140 3868 HidUsb - ok
12:43:40.0218 3868 hpn - ok
12:43:40.0281 3868 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:43:40.0359 3868 HPZid412 - ok
12:43:40.0468 3868 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:43:40.0546 3868 HPZipr12 - ok
12:43:40.0656 3868 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:43:40.0750 3868 HPZius12 - ok
12:43:40.0859 3868 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:43:40.0937 3868 HTTP - ok
12:43:41.0046 3868 i2omgmt - ok
12:43:41.0078 3868 i2omp - ok
12:43:41.0140 3868 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:43:41.0296 3868 i8042prt - ok
12:43:41.0437 3868 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:43:41.0609 3868 Imapi - ok
12:43:41.0718 3868 InCDfs (580a81790cd0a48d85da322267da7ac4) C:\WINDOWS\system32\drivers\InCDFs.sys
12:43:41.0750 3868 InCDfs - ok
12:43:41.0828 3868 InCDPass (aaa2789d2ce21b31be9406ba1ceb7285) C:\WINDOWS\system32\drivers\InCDPass.sys
12:43:41.0843 3868 InCDPass - ok
12:43:41.0890 3868 InCDrec (4d022577e9072b5d22e0a383a7806bbb) C:\WINDOWS\system32\drivers\InCDrec.sys
12:43:41.0921 3868 InCDrec - ok
12:43:42.0000 3868 incdrm (c258e57321a3c3737f4fa815fa69ee0b) C:\WINDOWS\system32\drivers\InCDRm.sys
12:43:42.0031 3868 incdrm - ok
12:43:42.0093 3868 ini910u - ok
12:43:42.0140 3868 IntelIde - ok
12:43:42.0203 3868 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:43:42.0390 3868 intelppm - ok
12:43:42.0515 3868 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:43:42.0687 3868 Ip6Fw - ok
12:43:42.0781 3868 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:43:42.0953 3868 IpFilterDriver - ok
12:43:43.0031 3868 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:43:43.0218 3868 IpInIp - ok
12:43:43.0296 3868 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:43:43.0484 3868 IpNat - ok
12:43:43.0578 3868 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:43:43.0750 3868 IPSec - ok
12:43:43.0828 3868 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:43:43.0921 3868 IRENUM - ok
12:43:44.0000 3868 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:43:44.0171 3868 isapnp - ok
12:43:44.0281 3868 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:43:44.0453 3868 Kbdclass - ok
12:43:44.0593 3868 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:43:44.0765 3868 kbdhid - ok
12:43:44.0859 3868 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:43:45.0015 3868 kmixer - ok
12:43:45.0109 3868 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:43:45.0156 3868 KSecDD - ok
12:43:45.0250 3868 lbrtfdc - ok
12:43:45.0328 3868 LHidFlt2 (360beca015f67deba9490e204849180e) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
12:43:45.0390 3868 LHidFlt2 - ok
12:43:45.0500 3868 LHidUsb (3a60d180e820f13897973b7dad58118d) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
12:43:45.0546 3868 LHidUsb - ok
12:43:45.0687 3868 LMouFlt2 (d8af21830fcd3292617fb798a8538573) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
12:43:45.0718 3868 LMouFlt2 - ok
12:43:45.0828 3868 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:43:46.0000 3868 mnmdd - ok
12:43:46.0093 3868 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
12:43:46.0265 3868 Modem - ok
12:43:46.0328 3868 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:43:46.0515 3868 Mouclass - ok
12:43:46.0578 3868 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:43:46.0750 3868 mouhid - ok
12:43:46.0828 3868 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:43:47.0031 3868 MountMgr - ok
12:43:47.0093 3868 mraid35x - ok
12:43:47.0156 3868 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:43:47.0375 3868 MRxDAV - ok
12:43:47.0500 3868 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:43:47.0593 3868 MRxSmb - ok
12:43:47.0718 3868 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:43:47.0921 3868 Msfs - ok
12:43:48.0031 3868 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:43:48.0218 3868 MSKSSRV - ok
12:43:48.0328 3868 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:43:48.0515 3868 MSPCLOCK - ok
12:43:48.0593 3868 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:43:48.0796 3868 MSPQM - ok
12:43:48.0875 3868 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:43:49.0031 3868 mssmbios - ok
12:43:49.0109 3868 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:43:49.0156 3868 Mup - ok
12:43:49.0265 3868 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:43:49.0468 3868 NDIS - ok
12:43:49.0546 3868 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:43:49.0734 3868 NdisTapi - ok
12:43:49.0828 3868 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:43:50.0015 3868 Ndisuio - ok
12:43:50.0109 3868 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:43:50.0296 3868 NdisWan - ok
12:43:50.0375 3868 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:43:50.0421 3868 NDProxy - ok
12:43:50.0515 3868 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:43:50.0703 3868 NetBIOS - ok
12:43:50.0828 3868 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:43:51.0656 3868 NetBT - ok
12:43:51.0796 3868 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:43:52.0000 3868 Npfs - ok
12:43:52.0109 3868 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:43:52.0328 3868 Ntfs - ok
12:43:52.0437 3868 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:43:52.0640 3868 Null - ok
12:43:52.0734 3868 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:43:52.0906 3868 NwlnkFlt - ok
12:43:53.0015 3868 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:43:53.0203 3868 NwlnkFwd - ok
12:43:53.0328 3868 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
12:43:53.0515 3868 Parport - ok
12:43:53.0593 3868 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:43:53.0781 3868 PartMgr - ok
12:43:53.0906 3868 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
12:43:54.0093 3868 ParVdm - ok
12:43:54.0171 3868 pavboot (55d654258a9c509b671310c314bd30b4) C:\WINDOWS\system32\Drivers\pavboot.sys
12:43:54.0187 3868 pavboot - ok
12:43:54.0250 3868 PavProc (018f51f5757819fcd9f32162c9808565) C:\WINDOWS\system32\DRIVERS\PavProc.sys
12:43:54.0296 3868 PavProc - ok
12:43:54.0343 3868 PavSRK.sys - ok
12:43:54.0375 3868 PavTPK.sys - ok
12:43:54.0437 3868 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
12:43:54.0625 3868 PCI - ok
12:43:54.0687 3868 PCIDump - ok
12:43:54.0718 3868 PCIIde - ok
12:43:54.0781 3868 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:43:54.0984 3868 Pcmcia - ok
12:43:55.0046 3868 PDCOMP - ok
12:43:55.0078 3868 PDFRAME - ok
12:43:55.0109 3868 PDRELI - ok
12:43:55.0140 3868 PDRFRAME - ok
12:43:55.0171 3868 perc2 - ok
12:43:55.0218 3868 perc2hib - ok
12:43:55.0296 3868 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:43:55.0500 3868 PptpMiniport - ok
12:43:55.0609 3868 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:43:55.0812 3868 PSched - ok
12:43:55.0921 3868 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:43:56.0312 3868 Ptilink - ok
12:43:56.0390 3868 ql1080 - ok
12:43:56.0421 3868 Ql10wnt - ok
12:43:56.0453 3868 ql12160 - ok
12:43:56.0484 3868 ql1240 - ok
12:43:56.0515 3868 ql1280 - ok
12:43:56.0578 3868 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:43:56.0765 3868 RasAcd - ok
12:43:56.0859 3868 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:43:57.0078 3868 Rasl2tp - ok
12:43:57.0187 3868 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:43:57.0359 3868 RasPppoe - ok
12:43:57.0453 3868 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:43:57.0671 3868 Raspti - ok
12:43:57.0781 3868 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:43:57.0968 3868 Rdbss - ok
12:43:58.0078 3868 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:43:58.0250 3868 RDPCDD - ok
12:43:58.0359 3868 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:43:58.0562 3868 rdpdr - ok
12:43:58.0671 3868 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:43:58.0734 3868 RDPWD - ok
12:43:58.0843 3868 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:43:59.0015 3868 redbook - ok
12:43:59.0140 3868 RkPavproc1 - ok
12:43:59.0156 3868 RkPavproc2 - ok
12:43:59.0187 3868 RkPavproc3 - ok
12:43:59.0265 3868 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
12:43:59.0359 3868 RTL8023xp - ok
12:43:59.0453 3868 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
12:43:59.0625 3868 rtl8139 - ok
12:43:59.0734 3868 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:43:59.0828 3868 Secdrv - ok
12:43:59.0875 3868 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:44:00.0046 3868 serenum - ok
12:44:00.0125 3868 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
12:44:00.0390 3868 Serial - ok
12:44:00.0453 3868 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:44:00.0640 3868 Sfloppy - ok
12:44:00.0703 3868 ShldDrv (a2f0bf07cac43a11555c173f7b1ad28a) C:\WINDOWS\system32\Drivers\ShlDrv51.sys
12:44:00.0750 3868 ShldDrv - ok
12:44:00.0765 3868 Simbad - ok
12:44:00.0843 3868 SiS315 (3891f6565fe7b93354aed9f4aeed6c9b) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
12:44:00.0890 3868 SiS315 - ok
12:44:00.0968 3868 siside (b4485881bd8aed9b157a2e6cf43c2d51) C:\WINDOWS\system32\DRIVERS\siside.sys
12:44:01.0015 3868 siside - ok
12:44:01.0093 3868 SiSkp (0ba03e859e27f751893faa93b743627a) C:\WINDOWS\system32\DRIVERS\srvkp.sys
12:44:01.0125 3868 SiSkp - ok
12:44:01.0234 3868 Sparrow - ok
12:44:01.0281 3868 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:44:01.0421 3868 splitter - ok
12:44:01.0515 3868 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
12:44:01.0593 3868 sr - ok
12:44:01.0703 3868 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:44:01.0781 3868 Srv - ok
12:44:01.0890 3868 StillCam (bf8aa066bb0398ddcbc9573153d39b8c) C:\WINDOWS\system32\DRIVERS\serscan.sys
12:44:02.0062 3868 StillCam - ok
12:44:02.0140 3868 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:44:02.0312 3868 swenum - ok
12:44:02.0437 3868 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:44:02.0609 3868 swmidi - ok
12:44:02.0671 3868 symc810 - ok
12:44:02.0718 3868 symc8xx - ok
12:44:02.0750 3868 sym_hi - ok
12:44:02.0781 3868 sym_u3 - ok
12:44:02.0843 3868 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:44:03.0000 3868 sysaudio - ok
12:44:03.0125 3868 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:44:03.0203 3868 Tcpip - ok
12:44:03.0375 3868 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:44:03.0546 3868 TDPIPE - ok
12:44:03.0609 3868 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:44:03.0781 3868 TDTCP - ok
12:44:03.0843 3868 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:44:04.0015 3868 TermDD - ok
12:44:04.0078 3868 TosIde - ok
12:44:04.0140 3868 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
12:44:04.0312 3868 uagp35 - ok
12:44:04.0421 3868 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:44:04.0609 3868 Udfs - ok
12:44:04.0656 3868 ultra - ok
12:44:04.0718 3868 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:44:04.0937 3868 Update - ok
12:44:05.0046 3868 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:44:05.0218 3868 usbaudio - ok
12:44:05.0312 3868 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:44:05.0515 3868 usbccgp - ok
12:44:05.0593 3868 USBCCID (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys
12:44:05.0671 3868 USBCCID - ok
12:44:05.0765 3868 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:44:05.0968 3868 usbehci - ok
12:44:06.0062 3868 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:44:06.0250 3868 usbhub - ok
12:44:06.0359 3868 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:44:06.0500 3868 usbohci - ok
12:44:06.0578 3868 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:44:06.0765 3868 usbprint - ok
12:44:06.0843 3868 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:44:07.0015 3868 usbscan - ok
12:44:07.0093 3868 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:44:07.0265 3868 USBSTOR - ok
12:44:07.0359 3868 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:44:07.0531 3868 VgaSave - ok
12:44:07.0625 3868 ViaIde - ok
12:44:07.0671 3868 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
12:44:07.0828 3868 VolSnap - ok
12:44:07.0953 3868 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:44:08.0125 3868 Wanarp - ok
12:44:08.0187 3868 WDICA - ok
12:44:08.0250 3868 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:44:08.0421 3868 wdmaud - ok
12:44:08.0625 3868 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:44:08.0687 3868 WpdUsb - ok
12:44:08.0828 3868 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:44:08.0875 3868 WudfPf - ok
12:44:08.0968 3868 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:44:09.0015 3868 WudfRd - ok
12:44:09.0062 3868 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
12:44:09.0359 3868 \Device\Harddisk0\DR0 - ok
12:44:09.0390 3868 Boot (0x1200) (a5e06538128a3bb7f9f5d9053ad95434) \Device\Harddisk0\DR0\Partition0
12:44:09.0390 3868 \Device\Harddisk0\DR0\Partition0 - ok
12:44:09.0406 3868 Boot (0x1200) (3d25bbf80a71b89b3f516b321a2c991d) \Device\Harddisk0\DR0\Partition1
12:44:09.0421 3868 \Device\Harddisk0\DR0\Partition1 - ok
12:44:09.0421 3868 ================================================== ==========
12:44:09.0421 3868 Scan finished
12:44:09.0421 3868 ================================================== ==========
12:44:09.0546 2084 Detected object count: 0
12:44:09.0546 2084 Actual detected object count: 0
12:47:15.0031 3668 Deinitialize success
EvelineGirl 11 February 2012, 17:31 Heb je ook het DDS logje (stap 3?)
Gilberto 11 February 2012, 20:59 DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Carine Mattheus at 19:55:01 on 2012-02-11
Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.1502.902 [GMT 1:00]
.
AV: Panda Antivirus Pro 2011 *Disabled/Updated* {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\TPSrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PskSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Mijn documenten\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\pavsrvx86.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\AVENGINE.EXE
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2011\WebProxy.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Mijn documenten\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.nl
uStart Page = hxxp://www.google.be/
uSearch Bar = hxxp://www.google.nl/ie
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.nl/
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [TomTomHOME.exe] "d:\mijn documenten\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Google Update] "c:\documents and settings\carine mattheus\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [beid] "c:\program files\belgium identity card\beid35gui.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [APVXDWIN] "c:\program files\panda security\panda antivirus pro 2011\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda antivirus pro 2011\Inicio.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\carine~1\menust~1\progra~1\opstar~1\on enot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\ad ober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\hp digi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\sn elst~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4BEA5FA2-8449-42FB-A408-6683E0033A19} : DhcpNameServer = 192.168.1.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: avldr - avldr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2011-3-9 26696]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2011-3-9 37896]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sy s [2011-3-9 59080]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda antivirus pro 2011\PsCtrlS.exe [2011-3-9 173312]
R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda antivirus pro 2011\PavFnSvr.exe [2011-3-9 202048]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2011-3-9 163336]
R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2011-3-9 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda antivirus pro 2011\pavsrvx86.exe [2011-3-9 314176]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda antivirus pro 2011\psksvc.exe [2011-3-9 28992]
R2 TomTomHOMEService;TomTomHOMEService;d:\mijn documenten\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 PavSRK.sys;PavSRK.sys; [x]
S3 PavTPK.sys;PavTPK.sys; [x]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\driv ers\rkpavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RkPavproc2;RkPavproc2;\??\c:\windows\system32\driv ers\rkpavproc2.sys --> c:\windows\system32\drivers\RkPavproc2.sys [?]
S3 RkPavproc3;RkPavproc3;\??\c:\windows\system32\driv ers\rkpavproc3.sys --> c:\windows\system32\drivers\RkPavproc3.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-10 18:30:59 -------- d-----w- C:\sh4ldr
2012-02-10 18:30:59 -------- d-----w- c:\program files\Enigma Software Group
2012-02-10 18:30:28 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-02-10 18:30:27 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-01-18 13:03:24 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-01-18 13:03:24 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-12-10 14:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:58 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40:48 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12:53 60928 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:22:18 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:22:18 152064 ----a-w- c:\windows\system32\schannel.dll
.
============= FINISH: 19:55:24,26 ===============
EvelineGirl 11 February 2012, 21:11 Download ComboFix van één van deze locaties:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) kunt u lezen hoe u Combofix dient te gebruiken.
1. Bij Windows XP gebruikers zal er indien nodig gevraagd worden om de "Recovery Console" te installeren, sta dit dan toe (hiervoor is een actieve internet verbinding vereist)
2. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
* (hier (http://www.bleepingcomputer.com/forums/topic114351.html) of hier (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) staat een handleiding over hoe je deze kan uitschakelen:)
3. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
4. Dubbelklik op "Combofix.exe" om de tool te starten.
5. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.
* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.
6. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
Gilberto 12 February 2012, 09:33 ComboFix 12-02-11.03 - Carine Mattheus 12/02/2012 8:10.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.1502.941 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Carine Mattheus\Bureaublad\ComboFix.exe
AV: Panda Antivirus Pro 2011 *Disabled/Updated* {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Carine Mattheus\Application Data\4F52.038
c:\documents and settings\Carine Mattheus\DelDD8.tmp
c:\documents and settings\Default User\DelDD8.tmp
c:\documents and settings\Gast\DelDD8.tmp
c:\windows\system\VB40032.DLL
c:\windows\system32\config\systemprofile\DelDD8.tm p
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-12 to 2012-02-12 ))))))))))))))))))))))))))))))
.
.
2012-02-10 18:30 . 2012-02-10 18:55 -------- d-----w- C:\sh4ldr
2012-02-10 18:30 . 2012-02-10 18:30 -------- d-----w- c:\program files\Enigma Software Group
2012-02-10 18:30 . 2012-02-10 18:55 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-02-10 18:30 . 2012-02-10 18:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-01-18 13:03 . 2012-01-18 13:03 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-12-10 14:24 . 2011-11-21 18:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2008-04-15 10:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2008-04-15 10:00 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 07:42 . 2011-11-20 07:42 388096 ----a-r- c:\documents and settings\Carine Mattheus\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-20 06:12 . 2008-04-15 10:00 60928 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:22 . 2008-04-15 10:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:22 . 2008-04-15 10:00 152064 ----a-w- c:\windows\system32\schannel.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"TomTomHOME.exe"="d:\mijn documenten\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SiSPower"="SiSPower.dll" [2004-10-14 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SoundMan"="SOUNDMAN.EXE" [2010-10-27 577536]
"Logitech Utility"="Logi_MwX.Exe" [2010-11-12 19968]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2011\APVXDWIN.EXE" [2011-09-05 984576]
"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2011\Inicio.exe" [2010-06-11 68928]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Carine Mattheus\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Snelstart HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 11:55 55552 ----a-w- c:\windows\system32\avldr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Panda Security\\Panda Antivirus Pro 2011\\ApVxdWin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [9/03/2011 15:29 26696]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [9/03/2011 15:22 37896]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sy s [9/03/2011 15:27 59080]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [9/03/2011 15:22 163336]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2011\psksvc.exe [9/03/2011 15:29 28992]
R2 TomTomHOMEService;TomTomHOMEService;d:\mijn documenten\TomTom HOME 2\TomTomHOMEService.exe [22/04/2011 13:21 92592]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 PavSRK.sys;PavSRK.sys; [x]
S3 PavTPK.sys;PavTPK.sys; [x]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\driv ers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RkPavproc2;RkPavproc2;\??\c:\windows\system32\driv ers\RkPavproc2.sys --> c:\windows\system32\drivers\RkPavproc2.sys [?]
S3 RkPavproc3;RkPavproc3;\??\c:\windows\system32\driv ers\RkPavproc3.sys --> c:\windows\system32\drivers\RkPavproc3.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
.
Inhoud van de 'Gedeelde Taken' map
.
2012-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-484061587-1606980848-1004Core.job
- c:\documents and settings\Carine Mattheus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-08 14:35]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-484061587-1606980848-1004UA.job
- c:\documents and settings\Carine Mattheus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-08 14:35]
.
2012-02-11 c:\windows\Tasks\User_Feed_Synchronization-{40E15F46-0099-4CEB-A992-FD75610815B0}.job
- c:\windows\system32\msfeedssync.exe [2008-04-15 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-12 08:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\windows\SYSTEM32\avldr.dll
.
Voltooingstijd: 2012-02-12 08:27:48
ComboFix-quarantined-files.txt 2012-02-12 07:27
.
Pre-Run: 3.576.508.416 bytes beschikbaar
Post-Run: 4.201.467.904 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B8352D82CE70C5FA7B9951D9ECA3CF80
Gilberto 12 February 2012, 12:30 Combofix heeft enkele bestanden verwijderd, en alles werkt nu weer normaal
heb je enig idee wat er aan de hand was, en van waar de besmetting kan komen
alvast bedankt voor je hulp
EvelineGirl 12 February 2012, 14:13 We zijn er nog niet helemaal.
Het geen wat Combofix heeft verwijderd is voornamelijk een .temp bestand en daar kan ik niks over vinden. Ik denk echter niet dat die voor het probleem verantwoordelijk was.
1. Sluit alle open vensters
2. Schakel alle anti-virus en anti-malware programma’s af of sluit ze, zodat ze de werking van Combofix niet in de weg zitten.
3. Open Kladblok, kopieer en plak volgende code in een leeg venster:
Folder::
C:\sh4ldr
Sla dit op je Bureaublad op als CFScript.txt.
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
http://crew.nucia.eu/smeenk/CFScript.gif
Dit zal ComboFix opnieuw doen starten.
Na afloop (en mogelijk herstarten van je computer) krijg je een rapport met de naam Combofix.txt, kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.
======================
2.
Download de Emsisoft Emergency Kit (http://download11.emsisoft.com/EmsisoftEmergencyKit.zip) naar het bureaublad en pak het ZIP bestand uit.
Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"
http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK11.jpg
Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
Opmerking:
Als u deze melding ziet.
C:\Documents and Settings\username\Bureaublad\ComboFix.exe/$0\List.bat Verwijderd Virus.Win32.HTML!IK
Wanneer het bestand in het venster met scanresultaten staat kun je rechtsklikken op die detectie en kiezen voor "Versturen als vals alarm (False Positive)".
Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"
http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK2.jpg
Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
Herstart nu de computer.
Succes,
Eveline.
Gilberto 12 February 2012, 15:54 Emsisoft Anti-Malware - Version 6.0
quarantine log
Datum Bron Gebeurtenis Gedrag/Infectie
12/02/2012 14:44:37 c:\windows\system32\wgalogon.dll Bestand in gebruik, verwijdering bij herstart possible-Threat.Crack.WGA!E2
12/02/2012 14:35:14 c:\windows\system32\wgalogon.dll Bestand in gebruik, verwijdering bij herstart possible-Threat.Crack.WGA!E2
12/02/2012 14:35:14 C:\WINDOWS\system32\c_1026I.dll Verplaatst naar Quarantaine Trojan.Win32.Vundo!E2
12/02/2012 14:35:13 C:\Qoobox\Quarantine\C\Documents and Settings\Carine Mattheus\Application Data\4F52.038.vir Verplaatst naar Quarantaine Backdoor.Conf!E2
12/02/2012 14:35:13 C:\Documents and Settings\Carine Mattheus\Application Data\Sun\Java\Deployment\cache\6.0\22\6b3543d6-1c44cd46 Verplaatst naar Quarantaine Exploit.Java.CVE-2011-3544!E2
12/02/2012 14:35:13 C:\Documents and Settings\Carine Mattheus\Application Data\Sun\Java\Deployment\cache\6.0\55\10466db7-29c72923 Verplaatst naar Quarantaine Exploit.Java.CVE-2011-3544!E2
12/02/2012 14:35:12 C:\Documents and Settings\Carine Mattheus\Application Data\Sun\Java\Deployment\cache\6.0\49\6d01bb31-792952d1 Verplaatst naar Quarantaine Exploit.Java.CVE!E2
12/02/2012 14:35:12 C:\Documents and Settings\Carine Mattheus\Application Data\Sun\Java\Deployment\cache\6.0\49\6d01bb31-3b154c03 Verplaatst naar Quarantaine Exploit.Java.CVE!E2
12/02/2012 14:35:12 C:\Documents and Settings\Carine Mattheus\Application Data\Sun\Java\Deployment\cache\6.0\49\6d01bb31-75df9886 Verplaatst naar Quarantaine Exploit.Java.CVE!E2
12/02/2012 14:35:12 C:\Documents and Settings\Carine Mattheus\Application Data\Sun\Java\Deployment\cache\6.0\49\6d01bb31-28c86502 Verplaatst naar Quarantaine Exploit.Java.CVE!E2
12/02/2012 14:35:11 C:\Documents and Settings\Carine Mattheus\Application Data\Sun\Java\Deployment\cache\6.0\49\6d01bb31-570737f7 Verplaatst naar Quarantaine Exploit.Java.CVE!E2
12/02/2012 14:35:11 C:\Documents and Settings\Carine Mattheus\Application Data\Sun\Java\Deployment\cache\6.0\49\6d01bb31-22db38a6 Verplaatst naar Quarantaine Exploit.Java.CVE!E2
12/02/2012 14:35:11 C:\Documents and Settings\Carine Mattheus\Application Data\Sun\Java\Deployment\cache\6.0\17\687aad51-193975c9 Bestand niet gevonden Exploit.Java.Blacole!E2
12/02/2012 14:35:11 C:\Documents and Settings\Carine Mattheus\Application Data\Sun\Java\Deployment\cache\6.0\17\687aad51-193975c9 Verplaatst naar Quarantaine Exploit.Java.Blacole!E2
12/02/2012 14:35:10 C:\Documents and Settings\Carine Mattheus\Application Data\Sun\Java\Deployment\cache\6.0\0\62108580-224259ff Verplaatst naar Quarantaine Exploit.Java.CVE-2011!E2
12/02/2012 14:35:10 C:\Documents and Settings\Carine Mattheus\Application Data\Sun\Java\Deployment\cache\6.0\40\1feb7e8-52cbcce8 Verplaatst naar Quarantaine Exploit.Java.CVE-2011-3544!E1
12/02/2012 14:35:09 D:\Mijn documenten\Downloads\FarmvilleMagicTools16\Farmvil leMagicTools.exe Verplaatst naar Quarantaine Trojan-Banker.Win32.Banbra!E2
12/02/2012 14:35:06 D:\Mijn documenten\Downloads\FarmvilleMagicTools16.zip Verplaatst naar Quarantaine Trojan-Banker.Win32.Banbra!E2
Ondertussen had ik nog eens gescand met een malware-programma.Voor ik die volgende stappen uitvoer,kan dit misschien nog dingen dingen verduidelijken?
Het programma gaf ook nog de melding:
c:/windows/system32/wgalogon.dll-file locked,removal on next reboot
Groetjes
Gilberto 12 February 2012, 15:58 Na het heropstarten van de pc is het bestand nog steeds aanwezig :shy::shy:
EvelineGirl 12 February 2012, 16:02 Hmm is je windows versie wel legaal??
Heb je ook nog het combofix logje?
Gilberto 12 February 2012, 20:29 ComboFix 12-02-11.03 - Carine Mattheus 12/02/2012 19:07:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.1502.966 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Carine Mattheus\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Carine Mattheus\Bureaublad\CFScript.txt..txt
AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: Panda Antivirus Pro 2011 *Disabled/Updated* {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\sh4ldr
c:\sh4ldr\shldr.mbr
.
Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\ERDNT\cache\userinit.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-12 to 2012-02-12 ))))))))))))))))))))))))))))))
.
.
2012-02-12 13:40 . 2012-02-12 13:40 -------- d-----w- c:\windows\system32\wbem\snmp
2012-02-12 13:40 . 2012-02-12 13:40 -------- d-----w- c:\windows\system32\xircom
2012-02-12 13:40 . 2012-02-12 13:40 -------- d-----w- c:\program files\microsoft frontpage
2012-02-12 12:30 . 2012-02-12 18:21 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-02-10 18:30 . 2012-02-10 18:30 -------- d-----w- c:\program files\Enigma Software Group
2012-02-10 18:30 . 2012-02-10 18:55 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-02-10 18:30 . 2012-02-10 18:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-01-18 13:03 . 2012-01-18 13:03 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-12-10 14:24 . 2011-11-21 18:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2008-04-15 10:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2008-04-15 10:00 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 07:42 . 2011-11-20 07:42 388096 ----a-r- c:\documents and settings\Carine Mattheus\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-20 06:12 . 2008-04-15 10:00 60928 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:22 . 2008-04-15 10:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:22 . 2008-04-15 10:00 152064 ----a-w- c:\windows\system32\schannel.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-12_07.26.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-12 18:16 . 2012-02-12 18:16 16384 c:\windows\Temp\Perflib_Perfdata_7b4.dat
+ 2011-12-26 08:02 . 2011-12-26 08:02 19677184 c:\windows\Installer\13ad5a.msp
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"TomTomHOME.exe"="d:\mijn documenten\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SiSPower"="SiSPower.dll" [2004-10-14 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SoundMan"="SOUNDMAN.EXE" [2010-10-27 577536]
"Logitech Utility"="Logi_MwX.Exe" [2010-11-12 19968]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2011\APVXDWIN.EXE" [2011-09-05 984576]
"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2011\Inicio.exe" [2010-06-11 68928]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2012-02-01 3357584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Carine Mattheus\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Snelstart HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 11:55 55552 ----a-w- c:\windows\system32\avldr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Panda Security\\Panda Antivirus Pro 2011\\ApVxdWin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [9/03/2011 15:29 26696]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [12/02/2012 13:30 17904]
R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [12/02/2012 13:30 34768]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [12/02/2012 13:30 11776]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [9/03/2011 15:22 37896]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [12/02/2012 13:30 3025112]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sy s [9/03/2011 15:27 59080]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [9/03/2011 15:22 163336]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2011\psksvc.exe [9/03/2011 15:29 28992]
R2 TomTomHOMEService;TomTomHOMEService;d:\mijn documenten\TomTom HOME 2\TomTomHOMEService.exe [22/04/2011 13:21 92592]
R3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [12/02/2012 13:30 51632]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 PavSRK.sys;PavSRK.sys; [x]
S3 PavTPK.sys;PavTPK.sys; [x]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\driv ers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RkPavproc2;RkPavproc2;\??\c:\windows\system32\driv ers\RkPavproc2.sys --> c:\windows\system32\drivers\RkPavproc2.sys [?]
S3 RkPavproc3;RkPavproc3;\??\c:\windows\system32\driv ers\RkPavproc3.sys --> c:\windows\system32\drivers\RkPavproc3.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
.
Inhoud van de 'Gedeelde Taken' map
.
2012-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-484061587-1606980848-1004Core.job
- c:\documents and settings\Carine Mattheus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-08 14:35]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-484061587-1606980848-1004UA.job
- c:\documents and settings\Carine Mattheus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-08 14:35]
.
2012-02-12 c:\windows\Tasks\User_Feed_Synchronization-{40E15F46-0099-4CEB-A992-FD75610815B0}.job
- c:\windows\system32\msfeedssync.exe [2008-04-15 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-12 19:16
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwOpenFile
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\avldr.dll
.
- - - - - - - > 'explorer.exe'(3876)
c:\program files\Emsisoft Anti-Malware\a2hooks32.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Panda Security\Panda Antivirus Pro 2011\TPSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Panda Security\Panda Antivirus Pro 2011\PsCtrls.exe
c:\program files\Panda Security\Panda Antivirus Pro 2011\PavFnSvr.exe
c:\program files\Common Files\Panda Security\PavShld\pavprsrv.exe
c:\program files\Panda Security\Panda Antivirus Pro 2011\PsImSvc.exe
c:\windows\system32\locator.exe
c:\program files\PANDA SECURITY\PANDA ANTIVIRUS PRO 2011\WebProxy.exe
c:\program files\Panda Security\Panda Antivirus Pro 2011\pavsrvx86.exe
c:\program files\Panda Security\Panda Antivirus Pro 2011\AVENGINE.EXE
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\msiexec.exe
.
************************************************** ************************
.
Voltooingstijd: 2012-02-12 19:24:40 - machine werd herstart
ComboFix-quarantined-files.txt 2012-02-12 18:24
ComboFix2.txt 2012-02-12 07:27
.
Pre-Run: 3.886.350.336 bytes beschikbaar
Post-Run: 3.894.747.136 bytes beschikbaar
.
- - End Of File - - 627658EE0CD3C2D686FAEC7E6672FED3
Ik zou het niet weten of er iets mis is met mijn licentie,ik kreeg de pc van vrienden.:rolleyes::rolleyes:
EvelineGirl 12 February 2012, 21:05 In dat geval meld ik bij deze dat je windows versie niet legaal is.
Ondervind je nog problemen?
Gilberto 13 February 2012, 19:09 alles werkt maar als ik scan met EMSISOFT anti-malware haalt die steeds dezelfde infecties eruit.:shocked:
EvelineGirl 13 February 2012, 19:14 Als het alleen om deze gaat c:\windows\system32\wgalogon.dl
Dat komt dus omdat je windows versie niet legaal is!
Gilberto 13 February 2012, 20:03 Emsisoft Anti-Malware - Versie 6.0
Laatste Update: 13/02/2012 15:57:39
Scaninstellingen:
Scantype: Diepe Scan
Objecten: Rootkits, Geheugen, Sporen, C:\, D:\
Scan archieven: Aan
ADS Scan: Aan
Scan gestart: 13/02/2012 16:12:25
C:\System Volume Information\_restore{1E451DF3-3962-4A55-AB39-7598C377E711}\RP273\A0019379.dll Ontdekt: possible-Threat.Crack.WGA!E2
C:\System Volume Information\_restore{1E451DF3-3962-4A55-AB39-7598C377E711}\RP273\A0019365.dll Ontdekt: Trojan.Win32.Vundo!E2
Gescand 481624
Gevonden 2
Scan Geëindigd: 13/02/2012 17:13:49
Scantijd: 1:01:24
C:\System Volume Information\_restore{1E451DF3-3962-4A55-AB39-7598C377E711}\RP273\A0019365.dll Verwijderd Trojan.Win32.Vundo!E2
C:\System Volume Information\_restore{1E451DF3-3962-4A55-AB39-7598C377E711}\RP273\A0019379.dll Verwijderd possible-Threat.Crack.WGA!E2
Verwijderd 2
EvelineGirl 13 February 2012, 23:20 Die punten zitten in het systeemherstel.
Ik mag je niet verder helpen omdat ik heb vastgesteld dat je een illegale windows gebruikt, dit gaat tegen de forum regels in.
Daarom zet ik hier een slotje op.
|
|