PRO SHIELD VIRUS

mamadenise

05-09-2011 13:38

Hallo,
mijn naam is denise, en ik heb een probleem met mijn computer.
zelf denk ik aan een pro shield virus, waarom ik dat denk is omdat ik sinds een aantal dagen steeds een bericht van pro shield op mijn scherm krijg met dat mijn computer in gevaar is en dat ik me moet beschermen en bij hun de pro shield te kopen. en als ik dit weg klik dan komt het gewoon weer doodleuk terug.
Me internet doet traag, ik kan niets meer uitvoeren hij opent mijn applicaties niet.
Ik had hiervoor AVG free edition maar die werkte niet meer zo goed. deze wilde ik ook van mijn pc verwijderen, maar tevergeefs.
Ik heb nu Avira anti virus op mijn pc (gedownload in de veilige modus) maar ik heb het gevoel dat deze ook niet al te best is.
want zodra ik uit de veilige modus ga dan krijg ik die stomme pro shield weer te zien.
Oja en mijn achtergrond is weg van mijn scherm in de normale modus.
ik hoop dat iemand mij kan helpen. ik heb niet zoveel verstand van computer codes en taal dus hoop dat iemand het mij duidelijk kan uitleggen wat er aan de hand is.
ik heb de stppen gevolgd hier zijn de logs
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Databaseversie: 7655
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
5-9-2011 14:03:05
mbam-log-2011-09-05 (14-02-54).txt
Scantype: Snelle scan
Objecten gescand: 181824
Verstreken tijd: 7 minuut/minuten, 12 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 32
Registerwaarden geïnfecteerd: 10
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 14
Bestanden geïnfecteerd: 39
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{6F098504-CDB1-420f-A2E6-DDC0B835FEDF} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\HBLiteAX.Info.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\HBLiteAX.Info (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4E674574-3F0B-491d-8AE3-F90B43A34FD6} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491D-8AE3-F90B43A34FD6} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{851552F5-B878-4b03-904F-2AD6A4CC8994} (PUP.Zwangi) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{851552F5-B878-4B03-904F-2AD6A4CC8994} (PUP.Zwangi) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{851552F5-B878-4B03-904F-2AD6A4CC8994} (PUP.Zwangi) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\Software\hblitesa (Adware.HotBar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FlvTube (Adware.FlvTube) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\HBLite (Adware.HotBar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\QueryExplorer (Adware.QueryExplorer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlvTube Toolbar (PUP.Zwangi) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HBLiteSA (Adware.HotBar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QueryExplorer (Adware.QueryExplorer) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FlvTube Toolbar Helper (PUP.Zwangi) -> No action taken.
Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ZW1JXA6A6V6CWC4IBBJIYGFMBSR (Rootkit.0Access.XGen) -> Value: ZW1JXA6A6V6CWC4IBBJIYGFMBSR -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\S8K2YBMEZL1NW (Trojan.Agent.SZ) -> Value: S8K2YBMEZL1NW -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oO19600NbCfA19600 (Trojan.FakeAlert) -> Value: oO19600NbCfA19600 -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{851552F5-B878-4B03-904F-2AD6A4CC8994} (PUP.Zwangi) -> Value: {851552F5-B878-4B03-904F-2AD6A4CC8994} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{851552F5-B878-4B03-904F-2AD6A4CC8994} (PUP.Zwangi) -> Value: {851552F5-B878-4B03-904F-2AD6A4CC8994} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{851552F5-B878-4B03-904F-2AD6A4CC8994} (PUP.Zwangi) -> Value: {851552F5-B878-4B03-904F-2AD6A4CC8994} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{851552F5-B878-4b03-904F-2AD6A4CC8994} (PUP.Zwangi) -> Value: {851552F5-B878-4b03-904F-2AD6A4CC8994} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790571B6765B5633AD95 (Malware.Trace) -> Value: SRS_IT_E8790571B6765B5633AD95 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Homepage Protection Service\UninstallString (PUP.Zwangi) -> Value: UninstallString -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\HBLite@HBLite.com (Adware.HotBar) -> Value: HBLite@HBLite.com -> No action taken.
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> No action taken.
c:\Users\denni\AppData\Roaming\HBLite (Adware.Hotbar) -> No action taken.
c:\programdata\HBLiteSA (Adware.Hotbar) -> No action taken.
c:\programdata\queryexplorer (Adware.QueryExplorer) -> No action taken.
c:\Users\denni\AppData\Roaming\SysWin (Trojan.Agent) -> No action taken.
c:\program files (x86)\HBLite (Adware.Hotbar) -> No action taken.
c:\program files (x86)\HBLite\bin (Adware.Hotbar) -> No action taken.
c:\program files (x86)\HBLite\bin\11.0.264.0 (Adware.Hotbar) -> No action taken.
c:\program files (x86)\HBLite\bin\11.0.264.0\firefox (Adware.Hotbar) -> No action taken.
c:\program files (x86)\HBLite\bin\11.0.264.0\firefox\extensions (Adware.Hotbar) -> No action taken.
c:\program files (x86)\HBLite\bin\11.0.264.0\firefox\extensions\plugins (Adware.Hotbar) -> No action taken.
c:\program files (x86)\queryexplorer (Adware.QueryExplorer) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar (Adware.Hotbar) -> No action taken.
c:\program files (x86)\flvtube toolbar (PUP.Zwangi) -> No action taken.
Bestanden geïnfecteerd:
c:\Porth31.sys\e735495fddf.exe (Rootkit.0Access.XGen) -> No action taken.
c:\Users\denni\AppData\Roaming\op1zqfknb9d.exe (Trojan.Agent.SZ) -> No action taken.
c:\programdata\oo19600nbcfa19600\oo19600nbcfa19600.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\denni\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\dxdiag.exe (Trojan.Agent) -> No action taken.
c:\Users\denni\AppData\Local\Temp\593A.tmp (Trojan.Agent.SZ) -> No action taken.
c:\Users\denni\AppData\Local\Temp\92C3.tmp (Rootkit.TDSS) -> No action taken.
c:\Users\denni\AppData\Local\Temp\9FFA.tmp (Rootkit.TDSS) -> No action taken.
c:\Users\denni\AppData\Local\Temp\D883.tmp (Trojan.Agent.SZ) -> No action taken.
c:\Users\denni\AppData\Local\Temp\op1zqfknb9d.exe.jpg (Trojan.Agent.SZ) -> No action taken.
c:\Users\denni\AppData\Local\Temp\setup168925184.exe (Rootkit.TDSS) -> No action taken.
c:\Users\denni\AppData\Local\Temp\setup2293232768.exe (Rootkit.TDSS) -> No action taken.
c:\Users\denni\AppData\Local\Temp\setup2444245376.exe (Rootkit.TDSS) -> No action taken.
c:\Users\denni\AppData\Local\Temp\setup2502445568.exe (Rootkit.TDSS) -> No action taken.
c:\Users\denni\local settings\temporary internet files\Content.IE5\92NMSZVF\777.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\denni\local settings\temporary internet files\Content.IE5\QPVQO83W\download.exe (PUP.Casino.Gen) -> No action taken.
c:\Users\denni\AppData\Local\Temp\opra.bss (Trojan.Agent) -> No action taken.
c:\Users\denni\AppData\Local\Temp\cdky.bss (Malware.Trace) -> No action taken.
c:\Users\denni\AppData\Local\Temp\chro.bss (Malware.Trace) -> No action taken.
c:\Users\denni\AppData\Local\Temp\dial.bss (Malware.Trace) -> No action taken.
c:\Users\denni\AppData\Local\Temp\ffpw.bss (Malware.Trace) -> No action taken.
c:\Users\denni\AppData\Local\Temp\iepw.bss (Malware.Trace) -> No action taken.
c:\Users\denni\AppData\Local\Temp\mail.bss (Malware.Trace) -> No action taken.
c:\Users\denni\AppData\Local\Temp\mess.bss (Malware.Trace) -> No action taken.
c:\Users\denni\AppData\Local\Temp\pspw.bss (Malware.Trace) -> No action taken.
c:\programdata\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> No action taken.
c:\programdata\HBLiteSA\hblitesaabout.mht (Adware.Hotbar) -> No action taken.
c:\programdata\HBLiteSA\hblitesaau.dat (Adware.Hotbar) -> No action taken.
c:\programdata\HBLiteSA\hblitesaeula.mht (Adware.Hotbar) -> No action taken.
c:\programdata\HBLiteSA\hblitesa_kyf.dat (Adware.Hotbar) -> No action taken.
c:\programdata\queryexplorer\queryexplorer117.exe (Adware.QueryExplorer) -> No action taken.
c:\program files (x86)\HBLite\bin\11.0.264.0\firefox\extensions\chrome.manifest (Adware.Hotbar) -> No action taken.
c:\program files (x86)\HBLite\bin\11.0.264.0\firefox\extensions\install.rdf (Adware.Hotbar) -> No action taken.
c:\program files (x86)\queryexplorer\uninstall.exe (Adware.QueryExplorer) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\about hotbar.lnk (Adware.Hotbar) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar customer support center.lnk (Adware.Hotbar) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar uninstall instructions.lnk (Adware.Hotbar) -> No action taken.
c:\program files (x86)\flvtube toolbar\ffmpeg.exe (PUP.Zwangi) -> No action taken.
c:\program files (x86)\flvtube toolbar\flvtubesvc.exe (PUP.Zwangi) -> No action taken.
c:\program files (x86)\flvtube toolbar\uninstall.exe (PUP.Zwangi) -> No action taken.
hijackthis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:04:36, on 5-9-2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173608109106p0415x115y44510704
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173608109106p0415x115y44510704/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173608109106p0415x115y44510704
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173608109106p0415x115y44510704
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: FlvTube Toolbar - {851552F5-B878-4b03-904F-2AD6A4CC8994} - “C:\Program Files (x86)\FlvTube Toolbar\flvtubetb.DLL” (file missing)
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files (x86)\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: “C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKLM\..\RunOnce: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: “C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: “C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU\..\Run: “C:\Program Files (x86)\Electronic Arts\EADM\Core.exe” -silent
O4 - HKCU\..\Run: “C:\Program Files (x86)\uTorrent\uTorrent.exe”
O4 - HKCU\..\Run: C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: C:\Porth31.sys\E735495FDDF.exe /q
O4 - HKCU\..\Run: C:\Users\denni\AppData\Roaming\OP1ZQFKNB9D.exe
O4 - HKCU\..\RunOnce: C:\ProgramData\oO19600NbCfA19600\oO19600NbCfA19600.exe
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - Startup: 25dc0fa16da.dat
O4 - Startup: 974f1b16da.dat
O4 - Startup: dxdiag.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe
O4 - Global Startup: Update-agent.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: PokerTime - {9186201E-7EC7-4F19-A4A9-EB468D47B515} - C:\Microgaming\Poker\PokerTimeMPP\MPPoker.exe (HKCU)
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: BecHelperService - Unknown owner - C:\Program Files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlvTube Toolbar Helper - Unknown owner - C:\Program Files (x86)\FlvTube Toolbar\FlvTubeSvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: JSW Hardware Button Service (JSWHwBtn) - Unknown owner - C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\TP-LINK\QSS\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
O23 - Service: Pokernet - Badbeat.com - C:\Users\denni\AppData\Roaming\MyPokerLab\Pokernet\Pokernet Service.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Print Spooler (Spooler32) - Unknown owner - c:\windows\system32\kbdusl32.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 13534 bytes
Alvast bedankt.
Met vriendelijke groet Denise Fields
fazantje

05-09-2011 14:39

Hoi Denise,
Ga zo min mogelijk het internet op en doe vooral geen bankzaken via internet.
Je hebt zeer zware besmettingen op je computer.
Laat mbam nogmaals draaien, als ie klaar is, zorg dan dat alles wat ie heeft gevonden aangevinkt staat.
Download daarna TDSS:
Download http://support.kaspersky.com/downloads/utils/tdsskiller.zip en plaats het op je bureaublad.
Pak de bestanden in tdsskiller.zip uit.
Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
Windows 7 en Windows Vista gebruikers:
Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.
Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.
Klik op de knop “Start Scan” en volg de instructies.
Wanneer de scan klaar is klik je op de knop “Report”.
Er opent een kladblokbestand. Post de inhoud van dit bestand.
Herstart de pc als TDSSKiller die optie geeft. (Reboot now)
Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.___log.txt
plaats ook meteen een nieuw hijack this logje.
Dus totaal 3 logjes.
Succes,
Huib;)
mamadenise

05-09-2011 17:53

Dat klinkt wel heel eng allemaal !
ik heb denk 3dagen geleden voor het laatst ge interbankiert.
ik heb gedaan wat je zei dat ik moest doen
hier komen de 3 logjes.
vriendelijke groet denise
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:04:36, on 5-9-2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173608109106p0415x115y44510704
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173608109106p0415x115y44510704/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173608109106p0415x115y44510704
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173608109106p0415x115y44510704
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: FlvTube Toolbar - {851552F5-B878-4b03-904F-2AD6A4CC8994} - “C:\Program Files (x86)\FlvTube Toolbar\flvtubetb.DLL” (file missing)
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files (x86)\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: “C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKLM\..\RunOnce: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: “C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: “C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU\..\Run: “C:\Program Files (x86)\Electronic Arts\EADM\Core.exe” -silent
O4 - HKCU\..\Run: “C:\Program Files (x86)\uTorrent\uTorrent.exe”
O4 - HKCU\..\Run: C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: C:\Porth31.sys\E735495FDDF.exe /q
O4 - HKCU\..\Run: C:\Users\denni\AppData\Roaming\OP1ZQFKNB9D.exe
O4 - HKCU\..\RunOnce: C:\ProgramData\oO19600NbCfA19600\oO19600NbCfA19600.exe
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - Startup: 25dc0fa16da.dat
O4 - Startup: 974f1b16da.dat
O4 - Startup: dxdiag.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe
O4 - Global Startup: Update-agent.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: PokerTime - {9186201E-7EC7-4F19-A4A9-EB468D47B515} - C:\Microgaming\Poker\PokerTimeMPP\MPPoker.exe (HKCU)
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: BecHelperService - Unknown owner - C:\Program Files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlvTube Toolbar Helper - Unknown owner - C:\Program Files (x86)\FlvTube Toolbar\FlvTubeSvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: JSW Hardware Button Service (JSWHwBtn) - Unknown owner - C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\TP-LINK\QSS\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
O23 - Service: Pokernet - Badbeat.com - C:\Users\denni\AppData\Roaming\MyPokerLab\Pokernet\Pokernet Service.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Print Spooler (Spooler32) - Unknown owner - c:\windows\system32\kbdusl32.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 13534 bytes
mbamlog
Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{851552F5-B878-4B03-904F-2AD6A4CC8994} (PUP.Zwangi) -> Value: {851552F5-B878-4B03-904F-2AD6A4CC8994} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{851552F5-B878-4B03-904F-2AD6A4CC8994} (PUP.Zwangi) -> Value: {851552F5-B878-4B03-904F-2AD6A4CC8994} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{851552F5-B878-4B03-904F-2AD6A4CC8994} (PUP.Zwangi) -> Value: {851552F5-B878-4B03-904F-2AD6A4CC8994} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{851552F5-B878-4b03-904F-2AD6A4CC8994} (PUP.Zwangi) -> Value: {851552F5-B878-4b03-904F-2AD6A4CC8994} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790571B6765B5633AD95 (Malware.Trace) -> Value: SRS_IT_E8790571B6765B5633AD95 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Homepage Protection Service\UninstallString (PUP.Zwangi) -> Value: UninstallString -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\HBLite@HBLite.com (Adware.HotBar) -> Value: HBLite@HBLite.com -> No action taken.
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> No action taken.
c:\Users\denni\AppData\Roaming\HBLite (Adware.Hotbar) -> No action taken.
c:\programdata\HBLiteSA (Adware.Hotbar) -> No action taken.
c:\programdata\queryexplorer (Adware.QueryExplorer) -> No action taken.
c:\Users\denni\AppData\Roaming\SysWin (Trojan.Agent) -> No action taken.
c:\program files (x86)\HBLite (Adware.Hotbar) -> No action taken.
c:\program files (x86)\HBLite\bin (Adware.Hotbar) -> No action taken.
c:\program files (x86)\HBLite\bin\11.0.264.0 (Adware.Hotbar) -> No action taken.
c:\program files (x86)\HBLite\bin\11.0.264.0\firefox (Adware.Hotbar) -> No action taken.
c:\program files (x86)\HBLite\bin\11.0.264.0\firefox\extensions (Adware.Hotbar) -> No action taken.
c:\program files (x86)\HBLite\bin\11.0.264.0\firefox\extensions\plugins (Adware.Hotbar) -> No action taken.
c:\program files (x86)\queryexplorer (Adware.QueryExplorer) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar (Adware.Hotbar) -> No action taken.
c:\program files (x86)\flvtube toolbar (PUP.Zwangi) -> No action taken.
tdsslog
2011/09/05 17:44:54.0859 2712 TDSS rootkit removing tool 2.5.18.0 Sep 5 2011 09:53:09
2011/09/05 17:44:54.0955 2712 ================================================================================
2011/09/05 17:44:54.0955 2712 SystemInfo:
2011/09/05 17:44:54.0955 2712
2011/09/05 17:44:54.0955 2712 OS Version: 6.1.7600 ServicePack: 0.0
2011/09/05 17:44:54.0956 2712 Product type: Workstation
2011/09/05 17:44:54.0956 2712 ComputerName: DENNI-PC
2011/09/05 17:44:54.0956 2712 UserName: denni
2011/09/05 17:44:54.0956 2712 Windows directory: C:\Windows
2011/09/05 17:44:54.0956 2712 System windows directory: C:\Windows
2011/09/05 17:44:54.0956 2712 Running under WOW64
2011/09/05 17:44:54.0956 2712 Processor architecture: Intel x64
2011/09/05 17:44:54.0956 2712 Number of processors: 2
2011/09/05 17:44:54.0956 2712 Page size: 0x1000
2011/09/05 17:44:54.0956 2712 Boot type: Normal boot
2011/09/05 17:44:54.0956 2712 ================================================================================
2011/09/05 17:44:56.0026 2712 Initialize success
2011/09/05 17:45:03.0738 6112 ================================================================================
2011/09/05 17:45:03.0738 6112 Scan started
2011/09/05 17:45:03.0738 6112 Mode: Manual;
2011/09/05 17:45:03.0738 6112 ================================================================================
2011/09/05 17:45:04.0615 6112 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/09/05 17:45:04.0645 6112 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/09/05 17:45:04.0677 6112 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/09/05 17:45:04.0738 6112 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/05 17:45:04.0778 6112 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/05 17:45:04.0809 6112 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/05 17:45:04.0885 6112 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/09/05 17:45:04.0926 6112 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/09/05 17:45:04.0967 6112 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/09/05 17:45:04.0991 6112 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/09/05 17:45:05.0015 6112 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/05 17:45:05.0044 6112 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/05 17:45:05.0077 6112 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/09/05 17:45:05.0106 6112 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/05 17:45:05.0140 6112 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/09/05 17:45:05.0226 6112 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/09/05 17:45:05.0263 6112 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/09/05 17:45:05.0295 6112 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/05 17:45:05.0339 6112 arusb_lhx (fec1f5da49c4d693ccd1b922b7f3b22f) C:\Windows\system32\DRIVERS\arusb_lhx.sys
2011/09/05 17:45:05.0397 6112 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/05 17:45:05.0440 6112 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/09/05 17:45:05.0599 6112 avgfwfd (705417fd6c165ccf926aca943b478d68) C:\Windows\system32\DRIVERS\avgfwd6a.sys
2011/09/05 17:45:05.0723 6112 Avgldx64 (ef415e445e5376624ed78685ee9647d4) C:\Windows\system32\DRIVERS\avgldx64.sys
2011/09/05 17:45:05.0755 6112 Avgmfx64 (f5ffa3053d26c55edc112e66197eed09) C:\Windows\system32\DRIVERS\avgmfx64.sys
2011/09/05 17:45:05.0820 6112 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/09/05 17:45:05.0930 6112 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
2011/09/05 17:45:05.0993 6112 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/09/05 17:45:06.0052 6112 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/09/05 17:45:06.0122 6112 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/09/05 17:45:06.0180 6112 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/05 17:45:06.0245 6112 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/05 17:45:06.0266 6112 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/05 17:45:06.0288 6112 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/05 17:45:06.0327 6112 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/09/05 17:45:06.0359 6112 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/05 17:45:06.0385 6112 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/05 17:45:06.0406 6112 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/05 17:45:06.0427 6112 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/05 17:45:06.0484 6112 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/05 17:45:06.0562 6112 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/05 17:45:06.0621 6112 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/05 17:45:06.0671 6112 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/09/05 17:45:06.0735 6112 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/05 17:45:06.0787 6112 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/09/05 17:45:06.0826 6112 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/09/05 17:45:06.0857 6112 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/05 17:45:06.0898 6112 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/09/05 17:45:06.0939 6112 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/05 17:45:07.0037 6112 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/09/05 17:45:07.0084 6112 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/09/05 17:45:07.0140 6112 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/09/05 17:45:07.0213 6112 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/09/05 17:45:07.0270 6112 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/05 17:45:07.0408 6112 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/09/05 17:45:07.0568 6112 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/05 17:45:07.0605 6112 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/09/05 17:45:07.0691 6112 ewusbnet (0b8880f8d9a781670557307e2bca6bd6) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/09/05 17:45:07.0725 6112 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/09/05 17:45:07.0760 6112 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/09/05 17:45:07.0797 6112 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/05 17:45:07.0843 6112 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/09/05 17:45:07.0869 6112 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/09/05 17:45:07.0894 6112 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/05 17:45:07.0948 6112 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/09/05 17:45:08.0014 6112 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/09/05 17:45:08.0045 6112 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/05 17:45:08.0102 6112 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/05 17:45:08.0134 6112 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/05 17:45:08.0219 6112 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/05 17:45:08.0257 6112 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/09/05 17:45:08.0333 6112 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/05 17:45:08.0349 6112 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/05 17:45:08.0374 6112 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/05 17:45:08.0397 6112 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/05 17:45:08.0472 6112 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/05 17:45:08.0516 6112 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/09/05 17:45:08.0629 6112 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/09/05 17:45:08.0847 6112 hwdatacard (3e31c1470aba81ba2dcb956f8504c037) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/09/05 17:45:08.0890 6112 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/05 17:45:08.0918 6112 hwusbfake (b45b3647ba32749b94fa689175ec8c26) C:\Windows\system32\DRIVERS\ewusbfake.sys
2011/09/05 17:45:08.0987 6112 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/05 17:45:09.0030 6112 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/09/05 17:45:09.0083 6112 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/05 17:45:09.0167 6112 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
2011/09/05 17:45:09.0199 6112 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/09/05 17:45:09.0249 6112 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/05 17:45:09.0272 6112 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/05 17:45:09.0301 6112 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/09/05 17:45:09.0337 6112 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/09/05 17:45:09.0390 6112 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/09/05 17:45:09.0409 6112 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/09/05 17:45:09.0453 6112 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/05 17:45:09.0518 6112 JSWPSLWF (9d86c5091209ca4bd3762bed6f654501) C:\Windows\system32\DRIVERS\jswpslwfx.sys
2011/09/05 17:45:09.0573 6112 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/05 17:45:09.0619 6112 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/05 17:45:09.0654 6112 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/05 17:45:09.0704 6112 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/05 17:45:09.0754 6112 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/09/05 17:45:09.0822 6112 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/05 17:45:09.0879 6112 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/05 17:45:09.0900 6112 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/05 17:45:09.0931 6112 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/05 17:45:09.0972 6112 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/05 17:45:10.0015 6112 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/09/05 17:45:10.0070 6112 massfilter (035c83cd72e06c47000793d32b1a642d) C:\Windows\system32\DRIVERS\massfilter.sys
2011/09/05 17:45:10.0110 6112 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/05 17:45:10.0141 6112 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/05 17:45:10.0189 6112 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/09/05 17:45:10.0234 6112 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/05 17:45:10.0278 6112 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/05 17:45:10.0325 6112 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/05 17:45:10.0356 6112 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/09/05 17:45:10.0388 6112 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/09/05 17:45:10.0423 6112 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/05 17:45:10.0460 6112 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/05 17:45:10.0507 6112 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/05 17:45:10.0550 6112 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/05 17:45:10.0593 6112 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/05 17:45:10.0644 6112 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/09/05 17:45:10.0665 6112 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/09/05 17:45:10.0715 6112 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/09/05 17:45:10.0760 6112 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/05 17:45:10.0785 6112 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/09/05 17:45:10.0826 6112 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/05 17:45:10.0856 6112 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/05 17:45:10.0877 6112 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/09/05 17:45:10.0915 6112 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/09/05 17:45:10.0959 6112 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/05 17:45:10.0991 6112 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/09/05 17:45:11.0009 6112 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/05 17:45:11.0064 6112 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/09/05 17:45:11.0128 6112 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/05 17:45:11.0175 6112 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/09/05 17:45:11.0205 6112 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/05 17:45:11.0253 6112 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/05 17:45:11.0296 6112 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/05 17:45:11.0330 6112 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/05 17:45:11.0357 6112 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/09/05 17:45:11.0422 6112 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/05 17:45:11.0452 6112 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/05 17:45:11.0521 6112 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/05 17:45:11.0578 6112 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/09/05 17:45:11.0612 6112 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/05 17:45:11.0693 6112 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/09/05 17:45:11.0756 6112 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/09/05 17:45:11.0801 6112 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2011/09/05 17:45:11.0868 6112 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
2011/09/05 17:45:12.0057 6112 nvlddmkm (d7a2cd1d76e6cc996a0852d566af2f73) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/05 17:45:12.0172 6112 NVNET (9c3024e48db4c98e50af7d8b72d0ef89) C:\Windows\system32\DRIVERS\nvmf6264.sys
2011/09/05 17:45:12.0234 6112 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/09/05 17:45:12.0259 6112 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/09/05 17:45:12.0291 6112 nvstor64 (21f5deb068fb75f1b80044212914e3bb) C:\Windows\system32\DRIVERS\nvstor64.sys
2011/09/05 17:45:12.0319 6112 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/09/05 17:45:12.0408 6112 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/05 17:45:12.0455 6112 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/09/05 17:45:12.0498 6112 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/09/05 17:45:12.0535 6112 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/09/05 17:45:12.0566 6112 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/09/05 17:45:12.0620 6112 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/05 17:45:12.0653 6112 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/09/05 17:45:12.0690 6112 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/09/05 17:45:12.0865 6112 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/05 17:45:12.0896 6112 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/09/05 17:45:12.0956 6112 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/05 17:45:12.0999 6112 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/09/05 17:45:13.0050 6112 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/05 17:45:13.0117 6112 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/05 17:45:13.0177 6112 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/05 17:45:13.0196 6112 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/05 17:45:13.0254 6112 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/05 17:45:13.0287 6112 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/05 17:45:13.0326 6112 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/05 17:45:13.0352 6112 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/05 17:45:13.0382 6112 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/05 17:45:13.0414 6112 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/05 17:45:13.0444 6112 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/05 17:45:13.0504 6112 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/05 17:45:13.0529 6112 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/05 17:45:13.0559 6112 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/09/05 17:45:13.0625 6112 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/09/05 17:45:13.0706 6112 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/05 17:45:13.0790 6112 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/09/05 17:45:13.0867 6112 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys
2011/09/05 17:45:13.0901 6112 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/05 17:45:13.0964 6112 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/09/05 17:45:14.0023 6112 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/05 17:45:14.0062 6112 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/09/05 17:45:14.0094 6112 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/05 17:45:14.0136 6112 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/09/05 17:45:14.0159 6112 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/09/05 17:45:14.0187 6112 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/09/05 17:45:14.0215 6112 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/05 17:45:14.0246 6112 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/05 17:45:14.0271 6112 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/05 17:45:14.0297 6112 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/09/05 17:45:14.0339 6112 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/09/05 17:45:14.0421 6112 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/09/05 17:45:14.0472 6112 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/05 17:45:14.0514 6112 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/05 17:45:14.0596 6112 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/05 17:45:14.0647 6112 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/05 17:45:14.0742 6112 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
2011/09/05 17:45:14.0842 6112 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/05 17:45:14.0882 6112 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/05 17:45:14.0920 6112 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/09/05 17:45:14.0942 6112 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/09/05 17:45:15.0005 6112 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/05 17:45:15.0054 6112 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/05 17:45:15.0118 6112 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/05 17:45:15.0170 6112 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/05 17:45:15.0200 6112 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/05 17:45:15.0236 6112 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/05 17:45:15.0289 6112 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/09/05 17:45:15.0340 6112 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/05 17:45:15.0372 6112 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/05 17:45:15.0432 6112 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/05 17:45:15.0460 6112 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/09/05 17:45:15.0491 6112 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/05 17:45:15.0562 6112 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/05 17:45:15.0611 6112 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/05 17:45:15.0639 6112 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/05 17:45:15.0685 6112 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/05 17:45:15.0707 6112 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/05 17:45:15.0766 6112 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/09/05 17:45:15.0802 6112 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/05 17:45:15.0841 6112 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/09/05 17:45:15.0866 6112 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/09/05 17:45:15.0902 6112 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/09/05 17:45:15.0939 6112 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/09/05 17:45:15.0974 6112 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/09/05 17:45:16.0030 6112 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/09/05 17:45:16.0080 6112 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/05 17:45:16.0114 6112 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/09/05 17:45:16.0163 6112 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/09/05 17:45:16.0197 6112 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/09/05 17:45:16.0227 6112 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/05 17:45:16.0261 6112 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/05 17:45:16.0280 6112 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/05 17:45:16.0348 6112 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/09/05 17:45:16.0392 6112 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/05 17:45:16.0480 6112 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/05 17:45:16.0500 6112 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/09/05 17:45:16.0626 6112 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/09/05 17:45:16.0663 6112 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/09/05 17:45:16.0714 6112 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/05 17:45:16.0770 6112 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/09/05 17:45:16.0802 6112 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/05 17:45:16.0876 6112 ZTEusbmdm6k (3762b4c538b9d710f85042849c20319f) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
2011/09/05 17:45:16.0925 6112 ZTEusbnet (7cc1bb2ca5a01d3ad844e6476b026733) C:\Windows\system32\DRIVERS\ZTEusbnet.sys
2011/09/05 17:45:16.0975 6112 ZTEusbnmea (3762b4c538b9d710f85042849c20319f) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
2011/09/05 17:45:17.0018 6112 ZTEusbser6k (3762b4c538b9d710f85042849c20319f) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
2011/09/05 17:45:17.0134 6112 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/09/05 17:45:17.0163 6112 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR6
2011/09/05 17:45:17.0181 6112 Boot (0x1200) (e6cf87df5a02e7f8fc0e5e5875e82487) \Device\Harddisk0\DR0\Partition0
2011/09/05 17:45:17.0214 6112 Boot (0x1200) (acde18f2173f4f832839f6ddbec29762) \Device\Harddisk0\DR0\Partition1
2011/09/05 17:45:17.0246 6112 Boot (0x1200) (2a44ed6b0bc3e14dede3f24890182137) \Device\Harddisk0\DR0\Partition2
2011/09/05 17:45:17.0259 6112 Boot (0x1200) (9e57dd7663ce0529eaa3e736873e8cd0) \Device\Harddisk6\DR6\Partition0
2011/09/05 17:45:17.0268 6112 ================================================================================
2011/09/05 17:45:17.0268 6112 Scan finished
2011/09/05 17:45:17.0268 6112 ================================================================================
2011/09/05 17:45:17.0284 4288 Detected object count: 0
2011/09/05 17:45:17.0284 4288 Actual detected object count: 0
Bestanden geïnfecteerd:
c:\program files (x86)\HBLite\bin\11.0.264.0\hblitesaax.dll (Adware.Hotbar) -> No action taken.
c:\Users\denni\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\dxdiag.exe (Trojan.Agent) -> No action taken.
c:\Users\denni\AppData\Local\Temp\593A.tmp (Trojan.Agent.SZ) -> No action taken.
c:\Users\denni\AppData\Local\Temp\92C3.tmp (Rootkit.TDSS) -> No action taken.
c:\Users\denni\AppData\Local\Temp\9FFA.tmp (Rootkit.TDSS) -> No action taken.
c:\Users\denni\AppData\Local\Temp\D883.tmp (Trojan.Agent.SZ) -> No action taken.
c:\Users\denni\AppData\Local\Temp\op1zqfknb9d.exe.jpg (Trojan.Agent.SZ) -> No action taken.
c:\Users\denni\AppData\Local\Temp\nsb50D1.tmp\Install.dll (Adware.Seekmo) -> No action taken.
c:\Users\denni\AppData\Local\Temp\nsb50D1.tmp\Setup.dll (Adware.Seekmo) -> No action taken.
c:\Users\denni\AppData\Local\Temp\nsg6D39.tmp\queryexplorer.exe (Adware.QueryExplorer) -> No action taken.
c:\Users\denni\AppData\Local\Temp\nsg6D39.tmp\uninstall.exe (Adware.QueryExplorer) -> No action taken.
c:\Users\denni\local settings\temporary internet files\Content.IE5\92NMSZVF\777.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\denni\local settings\temporary internet files\Content.IE5\QPVQO83W\download.exe (PUP.Casino.Gen) -> No action taken.
c:\Users\denni\local settings\temporary internet files\Content.IE5\TSBFCH7B\nl.exe (Rootkit.0Access.XGen) -> No action taken.
c:\Users\denni\AppData\Local\Temp\opra.bss (Trojan.Agent) -> No action taken.
c:\Users\denni\AppData\Local\Temp\cdky.bss (Malware.Trace) -> No action taken.
c:\Users\denni\AppData\Local\Temp\chro.bss (Malware.Trace) -> No action taken.
c:\Users\denni\AppData\Local\Temp\dial.bss (Malware.Trace) -> No action taken.
c:\Users\denni\AppData\Local\Temp\ffpw.bss (Malware.Trace) -> No action taken.
c:\Users\denni\AppData\Local\Temp\iepw.bss (Malware.Trace) -> No action taken.
c:\Users\denni\AppData\Local\Temp\mail.bss (Malware.Trace) -> No action taken.
c:\Users\denni\AppData\Local\Temp\mess.bss (Malware.Trace) -> No action taken.
c:\Users\denni\AppData\Local\Temp\pspw.bss (Malware.Trace) -> No action taken.
c:\programdata\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> No action taken.
c:\programdata\HBLiteSA\hblitesaabout.mht (Adware.Hotbar) -> No action taken.
c:\programdata\HBLiteSA\hblitesaau.dat (Adware.Hotbar) -> No action taken.
c:\programdata\HBLiteSA\hblitesaeula.mht (Adware.Hotbar) -> No action taken.
c:\programdata\HBLiteSA\hblitesa_kyf.dat (Adware.Hotbar) -> No action taken.
c:\programdata\queryexplorer\queryexplorer117.exe (Adware.QueryExplorer) -> No action taken.
c:\program files (x86)\HBLite\bin\11.0.264.0\firefox\extensions\chrome.manifest (Adware.Hotbar) -> No action taken.
c:\program files (x86)\HBLite\bin\11.0.264.0\firefox\extensions\install.rdf (Adware.Hotbar) -> No action taken.
c:\program files (x86)\HBLite\bin\11.0.264.0\firefox\extensions\plugins\npclntax_hblitesa.dll (Adware.Hotbar) -> No action taken.
c:\program files (x86)\queryexplorer\queryexplorer.exe (Adware.QueryExplorer) -> No action taken.
c:\program files (x86)\queryexplorer\uninstall.exe (Adware.QueryExplorer) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\about hotbar.lnk (Adware.Hotbar) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar customer support center.lnk (Adware.Hotbar) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar uninstall instructions.lnk (Adware.Hotbar) -> No action taken.
c:\program files (x86)\flvtube toolbar\ffmpeg.exe (PUP.Zwangi) -> No action taken.
c:\program files (x86)\flvtube toolbar\flvtubesvc.exe (PUP.Zwangi) -> No action taken.
c:\program files (x86)\flvtube toolbar\flvtubevideotomp3.exe (PUP.Zwangi) -> No action taken.
c:\program files (x86)\flvtube toolbar\ShowMsg.exe (PUP.Zwangi) -> No action taken.
c:\program files (x86)\flvtube toolbar\uninstall.exe (PUP.Zwangi) -> No action taken.
ik hoop dat je hier wat aan hebt.
ik wacht het af
nogmaals ontzettend bedankt voor alle hulp!
Ben

05-09-2011 18:14

Hallo Denise,
Leest dit goed door !!!
Doe Mbam scan opnieuw en lees goed wat hier onder staat
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna “Bekijk Resultaten” om de resultaten te zien.
>>>> Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.<<<<
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
Het logbestand wordt automatisch bewaard door MBAM en je kunt het terugvinden door op de “Logs” tab te klikken in MBAM.
Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
Daarna zal het vragen om de Computer opnieuw op te starten… dus sta toe dat MBAM de computer opnieuw opstart.
Doe hierna de stappen van fazantje nog een keer!!
http://antivirus.startpagina.nl/prikbord/14521260/14521571/re-pro-shield-virus#msg-14521571
Plaats daarna de 3 logjes.
Suc6 Ben
http://2.bp.blogspot.com/_NAn8-ZItaHE/Scq3w6FaicI/AAAAAAAACVY/QqPkGy7EU7U/s320/school69.gif
mamadenise

05-09-2011 21:05

hallo, ik heb het dus nogmaals gedaan, waarom moest dat eigenlijk?
zie hieronder de resultaten
alvast bedankt voor het kijken.
mbam log
alwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Databaseversie: 7656
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
5-9-2011 20:57:00
mbam-log-2011-09-05 (20-57-00).txt
Scantype: Snelle scan
Objecten gescand: 182768
Verstreken tijd: 4 minuut/minuten, 14 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
c:\Users\denni\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\dxdiag.exe (Trojan.Agent) -> Quarantined and deleted successfully.
2011/09/05 21:01:42.0336 1632 TDSS rootkit removing tool 2.5.18.0 Sep 5 2011 09:53:09
2011/09/05 21:01:42.0467 1632 ================================================================================
2011/09/05 21:01:42.0467 1632 SystemInfo:
2011/09/05 21:01:42.0467 1632
2011/09/05 21:01:42.0467 1632 OS Version: 6.1.7600 ServicePack: 0.0
2011/09/05 21:01:42.0467 1632 Product type: Workstation
2011/09/05 21:01:42.0467 1632 ComputerName: DENNI-PC
2011/09/05 21:01:42.0468 1632 UserName: denni
2011/09/05 21:01:42.0468 1632 Windows directory: C:\Windows
2011/09/05 21:01:42.0468 1632 System windows directory: C:\Windows
2011/09/05 21:01:42.0468 1632 Running under WOW64
2011/09/05 21:01:42.0468 1632 Processor architecture: Intel x64
2011/09/05 21:01:42.0468 1632 Number of processors: 2
2011/09/05 21:01:42.0468 1632 Page size: 0x1000
2011/09/05 21:01:42.0468 1632 Boot type: Normal boot
2011/09/05 21:01:42.0468 1632 ================================================================================
2011/09/05 21:01:44.0292 1632 Initialize success
2011/09/05 21:01:47.0951 4760 ================================================================================
2011/09/05 21:01:47.0952 4760 Scan started
2011/09/05 21:01:47.0952 4760 Mode: Manual;
2011/09/05 21:01:47.0952 4760 ================================================================================
2011/09/05 21:01:48.0885 4760 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/09/05 21:01:48.0923 4760 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/09/05 21:01:48.0956 4760 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/09/05 21:01:49.0010 4760 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/05 21:01:49.0047 4760 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/05 21:01:49.0081 4760 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/05 21:01:49.0164 4760 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/09/05 21:01:49.0199 4760 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/09/05 21:01:49.0254 4760 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/09/05 21:01:49.0280 4760 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/09/05 21:01:49.0311 4760 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/05 21:01:49.0333 4760 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/05 21:01:49.0374 4760 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/09/05 21:01:49.0403 4760 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/05 21:01:49.0435 4760 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/09/05 21:01:49.0496 4760 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/09/05 21:01:49.0532 4760 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/09/05 21:01:49.0564 4760 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/05 21:01:49.0614 4760 arusb_lhx (fec1f5da49c4d693ccd1b922b7f3b22f) C:\Windows\system32\DRIVERS\arusb_lhx.sys
2011/09/05 21:01:49.0671 4760 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/05 21:01:49.0710 4760 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/09/05 21:01:49.0823 4760 avgfwfd (705417fd6c165ccf926aca943b478d68) C:\Windows\system32\DRIVERS\avgfwd6a.sys
2011/09/05 21:01:49.0927 4760 Avgldx64 (ef415e445e5376624ed78685ee9647d4) C:\Windows\system32\DRIVERS\avgldx64.sys
2011/09/05 21:01:49.0967 4760 Avgmfx64 (f5ffa3053d26c55edc112e66197eed09) C:\Windows\system32\DRIVERS\avgmfx64.sys
2011/09/05 21:01:50.0031 4760 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/09/05 21:01:50.0109 4760 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
2011/09/05 21:01:50.0170 4760 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/09/05 21:01:50.0204 4760 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/09/05 21:01:50.0268 4760 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/09/05 21:01:50.0316 4760 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/05 21:01:50.0366 4760 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/05 21:01:50.0397 4760 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/05 21:01:50.0415 4760 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/05 21:01:50.0452 4760 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/09/05 21:01:50.0486 4760 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/05 21:01:50.0506 4760 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/05 21:01:50.0529 4760 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/05 21:01:50.0566 4760 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/05 21:01:50.0605 4760 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/05 21:01:50.0667 4760 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/05 21:01:50.0705 4760 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/05 21:01:50.0759 4760 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/09/05 21:01:50.0811 4760 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/05 21:01:50.0841 4760 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/09/05 21:01:50.0879 4760 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/09/05 21:01:50.0913 4760 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/05 21:01:50.0944 4760 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/09/05 21:01:50.0972 4760 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/05 21:01:51.0057 4760 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/09/05 21:01:51.0103 4760 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/09/05 21:01:51.0177 4760 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/09/05 21:01:51.0233 4760 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/09/05 21:01:51.0284 4760 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/05 21:01:51.0365 4760 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/09/05 21:01:51.0486 4760 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/05 21:01:51.0520 4760 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/09/05 21:01:51.0586 4760 ewusbnet (0b8880f8d9a781670557307e2bca6bd6) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/09/05 21:01:51.0614 4760 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/09/05 21:01:51.0647 4760 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/09/05 21:01:51.0685 4760 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/05 21:01:51.0722 4760 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/09/05 21:01:51.0747 4760 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/09/05 21:01:51.0791 4760 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/05 21:01:51.0827 4760 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/09/05 21:01:51.0877 4760 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/09/05 21:01:51.0907 4760 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/05 21:01:51.0939 4760 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/05 21:01:51.0981 4760 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/05 21:01:52.0060 4760 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/05 21:01:52.0103 4760 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/09/05 21:01:52.0153 4760 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/05 21:01:52.0187 4760 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/05 21:01:52.0212 4760 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/05 21:01:52.0244 4760 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/05 21:01:52.0287 4760 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/05 21:01:52.0341 4760 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/09/05 21:01:52.0391 4760 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/09/05 21:01:52.0468 4760 hwdatacard (3e31c1470aba81ba2dcb956f8504c037) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/09/05 21:01:52.0495 4760 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/05 21:01:52.0515 4760 hwusbfake (b45b3647ba32749b94fa689175ec8c26) C:\Windows\system32\DRIVERS\ewusbfake.sys
2011/09/05 21:01:52.0550 4760 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/05 21:01:52.0595 4760 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/09/05 21:01:52.0652 4760 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/05 21:01:52.0730 4760 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
2011/09/05 21:01:52.0775 4760 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/09/05 21:01:52.0812 4760 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/05 21:01:52.0839 4760 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/05 21:01:52.0870 4760 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/09/05 21:01:52.0901 4760 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/09/05 21:01:52.0928 4760 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/09/05 21:01:52.0968 4760 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/09/05 21:01:53.0004 4760 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/05 21:01:53.0064 4760 JSWPSLWF (9d86c5091209ca4bd3762bed6f654501) C:\Windows\system32\DRIVERS\jswpslwfx.sys
2011/09/05 21:01:53.0102 4760 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/05 21:01:53.0141 4760 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/05 21:01:53.0191 4760 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/05 21:01:53.0245 4760 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/05 21:01:53.0283 4760 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/09/05 21:01:53.0359 4760 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/05 21:01:53.0402 4760 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/05 21:01:53.0429 4760 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/05 21:01:53.0456 4760 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/05 21:01:53.0496 4760 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/05 21:01:53.0536 4760 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/09/05 21:01:53.0591 4760 massfilter (035c83cd72e06c47000793d32b1a642d) C:\Windows\system32\DRIVERS\massfilter.sys
2011/09/05 21:01:53.0657 4760 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/05 21:01:53.0690 4760 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/05 21:01:53.0735 4760 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/09/05 21:01:53.0771 4760 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/05 21:01:53.0790 4760 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/05 21:01:53.0834 4760 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/05 21:01:53.0861 4760 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/09/05 21:01:53.0888 4760 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/09/05 21:01:53.0928 4760 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/05 21:01:53.0961 4760 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/05 21:01:54.0020 4760 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/05 21:01:54.0061 4760 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/05 21:01:54.0098 4760 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/05 21:01:54.0129 4760 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/09/05 21:01:54.0155 4760 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/09/05 21:01:54.0203 4760 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/09/05 21:01:54.0231 4760 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/05 21:01:54.0264 4760 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/09/05 21:01:54.0313 4760 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/05 21:01:54.0345 4760 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/05 21:01:54.0365 4760 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/09/05 21:01:54.0400 4760 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/09/05 21:01:54.0438 4760 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/05 21:01:54.0462 4760 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/09/05 21:01:54.0484 4760 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/05 21:01:54.0526 4760 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/09/05 21:01:54.0574 4760 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/05 21:01:54.0619 4760 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/09/05 21:01:54.0645 4760 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/05 21:01:54.0682 4760 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/05 21:01:54.0708 4760 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/05 21:01:54.0742 4760 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/05 21:01:54.0778 4760 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/09/05 21:01:54.0818 4760 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/05 21:01:54.0848 4760 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/05 21:01:54.0915 4760 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/05 21:01:54.0949 4760 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/09/05 21:01:54.0983 4760 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/05 21:01:55.0055 4760 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/09/05 21:01:55.0135 4760 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/09/05 21:01:55.0173 4760 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2011/09/05 21:01:55.0231 4760 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
2011/09/05 21:01:55.0418 4760 nvlddmkm (d7a2cd1d76e6cc996a0852d566af2f73) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/05 21:01:55.0525 4760 NVNET (9c3024e48db4c98e50af7d8b72d0ef89) C:\Windows\system32\DRIVERS\nvmf6264.sys
2011/09/05 21:01:55.0569 4760 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/09/05 21:01:55.0596 4760 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/09/05 21:01:55.0628 4760 nvstor64 (21f5deb068fb75f1b80044212914e3bb) C:\Windows\system32\DRIVERS\nvstor64.sys
2011/09/05 21:01:55.0664 4760 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/09/05 21:01:55.0735 4760 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/05 21:01:55.0802 4760 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/09/05 21:01:55.0829 4760 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/09/05 21:01:55.0864 4760 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/09/05 21:01:55.0896 4760 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/09/05 21:01:55.0922 4760 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/05 21:01:55.0974 4760 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/09/05 21:01:56.0003 4760 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/09/05 21:01:56.0145 4760 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/05 21:01:56.0174 4760 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/09/05 21:01:56.0228 4760 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/05 21:01:56.0279 4760 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/09/05 21:01:56.0336 4760 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/05 21:01:56.0403 4760 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/05 21:01:56.0440 4760 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/05 21:01:56.0467 4760 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/05 21:01:56.0508 4760 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/05 21:01:56.0542 4760 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/05 21:01:56.0580 4760 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/05 21:01:56.0614 4760 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/05 21:01:56.0646 4760 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/05 21:01:56.0674 4760 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/05 21:01:56.0698 4760 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/05 21:01:56.0750 4760 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/05 21:01:56.0774 4760 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/05 21:01:56.0806 4760 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/09/05 21:01:56.0854 4760 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/09/05 21:01:56.0919 4760 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/05 21:01:56.0992 4760 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/09/05 21:01:57.0041 4760 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys
2011/09/05 21:01:57.0072 4760 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/05 21:01:57.0127 4760 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/09/05 21:01:57.0176 4760 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/05 21:01:57.0197 4760 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/09/05 21:01:57.0232 4760 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/05 21:01:57.0289 4760 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/09/05 21:01:57.0314 4760 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/09/05 21:01:57.0340 4760 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/09/05 21:01:57.0369 4760 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/05 21:01:57.0419 4760 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/05 21:01:57.0443 4760 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/05 21:01:57.0485 4760 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/09/05 21:01:57.0523 4760 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/09/05 21:01:57.0600 4760 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/09/05 21:01:57.0651 4760 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/05 21:01:57.0694 4760 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/05 21:01:57.0753 4760 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/05 21:01:57.0793 4760 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/05 21:01:57.0888 4760 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
2011/09/05 21:01:57.0987 4760 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/05 21:01:58.0029 4760 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/05 21:01:58.0066 4760 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/09/05 21:01:58.0095 4760 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/09/05 21:01:58.0126 4760 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/05 21:01:58.0150 4760 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/05 21:01:58.0214 4760 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/05 21:01:58.0250 4760 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/05 21:01:58.0275 4760 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/05 21:01:58.0308 4760 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/05 21:01:58.0377 4760 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/09/05 21:01:58.0411 4760 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/05 21:01:58.0444 4760 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/05 21:01:58.0504 4760 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/05 21:01:58.0530 4760 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/09/05 21:01:58.0562 4760 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/05 21:01:58.0594 4760 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/05 21:01:58.0632 4760 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/05 21:01:58.0660 4760 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/05 21:01:58.0690 4760 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/05 21:01:58.0712 4760 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/05 21:01:58.0754 4760 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/09/05 21:01:58.0799 4760 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/05 21:01:58.0837 4760 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/09/05 21:01:58.0868 4760 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/09/05 21:01:58.0899 4760 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/09/05 21:01:58.0935 4760 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/09/05 21:01:58.0971 4760 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/09/05 21:01:59.0034 4760 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/09/05 21:01:59.0077 4760 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/05 21:01:59.0116 4760 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/09/05 21:01:59.0159 4760 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/09/05 21:01:59.0186 4760 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/09/05 21:01:59.0229 4760 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/05 21:01:59.0265 4760 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/05 21:01:59.0291 4760 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/05 21:01:59.0351 4760 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/09/05 21:01:59.0387 4760 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/05 21:01:59.0476 4760 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/05 21:01:59.0500 4760 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/09/05 21:01:59.0606 4760 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/09/05 21:01:59.0643 4760 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/09/05 21:01:59.0694 4760 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/05 21:01:59.0741 4760 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/09/05 21:01:59.0773 4760 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/05 21:01:59.0839 4760 ZTEusbmdm6k (3762b4c538b9d710f85042849c20319f) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
2011/09/05 21:01:59.0888 4760 ZTEusbnet (7cc1bb2ca5a01d3ad844e6476b026733) C:\Windows\system32\DRIVERS\ZTEusbnet.sys
2011/09/05 21:01:59.0930 4760 ZTEusbnmea (3762b4c538b9d710f85042849c20319f) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
2011/09/05 21:01:59.0981 4760 ZTEusbser6k (3762b4c538b9d710f85042849c20319f) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
2011/09/05 21:02:00.0064 4760 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/09/05 21:02:00.0084 4760 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR6
2011/09/05 21:02:00.0099 4760 Boot (0x1200) (e6cf87df5a02e7f8fc0e5e5875e82487) \Device\Harddisk0\DR0\Partition0
2011/09/05 21:02:00.0119 4760 Boot (0x1200) (acde18f2173f4f832839f6ddbec29762) \Device\Harddisk0\DR0\Partition1
2011/09/05 21:02:00.0150 4760 Boot (0x1200) (2a44ed6b0bc3e14dede3f24890182137) \Device\Harddisk0\DR0\Partition2
2011/09/05 21:02:00.0173 4760 Boot (0x1200) (9e57dd7663ce0529eaa3e736873e8cd0) \Device\Harddisk6\DR6\Partition0
2011/09/05 21:02:00.0183 4760 ================================================================================
2011/09/05 21:02:00.0183 4760 Scan finished
2011/09/05 21:02:00.0183 4760 ================================================================================
2011/09/05 21:02:00.0205 3492 Detected object count: 0
2011/09/05 21:02:00.0205 3492 Actual detected object count: 0
hijackthis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:04:36, on 5-9-2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173608109106p0415x115y44510704
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173608109106p0415x115y44510704/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173608109106p0415x115y44510704
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173608109106p0415x115y44510704
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: FlvTube Toolbar - {851552F5-B878-4b03-904F-2AD6A4CC8994} - “C:\Program Files (x86)\FlvTube Toolbar\flvtubetb.DLL” (file missing)
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files (x86)\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: “C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKLM\..\RunOnce: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: “C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: “C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU\..\Run: “C:\Program Files (x86)\Electronic Arts\EADM\Core.exe” -silent
O4 - HKCU\..\Run: “C:\Program Files (x86)\uTorrent\uTorrent.exe”
O4 - HKCU\..\Run: C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: C:\Porth31.sys\E735495FDDF.exe /q
O4 - HKCU\..\Run: C:\Users\denni\AppData\Roaming\OP1ZQFKNB9D.exe
O4 - HKCU\..\RunOnce: C:\ProgramData\oO19600NbCfA19600\oO19600NbCfA19600.exe
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - Startup: 25dc0fa16da.dat
O4 - Startup: 974f1b16da.dat
O4 - Startup: dxdiag.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe
O4 - Global Startup: Update-agent.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: PokerTime - {9186201E-7EC7-4F19-A4A9-EB468D47B515} - C:\Microgaming\Poker\PokerTimeMPP\MPPoker.exe (HKCU)
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: BecHelperService - Unknown owner - C:\Program Files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlvTube Toolbar Helper - Unknown owner - C:\Program Files (x86)\FlvTube Toolbar\FlvTubeSvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: JSW Hardware Button Service (JSWHwBtn) - Unknown owner - C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\TP-LINK\QSS\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
O23 - Service: Pokernet - Badbeat.com - C:\Users\denni\AppData\Roaming\MyPokerLab\Pokernet\Pokernet Service.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Print Spooler (Spooler32) - Unknown owner - c:\windows\system32\kbdusl32.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 13534 bytes
fazantje

05-09-2011 21:56

Hoi Denise,
Toevallig nu 2x mbam laten draaien en verwijderen, want nu zie ik de andere besmettingen niet meer.
Maar goed, we gaan verder.
Verwijder eerst al die toolbars:
Google Toolbar - FlvTube Toolbar - Vuze Remote Toolbar en het programma Conduit Engine
Start HijackThis, klik op scan en vink de volgende regels aan:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:5555
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: FlvTube Toolbar - {851552F5-B878-4b03-904F-2AD6A4CC8994} - “C:\Program Files (x86)\FlvTube Toolbar\flvtubetb.DLL” (file missing)
O4 - HKCU\..\Run: C:\Porth31.sys\E735495FDDF.exe /q
O4 - HKCU\..\Run: C:\Users\denni\AppData\Roaming\OP1ZQFKNB9D.exe
O4 - HKCU\..\RunOnce: C:\ProgramData\oO19600NbCfA19600\oO19600NbCfA19600.exe
Sluit alle open vensters(behalve HijackThis), klik daarna op Fix checked.
Schakel nu eers jou virusscanner uit, dit doe je door rechts onderin de taakbalk met de rechtermuisknop te klikken op de scanner.
Dan krijg je iets in de vorm van uitschakelen te zien en doe dat!
Download combofix HIER
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,
want Combofix wordt dagelijks geupdate.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Het kan enige tijd duren voordat het logje van combofix komt, dus denk niet van hij is op tilt.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis logje.
En vertel er bij hoe het staat met je problemen.
Succes,
Huib;)
mamadenise

07-09-2011 21:42

hoi hoi.
Het gaat nu wel beter met mijn computer de snelheid is weer terug,me muis werkt ook weer goed. en krijg niet steeds in mijn bureaublad een venster te zien van proshield.
>De logjes vind je hieronder.
Ik had nog wel even een vraag. kwam het doordat avg niet goed meer werkte dat ik al die besmettingen kreeg in computer? AVG gaf het ook al steeds aan dat ik niet volledig beschermt was. Ik heb AVG er nu vanaf gehad en heb nu Avira anti virus.
geeft deze virusscanner bescherming genoeg?
Ik kijk ook vaak films via internet waar wel veel spyware in zit, maar kan ik met een goede bescherming wel nog films en series kijken of raden jullie dat af? en al die applicaties die ik heb moeten downloaden zoals malware en hijackthis moet ik die gewoon op mijn computer laten staan voor extra bescherming?
MVG denise
ComboFix 11-09-07.04 - denni 07-09-2011 21:24:45.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.3839.2417
Gestart vanuit: c:\users\denni\Documents\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\denni\AppData\Roaming\.#
c:\users\denni\AppData\Roaming\.#\MBX@1040@2002790.###
c:\users\denni\AppData\Roaming\.#\MBX@1040@20027C0.###
c:\users\denni\AppData\Roaming\.#\MBX@1078@3B2790.###
c:\users\denni\AppData\Roaming\.#\MBX@1078@3B27C0.###
c:\users\denni\AppData\Roaming\.#\MBX@10C8@342790.###
c:\users\denni\AppData\Roaming\.#\MBX@10C8@3427C0.###
c:\users\denni\AppData\Roaming\.#\MBX@118C@2E2790.###
c:\users\denni\AppData\Roaming\.#\MBX@118C@2E27C0.###
c:\users\denni\AppData\Roaming\.#\MBX@11E4@1E82790.###
c:\users\denni\AppData\Roaming\.#\MBX@11E4@1E827C0.###
c:\users\denni\AppData\Roaming\.#\MBX@12D4@3F2790.###
c:\users\denni\AppData\Roaming\.#\MBX@12D4@3F27C0.###
c:\users\denni\AppData\Roaming\.#\MBX@1314@2142790.###
c:\users\denni\AppData\Roaming\.#\MBX@1314@21427C0.###
c:\users\denni\AppData\Roaming\.#\MBX@13B4@6B2790.###
c:\users\denni\AppData\Roaming\.#\MBX@13B4@6B27C0.###
c:\users\denni\AppData\Roaming\.#\MBX@31C@2F2790.###
c:\users\denni\AppData\Roaming\.#\MBX@31C@2F27C0.###
c:\users\denni\AppData\Roaming\.#\MBX@38C@3E2790.###
c:\users\denni\AppData\Roaming\.#\MBX@38C@3E27C0.###
c:\users\denni\AppData\Roaming\.#\MBX@5F0@2062790.###
c:\users\denni\AppData\Roaming\.#\MBX@5F0@20627C0.###
c:\users\denni\AppData\Roaming\.#\MBX@6DC@302790.###
c:\users\denni\AppData\Roaming\.#\MBX@6DC@3027C0.###
c:\users\denni\AppData\Roaming\.#\MBX@6E0@392790.###
c:\users\denni\AppData\Roaming\.#\MBX@6E0@3927C0.###
c:\users\denni\AppData\Roaming\.#\MBX@6F4@372790.###
c:\users\denni\AppData\Roaming\.#\MBX@6F4@3727C0.###
c:\users\denni\AppData\Roaming\.#\MBX@C84@1EB2790.###
c:\users\denni\AppData\Roaming\.#\MBX@C84@1EB27C0.###
c:\users\denni\AppData\Roaming\.#\MBX@DE0@2C2790.###
c:\users\denni\AppData\Roaming\.#\MBX@DE0@2C27C0.###
c:\users\denni\AppData\Roaming\.#\MBX@F04@1C2790.###
c:\users\denni\AppData\Roaming\.#\MBX@F04@1C27C0.###
c:\users\denni\AppData\Roaming\.#\MBX@FD0@2072790.###
c:\users\denni\AppData\Roaming\.#\MBX@FD0@20727C0.###
c:\users\denni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe
c:\users\denni\Documents\1465.rtf
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-08-07 to 2011-09-07 ))))))))))))))))))))))))))))))
.
.
2011-09-07 19:29 . 2011-09-07 19:29 ——– d—–w- c:\users\Default\AppData\Local\temp
2011-09-05 15:48 . 2011-09-05 15:48 388096 —-a-r- c:\users\denni\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-05 15:24 . 2011-07-06 17:52 41272 —-a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-05 15:24 . 2011-07-06 17:52 25912 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-09-05 15:21 . 2011-07-09 05:14 2048 —-a-w- c:\windows\system32\tzres.dll
2011-09-05 15:21 . 2011-07-09 04:30 2048 —-a-w- c:\windows\SysWow64\tzres.dll
2011-09-05 11:56 . 2011-09-05 11:56 ——– d—–w- c:\program files (x86)\Trend Micro
2011-09-05 11:53 . 2011-09-05 11:53 ——– d—–w- c:\users\denni\AppData\Roaming\Malwarebytes
2011-09-05 11:53 . 2011-09-05 11:53 ——– d—–w- c:\programdata\Malwarebytes
2011-09-05 11:53 . 2011-09-05 15:24 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-05 10:46 . 2011-09-05 11:09 ——– d—–w- C:\sh4ldr
2011-09-05 10:46 . 2011-09-05 10:46 ——– d—–w- c:\program files\Enigma Software Group
2011-09-05 10:41 . 2011-09-05 10:41 ——– d—–w- c:\users\denni\AppData\Roaming\Avira
2011-09-05 10:11 . 2011-09-05 15:13 ——– d—–w- c:\programdata\oO19600NbCfA19600
2011-09-04 20:31 . 2011-09-05 15:25 123784 —-a-w- c:\windows\system32\drivers\avipbb.sys
2011-09-04 20:31 . 2011-09-05 15:25 88288 —-a-w- c:\windows\system32\drivers\avgntflt.sys
2011-09-04 20:31 . 2011-09-04 20:31 ——– d—–w- c:\programdata\Avira
2011-09-04 20:31 . 2011-09-04 20:31 ——– d—–w- c:\program files (x86)\Avira
2011-09-04 19:35 . 2011-09-04 19:35 ——– d—–w- c:\users\denni\AppData\Roaming\Babylon
2011-09-04 19:35 . 2011-09-04 19:35 ——– d—–w- c:\users\denni\AppData\Local\Babylon
2011-09-04 19:35 . 2011-09-04 19:35 ——– d—–w- c:\programdata\Babylon
2011-09-04 12:56 . 2011-09-05 05:13 ——– d—–w- c:\programdata\aB19600AeCmM19600
2011-09-02 12:47 . 2011-09-02 12:47 ——– d—–w- C:\Poker
2011-08-23 13:23 . 2011-09-05 05:13 ——– d—–w- c:\users\denni\AppData\Roaming\Skype
2011-08-23 13:23 . 2011-08-23 13:23 ——– d—–r- c:\program files (x86)\Skype
2011-08-23 13:22 . 2011-08-23 13:23 ——– d—–w- c:\programdata\Skype
2011-08-15 19:10 . 2011-08-15 19:10 ——– d—–w- c:\windows\Sun
2011-08-14 11:16 . 2011-09-05 06:23 ——– d—–w- c:\program files (x86)\PowerISO
2011-08-14 11:16 . 2011-06-15 08:30 93240 —-a-w- c:\windows\system32\drivers\scdemu.sys
2011-08-14 11:10 . 2011-09-05 06:21 ——– d—–w- c:\program files (x86)\Raptr
2011-08-14 11:10 . 2011-08-14 11:15 ——– d—–w- c:\users\denni\AppData\Roaming\Raptr
2011-08-14 11:09 . 2011-09-05 06:23 ——– d—–w- c:\users\denni\AppData\Roaming\Azureus
2011-08-14 11:09 . 2011-09-05 06:21 ——– d—–w- c:\program files (x86)\Vuze
2011-08-14 11:09 . 2011-09-07 18:56 ——– d—–w- c:\users\denni\AppData\Local\Conduit
2011-08-13 21:17 . 2011-08-13 21:17 ——– d—–w- c:\users\denni\AppData\Roaming\Microgaming
2011-08-13 21:16 . 2011-08-13 21:17 ——– d—–w- c:\programdata\Pokernet
2011-08-13 21:16 . 2011-09-05 06:22 ——– d—–w- c:\users\denni\AppData\Roaming\MyPokerLab
2011-08-13 21:13 . 2011-09-05 06:21 ——– d—–w- C:\Microgaming
2011-08-13 21:13 . 2011-08-13 21:13 ——– d—–w- c:\programdata\MGS
2011-08-12 11:22 . 2011-09-05 06:22 ——– d—–w- c:\windows\system32\SPReview
2011-08-12 11:22 . 2011-09-05 06:22 ——– d—–w- c:\windows\system32\EventProviders
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 04:32 . 2011-08-12 10:49 44032 —-a-w- c:\windows\apppatch\acwow64.dll
2011-06-11 02:56 . 2011-07-31 21:22 3134464 —-a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“msnmsgr”=“c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe”
“EA Core”=“c:\program files (x86)\Electronic Arts\EADM\Core.exe”
“uTorrent”=“c:\program files (x86)\uTorrent\uTorrent.exe”
“OM_Monitor”=“c:\program files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe”
.
“Adobe Reader Speed Launcher”=“c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“jswtrayutil”=“c:\program files (x86)\TP-LINK\QSS\jswtrayutil.exe”
“QuickTime Task”=“c:\program files (x86)\QuickTime\qttask.exe”
“SunJavaUpdateSched”=“c:\program files (x86)\Java\jre6\bin\jusched.exe”
“OM_Monitor”=“c:\program files (x86)\OLYMPUS\OLYMPUS Master\FirstStart.exe”
“PWRISOVM.EXE”=“c:\program files (x86)\PowerISO\PWRISOVM.EXE”
“avgnt”=“c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe”
.
c:\users\denni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
25dc0fa16da.dat
974f1b16da.dat
LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Update-agent.lnk - c:\program files (x86)\KPN\Mobiel Internet Software\AutoUpdateSrv.exe
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
“mixer”=wdmaud.drv
.
R2 Spooler32;Print Spooler ;c:\windows\system32\kbdusl32.exe
R3 arusb_lhx;TP-LINK TL-WN821N 11N Wireless device driver;c:\windows\system32\DRIVERS\arusb_lhx.sys
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\TP-LINK\QSS\jswpsapi.exe
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
S2 BecHelperService;BecHelperService;c:\program files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe
S2 JSWHwBtn;JSW Hardware Button Service;c:\program files (x86)\TP-LINK\QSS\HwBtnSvc.exe
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
S2 Pokernet;Pokernet;c:\users\denni\AppData\Roaming\MyPokerLab\Pokernet\Pokernet Service.exe
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys
.
.
.
——— x86-64 ———–
.
.
“RtHDVCpl”=“c:\program files\Realtek\Audio\HDA\RAVCpl64.exe”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
.
“LoadAppInit_DLLs”=0x0
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173608109106p0415x115y44510704
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173608109106p0415x115y44510704
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-Movin' and Groovin' - c:\program files (x86)\Common Files\Polka Dot\Uninstall\BoohBahMMUn.exe
.
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
“datasecu”=hex:a2,68,8e,df,88,38,ec,33,68,c7,ff,81,be,a1,c9,c9,1a,06,48,50,ea,
70,ff,04,6f,36,35,87,6a,d1,3b,93,6c,85,a6,e8,d5,a3,41,65,c1,99,3f,78,56,48,\
“rkeysecu”=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.10”
.
@=“c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker3”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\KPN\Mobiel Internet Software\LoggerServer.exe
c:\program files (x86)\TP-LINK\QSS\HwBtnDetector.exe
.
**************************************************************************
.
Voltooingstijd: 2011-09-07 21:34:21 - machine werd herstart
ComboFix-quarantined-files.txt 2011-09-07 19:34
.
Pre-Run: 123.102.339.072 bytes beschikbaar
Post-Run: 124.395.540.480 bytes beschikbaar
.
- - End Of File - - D93EFCB275F8DF9951F9533A82CC23AE
hijack this
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:42:18, on 7-9-2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\LimeWire\LimeWire.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173608109106p0415x115y44510704
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173608109106p0415x115y44510704
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files (x86)\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: “C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKCU\..\Run: “C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU\..\Run: “C:\Program Files (x86)\Electronic Arts\EADM\Core.exe” -silent
O4 - HKCU\..\Run: “C:\Program Files (x86)\uTorrent\uTorrent.exe”
O4 - HKCU\..\Run: C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - Startup: 25dc0fa16da.dat
O4 - Startup: 974f1b16da.dat
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe
O4 - Global Startup: Update-agent.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: PokerTime - {9186201E-7EC7-4F19-A4A9-EB468D47B515} - C:\Microgaming\Poker\PokerTimeMPP\MPPoker.exe (HKCU)
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BecHelperService - Unknown owner - C:\Program Files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: JSW Hardware Button Service (JSWHwBtn) - Unknown owner - C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\TP-LINK\QSS\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
O23 - Service: Pokernet - Badbeat.com - C:\Users\denni\AppData\Roaming\MyPokerLab\Pokernet\Pokernet Service.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Print Spooler (Spooler32) - Unknown owner - c:\windows\system32\kbdusl32.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 9902 bytes
gr
fazantje

07-09-2011 21:56

Hoi Denise,
Je schreef o.a.:
>>>Ik had nog wel even een vraag. kwam het doordat avg niet goed meer werkte dat ik al die besmettingen kreeg in computer?<<<
Wat dacht je van een omgekeerde werking:S;)
Doordat je een besmetting had is avg of uitgeschakeld of werkte niet goed meer.
Op de andere vragen krij je straks antwoord.
De logjes worden nog bekeken.
Groetjes Huib;)
mamadenise

07-09-2011 22:02

haha oke is goed.x
fazantje

07-09-2011 22:43

Hoi Denise,
Start HijackThis, klik op scan en vink de volgende regels aan:
O4 - Startup: 25dc0fa16da.dat
O4 - Startup: 974f1b16da.dat
O4 - HKCU\..\RunOnce: C:\ProgramData\oO19600NbCfA19600\oO19600NbCfA19600.exe
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
Sluit alle open vensters(behalve HijackThis), klik daarna op Fix checked.
Lukt dit niet, dan in veilige modus uitvoeren, daarna weer in normale modus starten.
Laat nu Ccleaner draaien en wel in de standaard versie.
Alles wat ie vind laten verwijderen.
Eerst de cleaner en daarna het register
Let wel op bij het installeren van Ccleaner dat je het vinkje weg haalt bij google chrome, anders krijg je deze er gratis erbij:(
Leeg ook jou prullenbak en verwijder alle systeemherstelpunten.
Dit doe je als volgt:
Ga naar Start>Configuratiescherm>Systeem >Systeembeveiliging> schakel nu systeemherstel uit door de gewenste schijf te selecteren en op “configureren” te klikken.
Klik nu op “verwijderen” om alle herstelpunten te verwijderen.
Klik op “Toepassen” en “OK”.
Herstart nu de PC.
Plaats daarna een nieuw HijackThis logje.
Nu antwoorden op jou vragen:
>>>heb nu Avira anti virus.
geeft deze virusscanner bescherming genoeg? <<<
Iedere scanner laat wel eens steekjes vallen, maar AVG maakt het de laatste tijd wel erg bont.
>>>Ik kijk ook vaak films via internet waar wel veel spyware in zit, maar kan ik met een goede bescherming wel nog films en series kijken of raden jullie dat af? <<<
Je zegt het zelf al, films waar veel spyware in zit. Dus niet doen!
Er zijn genoeg andere mogelijkheden op films te kijken.
Ook zag ik dat je limewire hebt, zoek hier zekers geen films mee, dat is direct vragen om problemen.
>>>en al die applicaties die ik heb moeten downloaden zoals malware en hijackthis moet ik die gewoon op mijn computer laten staan voor extra bescherming? <<<
TDSS en combo verwijderen.
Verwijder Combofix volg de onderstaande instructies.
Ga naar Start - Uitvoeren
Kopieer en plak: Combofix /Uninstall in de startzoekbalk.
Druk ENTER daarna op OK.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.
Verander nu al jou wachtwoorden.
MBAM mag je gewoon laten staan, deze 1x in de week updaten en een snelle scan mee uitvoeren.
Ook zou ik Spyware blaster op de computer nemen.
1x in de week updaten en daarna op “enable all protection” klikken en klaar is Denise;)
Heel verhaal, maar werk het rustig van boven af aan weg.
Succes,
Huib;)

PRO SHIELD VIRUS

mamadenise

fazantje

mamadenise

Ben

mamadenise

fazantje

mamadenise

fazantje

mamadenise

fazantje