Prosper
-
Items
15 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door Prosper
-
ik had juist begrepen dat er voor renderen voornamelijk de CPU en ram geheugen erg belangrijk zijn. Ook de videokaart maar die wordt meer aangesproken bij het maken van de 3d modellen dan bij het renderen? Of heb ik het nu fout?
-
Hi, Ik ben bezig met het samenstellen van een nieuwe pc voor een vriend die deze puur gaat gebruiken om zeer lange render opdrachten uit te voeren (5 dagen non stop) en heeft nu vastlopers (vanwege slechte behuizing en weinig airflow o.a.). Hij werkt met Artlantis 3. Nu is het probleem dat artlantis alleen op 32-bit werkt, maar zag gisteren op hun site dat er een beta versie is voor een 64 bit versie. Voor renderen is het erg belangrijk om veel geheugen te hebben dus dat gaat voor een 32 bit al moeilijk. Heeft iemand hier ervaring mee? Ik heb het volgende systeem samengesteld en zou graag jullie mening willen weten of verbeter punten. Processor Intel i7 2600 € 254,00 Proc. Fan Scythe*Mugen 2 Rev. B € 34,00 Geheugen Corsair XMS3 8GB DDR3-1333 CL9 kit € 95,00 SSD OCZ*Vertex 2 Extended 60GB € 102,00 HDD Samsung*Spinpoint F3 1TB € 48,00 VideoKaart ASUS ENGTX460 DirectCU/2DI/1GD5 € 160,00 Behuizing Antec 300 € 50,00 MOBO MSI*P67A-GD65 € 148,00 Voeding Cooler Master Real Power M620 € 95,00 Besturingsyst Windows 7 Home Premium 64 Bit € 90,00 € 1.076,00 Is dit een beetje in orde of moet ik iets aanpassen? En ik kom er niet echt uit met de videokaart. Hij gaat er dus niet mee gamen maar echt puur renderen. Is dit dan de beste optie of ...? En wellicht 16 GB ipv 8 GB geheugen? Alvast bedankt!
-
Geen internettoegang XP maar wel vol bereik
Prosper reageerde op Prosper's topic in Archief Internet & Netwerk
Ik zit nu niet achter de laptop... Ik heb met een andere laptop gebprobeerd op de router te komen via 192.168.1.1 maar dat lukte niet. Ik ben dinsdag weer op locatie van de laptop en neem dan ook een ethernet kabel mee om direct aan te sluiten op het modem. Ik zal dan laten weten wat ik allemaal voor info heb. Gr -
Geen internettoegang XP maar wel vol bereik
Prosper plaatste een topic in Archief Internet & Netwerk
Hi, Ik zit hier met een probleem, via een pc met XP wil ik verbinding maken met het netwerk (we gaan er van uit dat ik de goede netwerk sleutel heb gekregen). Nu zie ik het netwerk wel maar kan er geen connectie mee krijgen.. Wat is raadzaam om te doen? Er staat een speedtouch (met antenne) dus lijkt me router? Heb niet veel verstand van netwerken.. -
Sorry voor de late reactie, heb even niet meer achter deze computer gezeten. Wilde je nog heel erg bedanken voor je hulp..! Groet, Prosper
-
Hmm volgens mij is het gelukt ik doe nu ook even een malware scan, post ik hierna... Logfile of The Avenger Version 2.0, © by Swandog46 Swandog46's Public Anti-Malware Tools Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Driver "kacbn" disabled successfully. Driver "kacbn" deleted successfully. File "C:\Windows\system32\Drivers\kacbn.sys" deleted successfully. Completed script processing. ******************* Finished! Terminate. ---------- Post toegevoegd om 05:50 ---------- Vorige post was om 05:43 ---------- ik had wel een bsod trouwens.... maar geen rootkit Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4809 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 15-10-2010 7:47:36 mbam-log-2010-10-15 (07-47-36).txt Scantype: Snelle scan Objecten gescand: 142068 Verstreken tijd: 2 minuut/minuten, 47 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) wat houdt een rootkit eingelijk in? Heel erg bedankt voor al je hulp en snelle reacties!!
-
Logfile of The Avenger Version 2.0, © by Swandog46 Swandog46's Public Anti-Malware Tools Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: could not open file "C:\Windows\system32\Drivers\kacbn.sys" Deletion of file "C:\Windows\system32\Drivers\kacbn.sys" failed! Status: 0xc0000001 (STATUS_UNSUCCESSFUL) Completed script processing. ******************* Finished! Terminate.
-
Heb nu 2 keer een BSOD gekregen na het runnen van GMER, maar wel log op kunnen slaan: GMER 1.0.15.15315 - GMER - Rootkit Detector and Remover Rootkit scan 2010-10-14 17:01:10 Windows 6.0.6002 Service Pack 2 Running: gmer.exe; Driver: C:\Users\Prosper\AppData\Local\Temp\fwryipog.sys ---- Kernel code sections - GMER 1.0.15 ---- ? System32\Drivers\kacbn.sys Een apparaat dat op het systeem is aangesloten, werkt niet. ! ---- User code sections - GMER 1.0.15 ---- ? C:\Windows\System32\svchost.exe[3840] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: OLEAUT32.dll ? C:\Windows\System32\svchost.exe[4056] image checksum mismatch; time/date stamp mismatch; ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapSetInformation] 01A6B6E9 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 5409E800 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CreateActCtxW] 68500000 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ReleaseActCtx] 0F6DEAD8 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 00113EE8 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrlenW] F8BD8D00 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] E81394A3 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedExchange] 00000C58 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 59756668 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 04C76661 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetModuleHandleA] 838FFE24 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 66F9FFC6 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetTickCount] 0CE1BA0F IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 85C330F5 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 12CEE9FE IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 60F90000 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!TerminateProcess] F902ED83 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 000634E9 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 24648D00 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 8F8E0F28 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExitProcess] 9C00005E IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetProcessAffinityUpdateMode] 2474FF60 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 042444C6 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 8D9C9C92 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapFree] 000053DA IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 005BE7E9 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalFree] 514EE900 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CloseHandle] 35E90000 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 9C0001AD IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 892434FF IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6604247C IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 0C89CF0F IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!Sleep] A0B98D24 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcAddress] F7B8C753 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DeactivateActCtx] 24BC8DD7 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] BA86FAAB IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetLastError] BA0F669C IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ActivateActCtx] 879C0AFF IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 0F66F8B6 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 01F7BA0F IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__commode] 5F73E52C IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_adjust_fdiv] CFD3E1F2 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__setusermatherr] FF896652 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_amsg_exit] 35FF6056 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_initterm] [004011C5] C:\Windows\System32\svchost.exe (Hostproces voor Windows-services/Microsoft Corporation) IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!exit] 1C24448F IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__fmode] 005638E9 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_exit] F6F5F800 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!memcpy] C4F766D2 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!memset] ED831B48 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__set_app_type] FCEC8302 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!?terminate@@YAXXZ] 54A0800F IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_except_handler4_common] D0200000 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_controlfp] 04C69C60 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_cexit] 81E85024 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__wgetmainargs] 9C00000D IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_XcptFilter] 2824448F IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 00458F2C IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 2489669C IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 648D5124 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 37E93824 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] E8000053 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 0000510A IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] C450E9D5 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegDisablePredefinedCacheEx] 74FF0001 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 5318E934 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 8B660000 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 56B1E900 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 7E270000 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] C421E9B1 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] C3300001 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 16F4E900 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 33E90000 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlCopySid] 9C000056 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] E9986054 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 00000FD4 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 24048954 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 24648D60 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 578F0F20 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSetProcessIsCritical] 60000010 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 1C247C89 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeCriticalSection] 59E96056 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 000002A7 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 66CE0F9C IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 66CCA30F IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] D6F7C5D3 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 00090AE8 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 242C8700 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] EAB60F66 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 4AE8F960 IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] D0000014 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapSetInformation] 51EC8B55 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 1845DB51 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CreateActCtxW] F855DD56 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ReleaseActCtx] E8084DDC IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 000004D2 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrlenW] FF184589 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 40515C15 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedExchange] F845DD00 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B104DDC IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 1865DAF0 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetModuleHandleA] 0004B9E8 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 8BC88B00 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetTickCount] F74199C6 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] C28B5EF9 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] C9184503 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 5C15FFC3 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 8B004051 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 2B08244C IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 9904244C IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 8BF9F741 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExitProcess] 244403C2 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetProcessAffinityUpdateMode] FF56C304 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 244C8B00 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 748D9908 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapFree] 2BC28B5E IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 244403C1 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalFree] 15FFC308 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CloseHandle] [0040515C] C:\Windows\System32\svchost.exe (Hostproces voor Windows-services/Microsoft Corporation) IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 04244C8B IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] F9F74199 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] FFC3C28B IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 40515C15 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!Sleep] 646A9900 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 33F9F759 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DeactivateActCtx] 24543BC0 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] C09C0F04 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetLastError] EC8B55C3 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ActivateActCtx] 0204EC81 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 00000100 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 8B590040 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__commode] 8D500000 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_adjust_fdiv] FFFEFC8D IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__setusermatherr] C93351FF IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_amsg_exit] 558D5151 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_initterm] 8D5052FC IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!exit] FFFDFC85 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__fmode] FF5150FF IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_exit] 40504415 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!memcpy] 56216A00 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!memset] FFFC75FF IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__set_app_type] 40515815 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!?terminate@@YAXXZ] 0CC48300 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_except_handler4_common] C01BD8F7 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_controlfp] C95EC623 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_cexit] EC8B55C3 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__wgetmainargs] 458B5151 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_XcptFilter] 33565308 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 33FC7589 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01518DFF IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 8441198A IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 2BF975DB IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 802974CA IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 7420063C IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [75FF850A] C:\Windows\system32\kernel32.dll (DLL-bestand voor Windows NT BASE API-client/Microsoft Corporation) IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegDisablePredefinedCacheEx] 45FF470C IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 8A01518D IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] DB844119 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] CA2BF975 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] D772F13B IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 5FFC458B IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] C3C95B5E IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 56530CEC IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 68F63357 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlCopySid] 00000400 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] FFF87589 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 40515415 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 085D8B00 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeSid] C38BF88B IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] FC758959 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSetProcessIsCritical] 8D0007C6 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 108A0148 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeCriticalSection] [75D28440] C:\Windows\system32\USER32.dll (DLL-bestand voor Windows USER API-client (meerdere gebruikers)/Microsoft Corporation) IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 1E048D66 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 74203880 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] FC7D8328 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] FF0A7500 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 45C7F845 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 000001FC IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 0C4D8B00 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] F84D3941 IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 016A3275 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 87592630 ---- Services - GMER 1.0.15 ---- Service (*** hidden *** ) [bOOT] kacbn <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd508808 Reg HKLM\SYSTEM\CurrentControlSet\Services\kacbn@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\kacbn@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\kacbn@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\kacbn@Group Boot Bus Extender Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0x1F 0x81 0x75 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB4 0x69 0x2C 0x7D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3A 0x75 0x93 0x61 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCF 0xDA 0x90 0x29 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC1 0xF5 0x2A 0x4A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x83 0x42 0x91 0x40 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE5 0xD0 0x72 0x59 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x07 0x3E 0x0A 0xD9 ... Reg HKLM\SYSTEM\ControlSet002\Services\kacbn@Type 1 Reg HKLM\SYSTEM\ControlSet002\Services\kacbn@Start 0 Reg HKLM\SYSTEM\ControlSet002\Services\kacbn@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\kacbn@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0x1F 0x81 0x75 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB4 0x69 0x2C 0x7D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3A 0x75 0x93 0x61 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCF 0xDA 0x90 0x29 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC1 0xF5 0x2A 0x4A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x83 0x42 0x91 0x40 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE5 0xD0 0x72 0x59 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x07 0x3E 0x0A 0xD9 ... Reg HKLM\SYSTEM\ControlSet003\Services\kacbn@Type 1 Reg HKLM\SYSTEM\ControlSet003\Services\kacbn@Start 0 Reg HKLM\SYSTEM\ControlSet003\Services\kacbn@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\kacbn@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0x1F 0x81 0x75 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB4 0x69 0x2C 0x7D ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3A 0x75 0x93 0x61 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCF 0xDA 0x90 0x29 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC1 0xF5 0x2A 0x4A ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x83 0x42 0x91 0x40 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE5 0xD0 0x72 0x59 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x07 0x3E 0x0A 0xD9 ... Reg HKLM\SYSTEM\ControlSet004\Services\kacbn@Type 1 Reg HKLM\SYSTEM\ControlSet004\Services\kacbn@Start 0 Reg HKLM\SYSTEM\ControlSet004\Services\kacbn@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet004\Services\kacbn@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0x1F 0x81 0x75 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB4 0x69 0x2C 0x7D ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3A 0x75 0x93 0x61 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCF 0xDA 0x90 0x29 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC1 0xF5 0x2A 0x4A ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x83 0x42 0x91 0x40 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE5 0xD0 0x72 0x59 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x07 0x3E 0x0A 0xD9 ... Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\0009dd508808 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\kacbn@Type 1 Reg HKLM\SYSTEM\ControlSet005\Services\kacbn@Start 0 Reg HKLM\SYSTEM\ControlSet005\Services\kacbn@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet005\Services\kacbn@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0x1F 0x81 0x75 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB4 0x69 0x2C 0x7D ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3A 0x75 0x93 0x61 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCF 0xDA 0x90 0x29 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC1 0xF5 0x2A 0x4A ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x83 0x42 0x91 0x40 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE5 0xD0 0x72 0x59 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x07 0x3E 0x0A 0xD9 ... ---- EOF - GMER 1.0.15 ----
-
Sorry niet hijackthis maar malwarebytes: Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4809 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 14-10-2010 15:29:51 mbam-log-2010-10-14 (15-29-51).txt Scantype: Snelle scan Objecten gescand: 141813 Verstreken tijd: 2 minuut/minuten, 56 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: C:\Windows\system32\Drivers\kacbn.sys (Rootkit.Agent) -> Quarantined and deleted successfully. Hij blijft de hele tijd die ene rootkit.agent vinden....
-
Hier de log van combofix: ComboFix 10-10-12.03 - Prosper 14-10-2010 14:36:52.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3326.2262 [GMT 2:00] Gestart vanuit: c:\users\Prosper\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Prosper\Desktop\CFScript.txt SP: Avira Premium Security Suite *disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6} SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "c:\windows\system32\drivers\bkrbhuxg.sys" "c:\windows\system32\drivers\sdpiosys.sys" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SDPIOSYS -------\Service_bkrbhuxg -------\Service_sdpiosys (((((((((((((((((((( Bestanden Gemaakt van 2010-09-14 to 2010-10-14 )))))))))))))))))))))))))))))) . 2010-10-14 12:44 . 2010-10-14 12:47 -------- d-----w- c:\users\Prosper\AppData\Local\temp 2010-10-13 08:19 . 2010-10-13 08:19 -------- d-----w- c:\users\Prosper\AppData\Roaming\Malwarebytes 2010-10-13 08:19 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-13 08:19 . 2010-10-13 08:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-13 08:19 . 2010-10-13 08:19 -------- d-----w- c:\programdata\Malwarebytes 2010-10-13 08:19 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-12 21:54 . 2010-10-12 22:05 -------- d-----w- c:\windows\system32\MpEngineStore 2010-10-12 18:50 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll 2010-10-12 18:49 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll 2010-10-12 18:49 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2010-10-12 18:49 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2010-10-12 18:48 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll 2010-10-12 18:48 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll 2010-10-12 18:48 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys 2010-10-12 18:48 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-10-12 18:48 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-10-12 18:48 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll 2010-10-12 18:48 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll 2010-10-12 18:48 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe 2010-10-12 18:47 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll 2010-10-12 18:46 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll 2010-10-12 18:46 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll 2010-10-12 18:45 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys 2010-10-12 18:44 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll 2010-10-12 17:08 . 2010-10-12 17:08 145920 ---ha-w- c:\windows\system32\mspnp3eef.exe 2010-10-12 16:36 . 2010-10-12 16:36 -------- d-----w- c:\users\Prosper\AppData\Roaming\GlarySoft 2010-10-12 16:31 . 2010-10-12 16:31 -------- d-----w- c:\program files\Glary Utilities 2010-10-12 13:54 . 2010-09-16 08:24 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D26C77EB-CF96-42F1-83FA-6FB63F4ABB28}\mpengine.dll 2010-10-12 13:47 . 2010-10-12 13:50 -------- d-----w- c:\users\Prosper\AppData\Roaming\TeamViewer 2010-10-12 13:46 . 2010-10-12 13:46 -------- d-----w- c:\program files\TeamViewer 2010-10-10 21:45 . 2010-10-10 21:52 -------- d-----w- c:\users\Prosper\AppData\Roaming\3A673671CD938D1934A3A954903144C7 2010-09-29 13:15 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll 2010-09-29 12:50 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2010-09-22 16:55 . 2010-09-22 16:55 -------- d-----w- c:\windows\system32\xlive 2010-09-22 16:55 . 2010-09-22 16:55 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE 2010-09-21 07:15 . 2010-09-21 07:15 -------- d-----w- c:\program files\Common Files\Apple 2010-09-21 07:15 . 2010-09-21 07:15 -------- d-----w- c:\program files\Apple Software Update 2010-09-16 09:47 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll 2010-09-16 09:47 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe 2010-09-16 09:47 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL 2010-09-16 09:47 . 2010-08-17 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2010-09-16 09:46 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon] @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}" [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}] 2010-05-14 13:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon] @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}" [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}] 2010-05-14 13:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Google Update"="c:\users\Prosper\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-19 135664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440] "M-Audio Taskbar Icon"="c:\windows\system32\DeltaIITray.exe" [2009-07-27 236040] "PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-12-19 20:02 135664 ----atw- c:\users\Prosper\AppData\Local\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1597884737-3636102522-79069050-1000] "EnableNotificationsRef"=dword:00000002 R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R2 MSPnPService;MS PnP Service;c:\windows\system32\mspnp3eef.exe [2010-10-12 145920] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-04-09 7680] R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x] R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-04-09 110592] R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-04-09 105344] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-06 691696] S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-05-04 125960] S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448] S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-05-27 141384] S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-04-30 99336] S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111112] S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-05-12 111176] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-16 240232] S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-06 2002728] S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\MAudioDelta.sys [2009-07-27 302472] S3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-03-12 286208] --- Andere Services/Drivers In Geheugen --- *Deregistered* - kacbn [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache bthsvcs REG_MULTI_SZ BthServ . Inhoud van de 'Gedeelde Taken' map 2010-10-14 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2010-10-12 09:14] 2010-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1597884737-3636102522-79069050-1000Core.job - c:\users\Prosper\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 20:02] 2010-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1597884737-3636102522-79069050-1000UA.job - c:\users\Prosper\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 20:02] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab . - - - - ORPHANS VERWIJDERD - - - - HKU-Default-Run-msdrm - msdrm.exe MSConfigStartUp-Adobe products updater - c:\users\Prosper\Local Settings\Application Data\Adobe updater\mph.dll MSConfigStartUp-DriverUpdaterPro - c:\program files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kacbn] . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-1597884737-3636102522-79069050-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:7e,97,2a,6f,a1,49,cc,db,de,0b,e2,bb,6a,00,b6,bd,2f,d7,97,ad,e1,1e,6f, da,20,d7,a7,03,77,5b,04,fc,82,3a,90,b7,24,d2,42,29,23,4f,a8,1d,f3,e0,98,95,\ "??"=hex:1f,f5,c0,69,7d,86,4b,4e,7c,c0,40,c5,52,c9,bc,ca [HKEY_USERS\S-1-5-21-1597884737-3636102522-79069050-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:2f,9f,df,4a,fb,14,df,98,38,b7,ae,23,08,05,06,0d,a5,bd,12,8b,82, 40,2e,00,7b,5d,75,af,3d,b6,7e,4d,a5,c6,99,7d,ea,05,a3,6b,83,f1,a0,8a,c0,5c,\ "rkeysecu"=hex:8b,85,74,81,79,24,9c,38,07,a6,da,78,9e,1a,0e,6c [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'Explorer.exe'(1068) c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\conime.exe c:\windows\ATKKBService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\RtHDVCpl.exe c:\windows\ehome\ehmsas.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Voltooingstijd: 2010-10-14 14:52:10 - machine werd herstart ComboFix-quarantined-files.txt 2010-10-14 12:52 ComboFix2.txt 2010-10-14 00:46 Pre-Run: 9.430.441.984 bytes beschikbaar Post-Run: 9.254.539.264 bytes beschikbaar Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5 - - End Of File - - 127127CA47244E76C8BAD7C9E6C56FE9 Ik post hierna de log van hijackthis
-
Ik had een BSOD toen de computer opnieuw herstart was en combofix mij verzocht nog te wachten totdat deze klaar was.... log bestand: ComboFix 10-10-12.03 - Prosper 14-10-2010 2:32.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3326.2045 [GMT 2:00] Gestart vanuit: c:\users\Prosper\Desktop\ComboFix.exe SP: Avira Premium Security Suite *disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6} SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Prosper\AppData\Local\Adobe updater c:\windows\system32\57498037.dat c:\windows\system32\pcre3.dll c:\windows\system32\spool\prtprocs\w32x86\CNMPP78.DLL . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ndisrd (((((((((((((((((((( Bestanden Gemaakt van 2010-09-14 to 2010-10-14 )))))))))))))))))))))))))))))) . 2010-10-14 00:39 . 2010-10-14 00:41 -------- d-----w- c:\users\Prosper\AppData\Local\temp 2010-10-14 00:39 . 2010-10-14 00:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-10-13 08:19 . 2010-10-13 08:19 -------- d-----w- c:\users\Prosper\AppData\Roaming\Malwarebytes 2010-10-13 08:19 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-13 08:19 . 2010-10-13 08:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-13 08:19 . 2010-10-13 08:19 -------- d-----w- c:\programdata\Malwarebytes 2010-10-13 08:19 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-12 21:54 . 2010-10-12 22:05 -------- d-----w- c:\windows\system32\MpEngineStore 2010-10-12 18:50 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll 2010-10-12 18:49 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll 2010-10-12 18:49 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2010-10-12 18:49 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2010-10-12 18:48 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll 2010-10-12 18:48 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll 2010-10-12 18:48 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys 2010-10-12 18:48 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-10-12 18:48 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-10-12 18:48 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll 2010-10-12 18:48 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll 2010-10-12 18:48 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe 2010-10-12 18:47 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll 2010-10-12 18:46 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll 2010-10-12 18:46 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll 2010-10-12 18:45 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys 2010-10-12 18:44 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll 2010-10-12 17:08 . 2010-10-12 17:08 145920 ---ha-w- c:\windows\system32\mspnp3eef.exe 2010-10-12 16:36 . 2010-10-12 16:36 -------- d-----w- c:\users\Prosper\AppData\Roaming\GlarySoft 2010-10-12 16:31 . 2010-10-12 16:31 -------- d-----w- c:\program files\Glary Utilities 2010-10-12 13:54 . 2010-09-16 08:24 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D26C77EB-CF96-42F1-83FA-6FB63F4ABB28}\mpengine.dll 2010-10-12 13:47 . 2010-10-12 13:50 -------- d-----w- c:\users\Prosper\AppData\Roaming\TeamViewer 2010-10-12 13:46 . 2010-10-12 13:46 -------- d-----w- c:\program files\TeamViewer 2010-10-10 21:45 . 2010-10-10 21:52 -------- d-----w- c:\users\Prosper\AppData\Roaming\3A673671CD938D1934A3A954903144C7 2010-09-29 13:15 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll 2010-09-29 12:50 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2010-09-22 16:55 . 2010-09-22 16:55 -------- d-----w- c:\windows\system32\xlive 2010-09-22 16:55 . 2010-09-22 16:55 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE 2010-09-21 07:15 . 2010-09-21 07:15 -------- d-----w- c:\program files\Common Files\Apple 2010-09-21 07:15 . 2010-09-21 07:15 -------- d-----w- c:\program files\Apple Software Update 2010-09-16 09:47 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll 2010-09-16 09:47 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe 2010-09-16 09:47 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL 2010-09-16 09:47 . 2010-08-17 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2010-09-16 09:46 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . . <pre> c:\windows\RaidTool\xinside .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon] @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}" [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}] 2010-05-14 13:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon] @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}" [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}] 2010-05-14 13:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Google Update"="c:\users\Prosper\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-19 135664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440] "M-Audio Taskbar Icon"="c:\windows\system32\DeltaIITray.exe" [2009-07-27 236040] "PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msdrm"="msdrm.exe" [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe products updater] c:\users\Prosper\Local Settings\Application Data\Adobe updater\mph.dll [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverUpdaterPro] c:\program files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-12-19 20:02 135664 ----atw- c:\users\Prosper\AppData\Local\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1597884737-3636102522-79069050-1000] "EnableNotificationsRef"=dword:00000002 R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R1 bkrbhuxg;bkrbhuxg;c:\windows\system32\drivers\bkrbhuxg.sys [x] R1 sdpiosys;sdpiosys;c:\windows\system32\drivers\sdpiosys.sys [x] R2 MSPnPService;MS PnP Service;c:\windows\system32\mspnp3eef.exe [2010-10-12 145920] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-04-09 7680] R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x] R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-04-09 110592] R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-04-09 105344] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-06 691696] S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-05-04 125960] S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448] S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-05-27 141384] S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-04-30 99336] S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111112] S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-05-12 111176] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-16 240232] S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-06 2002728] S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\MAudioDelta.sys [2009-07-27 302472] S3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-03-12 286208] --- Andere Services/Drivers In Geheugen --- *Deregistered* - kacbn [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache bthsvcs REG_MULTI_SZ BthServ . Inhoud van de 'Gedeelde Taken' map 2010-10-14 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2010-10-12 09:14] 2010-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1597884737-3636102522-79069050-1000Core.job - c:\users\Prosper\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 20:02] 2010-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1597884737-3636102522-79069050-1000UA.job - c:\users\Prosper\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 20:02] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kacbn] . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-1597884737-3636102522-79069050-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:7e,97,2a,6f,a1,49,cc,db,de,0b,e2,bb,6a,00,b6,bd,2f,d7,97,ad,e1,1e,6f, da,20,d7,a7,03,77,5b,04,fc,82,3a,90,b7,24,d2,42,29,23,4f,a8,1d,f3,e0,98,95,\ "??"=hex:1f,f5,c0,69,7d,86,4b,4e,7c,c0,40,c5,52,c9,bc,ca [HKEY_USERS\S-1-5-21-1597884737-3636102522-79069050-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:2f,9f,df,4a,fb,14,df,98,38,b7,ae,23,08,05,06,0d,a5,bd,12,8b,82, 40,2e,00,7b,5d,75,af,3d,b6,7e,4d,a5,c6,99,7d,ea,05,a3,6b,83,f1,a0,8a,c0,5c,\ "rkeysecu"=hex:8b,85,74,81,79,24,9c,38,07,a6,da,78,9e,1a,0e,6c [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'Explorer.exe'(3972) c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\conime.exe c:\windows\ATKKBService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\RtHDVCpl.exe c:\windows\ehome\ehmsas.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Voltooingstijd: 2010-10-14 02:46:53 - machine werd herstart ComboFix-quarantined-files.txt 2010-10-14 00:46 Pre-Run: 12.800.454.656 bytes beschikbaar Post-Run: 12.326.588.416 bytes beschikbaar Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5 - - End Of File - - 69558C65BF09224586477C26F1CBCE61 ---------- Post toegevoegd om 10:22 ---------- Vorige post was om 10:21 ---------- Ik had panda wel uitgezet maar niet goed?
-
Ik had de computer al opnieuw op laten starten door malwarebytes. Net nog een scan gedaan en hij vond nog 1 geinfecteerd bestand, deze ook weer verwijderd.. moet m nu weer opstarten. Hier t log bestand: Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4809 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 13-10-2010 11:16:39 mbam-log-2010-10-13 (11-16-39).txt Scantype: Snelle scan Objecten gescand: 139866 Verstreken tijd: 3 minuut/minuten, 36 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: C:\Windows\system32\Drivers\kacbn.sys (Rootkit.Agent) -> Quarantined and deleted successfully. Moet wel zeggen dat deze methode goed werkt.. heb echt best veel dingen geprobeerd maar ben erg blij met je snelle hulp ! ---------- Post toegevoegd om 09:31 ---------- Vorige post was om 09:18 ---------- Na opnieuw opgestart te hebben, weer een scan gedaan.. vond ie weer 1 geinfecteerd bestand.. weer dezelfde rootkit.agent hoe krijg ik die weg?
-
Bedankt voor je antwoord! Windows startte weer normaal op nieuwe hijack log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:31:13, on 13-10-2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18975) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\DeltaIITray.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Prosper\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Prosper\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Prosper\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Prosper\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\system32\DeltaIITray.exe O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Prosper\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msdrm] msdrm.exe (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [msdrm] msdrm.exe (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\Windows\ATKKBService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- End of file - 6095 bytes Log MBAM: Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4809 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 13-10-2010 10:24:53 mbam-log-2010-10-13 (10-24-53).txt Scantype: Snelle scan Objecten gescand: 140189 Verstreken tijd: 3 minuut/minuten, 42 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 1 Registersleutels geïnfecteerd: 4 Registerwaarden geïnfecteerd: 3 Registerdata geïnfecteerd: 3 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 6 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: C:\Windows\System32\mcafeemn.dll (Monitor.Perflogger) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_CURRENT_USER\Software\Microsoft\Phost (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Phost (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srenum (Rootkit.Agent) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{1d96b0e5-4887-7738-68f1-0fb396a3de1b} (Spyware.SpyEyes) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Worm.Palevo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Monitor.Perflogger) -> Data: c:\windows\system32\mcafeemn.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Monitor.Perflogger) -> Data: system32\mcafeemn.dll -> Quarantined and deleted successfully. Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: C:\Windows\System32\mcafeemn.dll (Monitor.Perflogger) -> Delete on reboot. C:\Users\Prosper\AppData\Roaming\Cauho\egro.exe (Spyware.SpyEyes) -> Quarantined and deleted successfully. C:\Windows\System32\msrun.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\winamnc_backup.dll (Monitor.Perflogger) -> Quarantined and deleted successfully. C:\Windows\system32\Drivers\kacbn.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
-
Dit is de log met hiJackthis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 0:07:24, on 13-10-2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18975) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\explorer.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\DeltaIITray.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\SEC\Natural Color Pro\NCProTray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Prosper\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Prosper\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Prosper\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANToManager.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Prosper\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Prosper\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell=explorer.exe rundll32.exe wdpf.xfo mfwchp O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\system32\DeltaIITray.exe O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Prosper\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [{1D96B0E5-4887-7738-68F1-0FB396A3DE1B}] C:\Users\Prosper\AppData\Roaming\Cauho\egro.exe O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\Windows\cfdrive32.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msdrm] msdrm.exe (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [msdrm] msdrm.exe (User 'Default user') O4 - Global Startup: NCProTray.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\system32\mcafeemn.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\Windows\ATKKBService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: Windows Dumper Host (windump) - Unknown owner - C:\Windows\system32\windump.exe (file missing) -- End of file - 7239 bytes
-
Ik zit met een vaag probleem, misschien kan iemand mij helpen? Sinds 2 dagen (heb niks raars gedownload zo ver ik weet) vindt mn virus scanner: Panda een virus die wordt verwijderd. Dit proces herhaald zich op den duur weer en blijft maar doorgaan... Het ging hier om een bestand wat elke keer van naam veranderd in de map C:/users/appdata/local/temp. Ik kon de bestanden niet handmatig verwijderen omdat ze in gebruik waren. Ik heb Ccleaner opgestart en zn werk laten doen, een diepe scan uitgevoerd, ook met eset geprobeerd maar het ging niet weg. Nu lijkt het opeens zo dat het virus sterker is geworden want na een herstart werd explorer.exe niet meer geladen. De computer werd opgestart in het documenten scherm met alleen een blauw scherm. Na handmatig explorer.exe in te typen kom ik windows wel in maar krijg ik elke 5 sec een foutmelding van meerdere bestanden: mph.dll en mcafeemn.dll In veilige modus kan ik geen scan van panda doen maar wel ccleaner laten lopen.. heeft niet geholpen. Wat is nu de beste stap om dit op te lossen? Dank!
