Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

HJT controle

None
30 antwoorden
  • Beste,
    Onlangs heb ik wat problemen gehad met mijn pc. MBAM vond hier en daar wat problemen. Het vreemde is dat ik nu af en toe een melding krijg van Windows dat ik geen virusscanner zou hebben, terwijl ik wel degelijk AVG heb… Alvast bedankt voor de hulp!

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 16:24:37, on 26/01/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16700)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
    C:\Windows\SysWOW64\WTClient.exe
    C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.248.254.11:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [LManager] "C:\Program Files (x86)\Launch Manager\LManager.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {2D0280B1-DC42-4DFA-9525-09BD48838539} - http://www.newstargames.com/OSAKitPro.CAB
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgfws.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
    O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: IS360service - IObit - C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LAlarm Service (LAlarmService) - LAlarm Systems - C:\Program Files\LAlarm\LAlarmService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - Unknown owner - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\Windows\System32\Drivers\WTSRV.EXE (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: webcamXP Service (wxpSvc) - Unknown owner - C:\Program Files (x86)\wLite\wService.exe


    End of file - 9115 bytes
  • Hoi Stef, heb jij mogelijk de betaalde versie van AVG in jouw Windows?


    [b:16df67c743]Welk programma[/b:16df67c743]: ComboFix
    [b:16df67c743]Waarvoor/waarom[/b:16df67c743]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen.
    [b:16df67c743]Moeilijkheidsgraad[/b:16df67c743]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:16df67c743]Downloadlokatie[/b:16df67c743]: Dit programma absoluut naar het bureaublad downloaden!
    [b:16df67c743]Download ComboFix via één van deze locaties[/b:16df67c743]:
    [list:16df67c743][*:16df67c743][b:16df67c743]Bleepingcomputer[/b:16df67c743]
    [*:16df67c743][b:16df67c743]ForoSpyware[/b:16df67c743]
    [*:16df67c743][b:16df67c743]Geekstogo[/b:16df67c743][/list:u:16df67c743]
    [b:16df67c743]Hier[/b:16df67c743] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:16df67c743]Hier[/b:16df67c743] en [b:16df67c743]hier[/b:16df67c743] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:16df67c743]Voor alle duidelijkheid nogmaals[/b:16df67c743]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:16df67c743]Opmerkingen[/b:16df67c743]:
    [list:16df67c743][*:16df67c743] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:16df67c743]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:16df67c743]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:16df67c743]
    [b:16df67c743]ComboFix is opgestart[/b:16df67c743]:
    [list:16df67c743][*:16df67c743]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:16df67c743]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:16df67c743]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:16df67c743]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:16df67c743]Post de inhoud van dit logbestand in je volgende bericht.
    [*:16df67c743]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:16df67c743]
    [b:16df67c743]Belangrijke opmerking[/b:16df67c743]:
    [list:16df67c743][*:16df67c743][b:16df67c743]Indien er een error wordt getoond met de melding: [/color:16df67c743]Illegal operation attempted on a registery key that has been marked for deletion.[/color:16df67c743] - start dan de computer opnieuw op.[/color:16df67c743][/b:16df67c743][/list:u:16df67c743]
  • Beste Abraham54,

    Eerst en vooral bedankt voor het vlugge antwoord. Ik ben momenteel niet in de mogelijkheid om de combofix te gebruiken, maar van zodra ik de mogenlijkheid heb, doe ik dit meteen. Eerlijkheidshalve moet ik toegeven dat ik een AVG licentie heb via het internet. Als dit het probleem zou kunnen zijn, wil ik dit wel meteen ongedaan maken.

    Alvast bedankt,
    Stef
  • Bedoel je daarmee, dat je AVG a.h.w niet legitiem gebruikt?

    Dan kan je het beste overschakelen op Avast 5 Free, de nummer 1 onder de gratis antivirusprogramma's!

    Maar dan dien je AVG eerst goed te verwijderen!


    * AVG Remover: http://www.avg.com/nl-nl/download-tools

    * Avast 5 Free: http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button

    Installeer Avast met alle opties!
    En vergeet niet Avast eerst te registreren en daarna te updaten - hiervoor klik je in het menu op [b:ce19c5a599]Onderhoud[/b:ce19c5a599]
  • Beste,

    Ik gebruik AVG inderdaad niet legitiem. Ik maak er zo snel mogelijk werk van om Avast 5 te installeren. Bedankt voor de informatie. Ik post zo snel mogelijk het verslag van combofix.

    Bedankt :)
  • Beste,

    Ik heb ondertussen AVG gedeïnstalleerd, en Avast geïnstalleerd. Morgen zal ik de log van de combofix posten.

    Alvast bedankt voor de hulp
    Stef :wink:
  • Beste Abraham,

    Sorry voor mijn verschrikkelijk lange afwezigheid van dit topic. Nadat ik mijn
    virusscanner had geïnstalleerd leek het beter te gaan, maar na een tijdje ging hij terug slechter. De scansnelheid viel ook tegen. Ik heb opnieuw AVG geinstalleerd en die een virusscan laten doen. Hij vond niets, maar het lijkt er toch op dat er nog iets miszit op mijn computer. Is het goed als ik morgen mijn combofix log post?

    Nogmaals mijn excuses voor mijn afwezigheid. Ik had u op de hoogte moeten houden.

    Stef
  • Als het maar een aktuele ComboFix scan is!
  • Uiteraard, daar kan u op rekenen. Tot morgen dan.

    Nogmaals bedankt voor de tijd die u hierin steekt.

    Stef
  • Beste Abraham,

    Ik wou net ComboFix starten als hij mij de melding gaf dat ik AVG beter deïnstalleer. Is dit normaal? Ik veronderstel van wel, als ik het daarna opnieuw instaleer…

    Stef
  • Beste Abraham,

    Hier is het gevraagde log. Ik ga ook terug Avast! installeren. Alvast bedankt. inst.exe leek mij een Trojaans Paard, niet? Ik had even andere forums uitgepluisd en daaruit concludeerde ik dat ik met een Trojan Backdoor te maken heb. Deze zou moeilijk te verwijderen zijn en steeds terugkomen. Maar ik wacht natuurlijk jouw analyse af voor ik actie onderneem.

    Met vriendelijke groeten,
    Stef

    ComboFix 11-02-21.02 - Stef Petit 22/02/2011 16:52:57.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1033.18.4026.2875 [GMT 1:00]
    Gestart vanuit: c:\users\Stef Petit\Desktop\ComboFix.exe
    SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Stef Petit\AppData\Roaming\inst.exe
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\pthreadVC.dll
    c:\windows\SysWow64\wpcap.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Legacy_NPF
    ——-\Service_npf


    (((((((((((((((((((( Bestanden Gemaakt van 2011-01-22 to 2011-02-22 ))))))))))))))))))))))))))))))
    .

    2011-02-22 15:58 . 2011-02-22 15:58 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-02-21 22:02 . 2011-02-21 22:02 ——– d—–w- c:\users\Stef Petit\AppData\Local\StickyNotes
    2011-02-20 13:21 . 2011-02-20 13:32 ——– d—–w- c:\program files (x86)\Eusing Free Registry Cleaner
    2011-02-20 10:16 . 2011-02-20 10:16 ——– d—–w- c:\users\Stef Petit\AppData\Roaming\Vidalia
    2011-02-19 20:51 . 2011-02-19 20:51 ——– d—–w- c:\program files (x86)\NT Registry Optimizer
    2011-02-19 19:18 . 2011-02-19 19:22 ——– d—–w- c:\program files (x86)\AxBx
    2011-02-19 19:13 . 2011-02-19 19:13 ——– d—–w- c:\program files (x86)\Nsasoft
    2011-02-19 18:33 . 2011-02-19 18:33 ——– d—–w- c:\program files (x86)\Mgeni
    2011-02-19 14:34 . 2011-02-20 10:16 ——– d—–w- c:\users\Stef Petit\AppData\Roaming\Tor
    2011-02-19 09:38 . 2010-11-13 19:32 2647552 —-a-w- c:\windows\system32\drivers\athrx.sys
    2011-02-17 16:30 . 2010-10-15 21:32 90112 —-a-w- c:\windows\system32\igfxCoIn_v2226.dll
    2011-02-17 16:30 . 2010-10-15 21:27 982240 —-a-w- c:\windows\SysWow64\igkrng500.bin
    2011-02-17 16:30 . 2010-10-15 21:27 982240 —-a-w- c:\windows\system32\igkrng500.bin
    2011-02-17 16:30 . 2011-01-12 08:45 61952 —-a-w- c:\windows\system32\igfxsrvc.dll
    2011-02-17 16:30 . 2011-01-12 08:45 244224 —-a-w- c:\windows\system32\igfxpph.dll
    2011-02-17 16:30 . 2011-01-12 08:45 27648 —-a-w- c:\windows\system32\igfxexps.dll
    2011-02-17 16:30 . 2011-01-12 08:44 272384 —-a-w- c:\windows\system32\igfxdev.dll
    2011-02-17 16:30 . 2010-10-15 21:27 92356 —-a-w- c:\windows\SysWow64\igfcg500m.bin
    2011-02-17 16:30 . 2010-10-15 21:27 92356 —-a-w- c:\windows\system32\igfcg500m.bin
    2011-02-17 16:30 . 2010-10-15 21:27 439308 —-a-w- c:\windows\SysWow64\igcompkrng500.bin
    2011-02-17 16:30 . 2010-10-15 21:27 439308 —-a-w- c:\windows\system32\igcompkrng500.bin
    2011-02-16 21:24 . 2011-02-16 21:24 ——– d—–w- c:\users\Stef Petit\AppData\Local\SpeedBalance
    2011-02-16 21:23 . 2011-02-19 11:39 ——– d—–w- c:\program files (x86)\Speedbalance60
    2011-02-16 17:13 . 2011-02-16 17:13 ——– d—–w- c:\users\Stef Petit\AppData\Local\GXDevelopment,_Inc
    2011-02-16 17:11 . 2011-02-16 17:11 ——– d—–w- c:\program files (x86)\GXDevelopment
    2011-02-16 15:44 . 2011-02-16 15:52 ——– d—–w- c:\users\Stef Petit\AppData\Roaming\DVDVideoSoft
    2011-02-16 12:37 . 2011-02-16 12:37 ——– d—–w- c:\program files (x86)\Common Files\Java
    2011-02-14 22:05 . 2011-02-14 22:05 ——– d—–w- c:\users\Stef Petit\AppData\Roaming\SUPERAntiSpyware.com
    2011-02-14 22:05 . 2011-02-14 22:05 ——– d—–w- c:\programdata\!SASCORE
    2011-02-14 22:05 . 2011-02-21 21:10 ——– d—–w- c:\program files\SUPERAntiSpyware
    2011-02-14 22:04 . 2004-07-15 23:19 266240 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
    2011-02-14 22:04 . 2004-07-15 23:18 172032 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
    2011-02-14 22:04 . 2004-07-15 23:20 733184 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
    2011-02-14 22:04 . 2004-07-15 23:20 69715 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
    2011-02-14 22:04 . 2004-07-15 23:18 5632 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
    2011-02-14 22:04 . 2011-02-14 22:04 303236 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
    2011-02-14 22:04 . 2011-02-14 22:04 180356 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
    2011-02-14 17:40 . 2011-02-14 17:40 ——– d—–w- c:\users\Stef Petit\AppData\Local\Apple Computer
    2011-02-13 21:39 . 2011-02-13 21:39 70768 —-a-w- c:\windows\system32\drivers\l1c51x64.sys
    2011-02-13 19:49 . 2011-02-14 20:49 ——– d—–w- c:\users\Stef Petit\AppData\Local\Mgeni
    2011-02-13 18:58 . 2011-02-19 14:34 ——– d—–w- c:\program files (x86)\Vidalia Bundle
    2011-02-13 14:41 . 2011-02-13 14:41 74280 —-a-w- c:\windows\system32\drivers\L1C62x64.sys
    2011-02-13 14:36 . 2011-02-13 14:36 ——– d—–w- c:\programdata\Uniblue
    2011-02-13 14:24 . 2011-02-14 20:56 ——– d—–w- c:\users\Stef Petit\AppData\Roaming\Uniblue
    2011-02-13 14:24 . 2011-02-14 20:49 ——– dc-h–w- c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
    2011-02-13 14:24 . 2011-02-14 20:56 ——– d—–w- c:\program files (x86)\Uniblue
    2011-02-13 14:23 . 2011-02-13 14:23 ——– d—–w- c:\users\Stef Petit\AppData\Local\PackageAware
    2011-02-12 22:52 . 2011-02-12 22:58 ——– d—–w- c:\users\Stef Petit\AppData\Roaming\Systweak
    2011-02-12 21:31 . 2011-02-12 21:31 ——– d—–w- C:\$AVG
    2011-02-12 17:08 . 2011-02-14 20:49 ——– d—–w- c:\users\Stef Petit\AppData\Local\Little_Apps_(http___www.l
    2011-02-12 16:40 . 2011-02-12 16:40 ——– d—–w- c:\users\Stef Petit\AppData\Roaming\WinPatrol
    2011-02-12 13:23 . 2011-02-12 13:23 ——– d—–w- c:\users\Stef Petit\AppData\Roaming\Canneverbe Limited
    2011-02-12 13:23 . 2011-02-12 13:23 ——– d—–w- c:\programdata\Canneverbe Limited
    2011-02-12 13:23 . 2011-02-13 10:09 ——– d—–w- c:\program files\CDBurnerXP
    2011-02-12 09:37 . 2011-02-14 20:49 ——– d—–w- c:\program files (x86)\Wise Registry Cleaner
    2011-02-12 09:25 . 2010-09-06 09:26 189520 —-a-w- c:\windows\SysWow64\drivers\tmcomm.sys
    2011-02-11 22:10 . 2011-02-11 22:10 ——– d—–w- c:\users\Stef Petit\AppData\Roaming\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1
    2011-02-11 15:36 . 2011-02-13 10:09 ——– d—–w- c:\program files\Hitman Pro 3.5
    2011-02-10 19:03 . 2010-08-02 16:09 537088 —-a-w- c:\program files\Internet Explorer\pdm.dll
    2011-02-09 15:03 . 2010-12-18 06:11 714752 —-a-w- c:\windows\system32\kerberos.dll
    2011-02-09 15:03 . 2010-12-18 05:29 541184 —-a-w- c:\windows\SysWow64\kerberos.dll
    2011-02-09 15:03 . 2011-01-05 04:00 3127808 —-a-w- c:\windows\system32\win32k.sys
    2011-02-08 21:51 . 2011-02-08 21:51 12872 —-a-w- c:\windows\system32\bootdelete.exe
    2011-02-08 15:56 . 2011-01-20 09:39 7844688 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D4FAD2A-6080-4C0C-91B3-EEDE1C2F23EF}\mpengine.dll
    2011-02-07 21:48 . 2011-02-07 21:48 ——– d—–w- c:\program files (x86)\Devious Codeworks
    2011-02-06 22:07 . 2011-02-06 22:07 ——– d—–w- c:\users\Stef Petit\AppData\Local\Apple
    2011-02-06 11:18 . 2011-02-12 09:43 ——– d—–w- c:\program files (x86)\Mozilla Sunbird
    2011-02-06 11:18 . 2011-02-06 11:18 ——– d—–w- c:\users\Stef Petit\AppData\Local\Microsoft Help
    2011-02-06 11:18 . 2011-02-06 11:18 ——– d—–r- C:\MSOCache
    2011-02-06 11:09 . 2011-02-19 09:09 ——– d—–w- c:\program files (x86)\SystemRequirementsLab
    2011-02-06 10:54 . 2011-02-06 10:54 ——– d—–w- c:\users\Stef Petit\AppData\Local\Shareaza
    2011-02-06 10:54 . 2011-02-06 10:57 ——– d—–w- c:\users\Stef Petit\AppData\Roaming\Shareaza
    2011-02-05 18:48 . 2011-02-05 18:48 ——– d—–w- c:\users\Stef Petit\AppData\Local\LogMeIn
    2011-02-05 18:45 . 2010-12-08 12:12 60800 —-a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
    2011-02-05 18:45 . 2010-12-08 12:12 33152 —-a-w- c:\windows\system32\LMIport.dll
    2011-02-05 18:45 . 2010-12-08 12:12 87456 —-a-w- c:\windows\system32\LMIRfsClientNP.dll
    2011-02-05 18:45 . 2010-09-17 14:40 72216 —-a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
    2011-02-05 18:45 . 2010-12-08 12:12 80768 —-a-w- c:\windows\system32\LMIinit.dll
    2011-02-05 18:45 . 2011-02-22 15:28 ——– d—–w- c:\programdata\LogMeIn
    2011-02-05 18:44 . 2011-02-05 18:51 ——– d—–w- c:\program files (x86)\LogMeIn
    2011-02-05 17:49 . 2011-02-05 17:49 ——– d—–w- c:\users\Stef Petit\AppData\Roaming\Malwarebytes
    2011-02-05 16:45 . 2011-02-05 16:45 ——– d—–w- c:\users\Stef Petit\AppData\Local\Secunia PSI
    2011-02-05 16:45 . 2011-02-05 16:45 ——– d—–w- c:\program files (x86)\Secunia
    2011-02-05 15:57 . 2011-02-05 15:59 ——– d—–w- c:\program files\Puran Defrag
    2011-02-05 15:57 . 2010-05-17 11:11 290816 —-a-w- c:\windows\system32\PuranDefragS.exe
    2011-02-05 15:57 . 2010-05-17 11:11 276480 —-a-w- c:\windows\system32\PuranDC.exe
    2011-02-05 15:57 . 2010-05-17 11:11 1417216 —-a-w- c:\windows\system32\PuranFD.exe
    2011-02-05 15:57 . 2010-05-17 11:11 129536 —-a-w- c:\windows\system32\PuranDefragBT.exe
    2011-02-05 15:57 . 2010-01-27 12:58 270336 —-a-w- c:\windows\system32\PuranDefrag.dll
    2011-02-03 21:01 . 2011-02-12 21:33 19528 —-a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-02-03 21:01 . 2011-02-13 10:09 ——– d—–w- c:\programdata\Hitman Pro
    2011-02-03 12:00 . 2011-02-03 12:00 388096 —-a-r- c:\users\Stef Petit\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-02-02 18:46 . 2011-02-02 18:46 ——– d—–w- c:\program files (x86)\ElcomSoft
    2011-02-02 13:56 . 2011-02-02 13:56 ——– d—–w- c:\program files\WinPcap
    2011-02-02 13:56 . 2011-02-02 13:56 ——– d—–w- c:\users\Stef Petit\AppData\Roaming\Neoretix
    2011-01-30 18:01 . 2011-01-30 18:01 ——– d—–w- c:\program files (x86)\Microsoft Works
    2011-01-30 13:57 . 2011-01-30 13:57 103864 —-a-w- c:\program files (x86)\Internet Explorer\Plugins
    ppdf32.dll
    2011-01-29 23:25 . 2011-02-13 10:09 ——– d—–w- c:\program files (x86)\ToniArts
    2011-01-28 18:46 . 2011-01-28 18:46 ——– d—–w- c:\users\Stef Petit\AppData\Local\Microsoft Games
    2011-01-26 21:25 . 2011-01-26 21:25 ——– d—–w- c:\users\Stef Petit\AppData\Roaming\Thunderbird
    2011-01-26 21:25 . 2011-01-26 21:25 ——– d—–w- c:\users\Stef Petit\AppData\Local\Thunderbird
    2011-01-26 20:37 . 2011-01-13 08:47 237168 —-a-w- c:\windows\system32\aswBoot.exe
    2011-01-26 14:07 . 2011-01-26 14:07 3584 —-a-r- c:\users\Stef Petit\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
    2011-01-26 14:07 . 2011-01-26 14:07 ——– d—–w- c:\program files (x86)\Windows Installer Clean Up
    2011-01-26 13:42 . 2011-02-14 20:49 ——– d—–w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 10
    2011-01-24 06:48 . 2011-02-17 17:17 ——– d—–w- c:\users\Stef Petit\AppData\Local\Adobe
    2011-01-23 17:23 . 2011-02-12 17:15 ——– d—–w- c:\program files (x86)\Trend Micro
    2011-01-23 16:23 . 2011-01-23 16:23 ——– d—–w- c:\users\Stef Petit\AppData\Local\GameHouse
    2011-01-23 16:23 . 2011-01-23 16:23 ——– d—–w- c:\programdata\Trymedia
    2011-01-23 16:22 . 2011-01-23 16:41 ——– d—–w- c:\program files (x86)\Bejeweled 3
    2011-01-23 16:22 . 2011-01-23 16:22 ——– d—–w- c:\windows\Bejeweled 3

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-02 20:40 . 2010-09-18 16:39 472808 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2011-02-02 16:11 . 2010-09-03 20:37 270720 ——w- c:\windows\system32\MpSigStub.exe
    2011-01-31 15:34 . 2010-10-26 14:29 48648 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
    2011-01-31 15:34 . 2010-10-10 12:36 704320 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-01-26 22:21 . 2010-10-22 10:46 704320 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2011-01-22 23:57 . 2011-01-22 23:22 82364 —-a-w- c:\programdata\bdinstall.bin
    2011-01-19 10:35 . 2011-01-19 10:37 518896 —-a-w- c:\windows\system32\SRSTSX64.dll
    2011-01-19 10:35 . 2011-01-19 10:37 2719504 —-a-w- c:\windows\system32\WavesGUILib.dll
    2011-01-19 10:35 . 2011-01-19 10:37 211184 —-a-w- c:\windows\system32\SRSTSH64.dll
    2011-01-19 10:35 . 2011-01-19 10:37 198896 —-a-w- c:\windows\system32\SRSHP64.dll
    2011-01-19 10:35 . 2011-01-19 10:37 155888 —-a-w- c:\windows\system32\SRSWOW64.dll
    2011-01-19 10:35 . 2011-01-19 10:37 612384 —-a-w- c:\windows\system32\RTSnMg64.cpl
    2011-01-19 10:35 . 2011-01-19 10:36 332320 —-a-w- c:\windows\system32\RtlCPAPI64.dll
    2011-01-19 10:35 . 2011-01-19 10:36 2242720 —-a-w- c:\windows\system32\drivers\RTKVHD64.sys
    2011-01-19 10:35 . 2011-01-19 10:36 1814560 —-a-w- c:\windows\system32\RtPgEx64.dll
    2011-01-19 10:35 . 2011-01-19 10:36 99016 —-a-w- c:\windows\system32\RTEEL64A.dll
    2011-01-19 10:35 . 2011-01-19 10:36 76488 —-a-w- c:\windows\system32\RTEEG64A.dll
    2011-01-19 10:35 . 2011-01-19 10:36 68640 —-a-w- c:\windows\system32\RCoInst64.dll
    2011-01-19 10:35 . 2011-01-19 10:36 477216 —-a-w- c:\windows\system32\RtkApi64.dll
    2011-01-19 10:35 . 2011-01-19 10:36 372936 —-a-w- c:\windows\system32\RTEEP64A.dll
    2011-01-19 10:35 . 2011-01-19 10:36 307920 —-a-w- c:\windows\system32\RP3DHT64.dll
    2011-01-19 10:35 . 2011-01-19 10:36 307920 —-a-w- c:\windows\system32\RP3DAA64.dll
    2011-01-19 10:35 . 2011-01-19 10:36 201928 —-a-w- c:\windows\system32\RTEED64A.dll
    2011-01-19 10:35 . 2011-01-19 10:36 1631264 —-a-w- c:\windows\system32\RtkAPO64.dll
    2011-01-19 10:35 . 2011-01-19 10:36 149536 —-a-w- c:\windows\system32\RtkCfg64.dll
    2011-01-19 10:35 . 2011-01-19 10:36 1206304 —-a-w- c:\windows\system32\RTCOM64.dll
    2011-01-19 10:35 . 2011-01-19 10:36 325904 —-a-w- c:\windows\system32\MaxxAudioAPO20.dll
    2011-01-19 10:35 . 2011-01-19 10:36 2197264 —-a-w- c:\windows\system32\MaxxAudioEQ.dll
    2011-01-19 10:35 . 2011-01-19 10:36 504592 —-a-w- c:\windows\system32\DTSBassEnhancementDLL64.dll
    2011-01-19 10:35 . 2011-01-19 10:36 474896 —-a-w- c:\windows\system32\DTSVoiceClarityDLL64.dll
    2011-01-19 10:35 . 2011-01-19 10:36 328608 —-a-w- c:\windows\system32\FMAPO64.dll
    2011-01-19 10:35 . 2011-01-19 10:36 315152 —-a-w- c:\windows\system32\DTSNeoPCDLL64.dll
    2011-01-19 10:35 . 2011-01-19 10:36 268560 —-a-w- c:\windows\system32\DTSLimiterDLL64.dll
    2011-01-19 10:35 . 2011-01-19 10:36 265488 —-a-w- c:\windows\system32\DTSGainCompensatorDLL64.dll
    2011-01-19 10:35 . 2011-01-19 10:36 1325328 —-a-w- c:\windows\system32\DTSS2SpeakerDLL64.dll
    2011-01-19 10:35 . 2011-01-19 10:36 123664 —-a-w- c:\windows\system32\DTSLFXAPO64.dll
    2011-01-19 10:35 . 2011-01-19 10:36 123152 —-a-w- c:\windows\system32\DTSGFXAPO64.dll
    2011-01-19 10:35 . 2011-01-19 10:36 1178384 —-a-w- c:\windows\system32\DTSS2HeadphoneDLL64.dll
    2011-01-19 10:35 . 2011-01-19 10:36 1110800 —-a-w- c:\windows\system32\DTSBoostDLL64.dll
    2011-01-19 10:35 . 2011-01-19 10:36 108960 —-a-w- c:\windows\system32\AERTAR64.dll
    2011-01-19 10:35 . 2011-01-19 10:36 168864 —-a-w- c:\windows\system32\AERTAC64.dll
    2011-01-19 10:35 . 2011-01-19 10:36 1247776 —-a-w- c:\windows\RtlExUpd.dll
    2011-01-19 10:15 . 2011-01-19 10:15 21712 —-a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
    2011-01-16 21:33 . 2011-01-15 22:15 29 —-a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
    2011-01-12 09:30 . 2011-01-12 09:30 509976 —-a-w- c:\windows\system32\igfxsrvc.exe
    2011-01-12 09:30 . 2011-01-12 09:30 162328 —-a-w- c:\windows\system32\igfxtray.exe
    2011-01-12 09:30 . 2011-01-12 09:30 417304 —-a-w- c:\windows\system32\igfxpers.exe
    2011-01-12 09:30 . 2011-01-12 09:30 386584 —-a-w- c:\windows\system32\hkcmd.exe
    2011-01-12 09:30 . 2011-01-12 09:30 223768 —-a-w- c:\windows\system32\igfxext.exe
    2011-01-12 09:30 . 2011-01-12 09:30 3157528 —-a-w- c:\windows\system32\GfxUI.exe
    2011-01-12 09:30 . 2011-01-12 09:30 152600 —-a-w- c:\windows\system32\difx64.exe
    2011-01-12 09:25 . 2011-01-12 09:25 92672 —-a-w- c:\windows\system32\igfxCoIn_v2281.dll
    2011-01-12 09:18 . 2011-01-12 09:18 6549504 —-a-w- c:\windows\system32\igdumd64.dll
    2011-01-12 09:18 . 2011-01-12 09:18 10627392 —-a-w- c:\windows\system32\drivers\igdkmd64.sys
    2011-01-12 09:12 . 2011-01-12 09:12 4967424 —-a-w- c:\windows\SysWow64\igdumd32.dll
    2011-01-12 09:10 . 2011-01-12 09:10 571904 —-a-w- c:\windows\SysWow64\igdumdx32.dll
    2011-01-12 09:08 . 2009-09-03 03:06 4722176 —-a-w- c:\windows\system32\igd10umd64.dll
    2011-01-12 09:06 . 2011-01-12 09:06 4411392 —-a-w- c:\windows\SysWow64\igd10umd32.dll
    2011-01-12 09:00 . 2011-01-12 09:00 15034880 —-a-w- c:\windows\system32\ig4icd64.dll
    2011-01-12 08:51 . 2011-01-12 08:51 11039232 —-a-w- c:\windows\SysWow64\ig4icd32.dll
    2011-01-12 08:46 . 2011-01-12 08:46 88064 —-a-w- c:\windows\system32\igfxrsky.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 87552 —-a-w- c:\windows\system32\igfxrtrk.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 87552 —-a-w- c:\windows\system32\igfxrslv.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 87040 —-a-w- c:\windows\system32\igfxrtha.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 88576 —-a-w- c:\windows\system32\igfxresn.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 88064 —-a-w- c:\windows\system32\igfxrrus.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 87552 —-a-w- c:\windows\system32\igfxrsve.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 88064 —-a-w- c:\windows\system32\igfxrptg.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 88064 —-a-w- c:\windows\system32\igfxrplk.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 87552 —-a-w- c:\windows\system32\igfxrptb.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 87552 —-a-w- c:\windows\system32\igfxrnor.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 84992 —-a-w- c:\windows\system32\igfxrkor.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 88576 —-a-w- c:\windows\system32\igfxrell.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 88064 —-a-w- c:\windows\system32\igfxrita.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 87552 —-a-w- c:\windows\system32\igfxrhun.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 86528 —-a-w- c:\windows\system32\igfxrheb.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 84992 —-a-w- c:\windows\system32\igfxrjpn.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 88576 —-a-w- c:\windows\system32\igfxrfra.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 88064 —-a-w- c:\windows\system32\igfxrnld.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 88064 —-a-w- c:\windows\system32\igfxrdeu.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 87552 —-a-w- c:\windows\system32\igfxrfin.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 87040 —-a-w- c:\windows\system32\igfxrdan.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 87552 —-a-w- c:\windows\system32\igfxrcsy.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 86528 —-a-w- c:\windows\system32\igfxrara.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 83968 —-a-w- c:\windows\system32\igfxrcht.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 83968 —-a-w- c:\windows\system32\igfxrchs.lrc
    2011-01-12 08:46 . 2011-01-12 08:46 122368 —-a-w- c:\windows\system32\igfxcpl.cpl
    2011-01-12 08:45 . 2011-01-12 08:45 380416 —-a-w- c:\windows\system32\igfxTMM.dll
    2011-01-12 08:44 . 2009-09-03 03:06 108544 —-a-w- c:\windows\system32\hccutils.dll
    2011-01-12 08:44 . 2011-01-12 08:44 119808 —-a-w- c:\windows\system32\gfxSrvc.dll
    2011-01-12 08:44 . 2011-01-12 08:44 4096 —-a-w- c:\windows\system32\IGFXDEVLib.dll
    2011-01-12 08:44 . 2011-01-12 08:44 87552 —-a-w- c:\windows\system32\igfxrenu.lrc
    2011-01-12 08:43 . 2011-01-12 08:43 142336 —-a-w- c:\windows\system32\igfxdo.dll
    2011-01-12 08:43 . 2009-09-03 03:06 830464 —-a-w- c:\windows\system32\igfxress.dll
    2011-01-12 08:40 . 2011-01-12 08:40 23552 —-a-w- c:\windows\SysWow64\igfxexps32.dll
    2011-01-12 08:39 . 2011-01-12 08:39 228864 —-a-w- c:\windows\SysWow64\igfxdv32.dll
    2011-01-12 08:32 . 2011-01-12 08:32 208896 —-a-w- c:\windows\SysWow64\iglhsip32.dll
    2011-01-12 08:32 . 2011-01-12 08:32 206336 —-a-w- c:\windows\system32\iglhsip64.dll
    2011-01-12 08:32 . 2011-01-12 08:32 188416 —-a-w- c:\windows\system32\iglhcp64.dll
    2011-01-12 08:32 . 2011-01-12 08:32 147456 —-a-w- c:\windows\SysWow64\iglhcp32.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-07-27 1157128]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "IObit Security 360"="c:\program files (x86)\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-04 136176]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; [x]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; [x]
    R3 cpuz130;cpuz130; [x]
    R3 dump_wmimmc;dump_wmimmc; [x]
    R3 ENTECH64;ENTECH64; [x]
    R3 MBAMProtector;MBAMProtector; [x]
    R3 Nbdrv;NetBalancer Service;c:\windows\system32\DRIVERS
    bdrv.sys [x]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
    R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [2009-06-18 17064]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 222208]
    R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-03 1255736]
    R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
    R3 wxpSvc;webcamXP Service;c:\program files (x86)\wLite\wService.exe [2010-05-02 5027328]
    R4 NetBalancer Windows Service;NetBalancer Windows Service; [x]
    R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2009-09-03 332272]
    R4 PuranDefrag;PuranDefrag; [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-21 834544]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
    S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
    S2 IS360service;IS360service;c:\program files (x86)\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
    S2 LAlarmService;LAlarm Service;c:\program files\LAlarm\LAlarmService.exe [2009-12-15 28672]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-08 373640]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-10 399416]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1c51x64.sys [2011-02-13 70768]
    S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2009-06-18 27304]

    .
    Inhoud van de 'Gedeelde Taken' map

    2011-02-22 c:\windows\Tasks\AWC AutoSweep.job
    - c:\program files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-09-03 13:11]

    2011-02-22 c:\windows\Tasks\AWC Startup.job
    - c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2010-09-03 15:19]

    2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-04 18:10]

    2011-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-04 18:10]

    2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3273722056-2673575925-1433871218-1001Core.job
    - c:\users\Stef Petit\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-24 18:10]

    2011-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3273722056-2673575925-1433871218-1001UA.job
    - c:\users\Stef Petit\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-24 18:10]

    2011-02-21 c:\windows\Tasks\IObit Security 360.job
    - c:\program files (x86)\IObit\IObit Security 360\is360.exe [2011-02-09 16:37]

    2011-02-22 c:\windows\Tasks\RegistryBooster.job
    - c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-21 14:19]
    .

    ——— x86-64 ———–


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"="c:\combofix\CF12280.cfxxe" [X]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.be/
    uInternet Settings,ProxyServer = 195.248.254.11:8080
    uInternet Settings,ProxyOverride = <local>
    IE: Free YouTube Download - c:\users\Stef Petit\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    IE: Free YouTube to MP3 Converter - c:\users\Stef Petit\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    FF - ProfilePath - c:\users\Stef Petit\AppData\Roaming\Mozilla\Firefox\Profiles\0cu7ptp1.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p=
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: browser.xul.error_pages.enabled - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 8191
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 32
    FF - user.js: network.http.max-connections-per-server - 8
    FF - user.js: network.http.max-persistent-connections-per-proxy - 8
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    - - - - ORPHANS VERWIJDERD - - - -

    Toolbar-Locked - (no file)
    ShellIconOverlayIdentifiers-{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} - (no file)
    Notify-igfxcui - (no file)
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    SafeBoot-SolutoService
    BHO-{3706EE7C-3CAD-445D-8A43-03EBC3B75908} - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    ShellIconOverlayIdentifiers-{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\wxpSvc]
    "ImagePath"="c:\program files (x86)\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services
    pggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_USERS\S-1-5-21-3273722056-2673575925-1433871218-1001\Software\SecuROM\License information*]
    "datasecu"=hex:16,5f,c2,3d,dc,6d,b6,51,12,01,73,ba,72,dc,d0,e4,e4,8e,b1,67,d1,
    ee,c3,79,c9,3e,17,8b,7a,f0,67,0f,2b,c0,cf,f6,97,d8,79,38,6b,84,b3,d0,8f,fa,\
    "rkeysecu"=hex:06,6d,26,db,0e,b7,65,0c,f0,ed,67,5a,4c,44,5e,bd

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\05EB38C34BC08C849AA99BC8E106EF01\F132F0B0A6ECD384AA32773B467F9571]
    @DACL=(02 0000)
    "PatchGUID"="{873D09C1-62F2-4698-909C-2785D947A0FB}"
    "MediaCabinet"="WLXSuite_RTM_15.4.3508.1109"
    "File"="wlsettings.exe"
    "ComponentVersion"="15.4.3508.1109"
    "ProductVersion"="15.4.3502"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="10009"
    "SharedComponent"="0"
    "IsFullFile"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\0E9148D125309224D9566515991D4ABD\E97A59ECCF4EFFF4A857920FB449F22F]
    @DACL=(02 0000)
    "PatchGUID"="{4E0D259D-449D-43BD-8BB1-2354EB91DBAA}"
    "MediaCabinet"="UXPlatform_RTM_15.4.3508.1109"
    "File"="wlidux"
    "ComponentVersion"="15.4.3508.1109"
    "ProductVersion"="15.4.3502"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="10008"
    "SharedComponent"="0"
    "IsFullFile"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\0F658DB7B4E382540BA7440CE813C868\26ABA8B10F47DE741BC84A13825E198B]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="PPCRL_WLIDCREDPROV_32.DLL.D7E3D3D4_C059_4F60_8B26_AED871BD74F7"
    "ComponentVersion"="7.250.4225.0"
    "ProductVersion"="7.250.4225"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\2F4DC04D266ECB34FB8C59353E1B640E\F132F0B0A6ECD384AA32773B467F9571]
    @DACL=(02 0000)
    "PatchGUID"="{873D09C1-62F2-4698-909C-2785D947A0FB}"
    "MediaCabinet"="WLXSuite_RTM_15.4.3508.1109"
    "File"="wlstartup.exe"
    "ComponentVersion"="15.4.3508.1109"
    "ProductVersion"="15.4.3502"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="10014"
    "SharedComponent"="0"
    "IsFullFile"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\30C84DDF30FD3174882F0DE340E17C56\26ABA8B10F47DE741BC84A13825E198B]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="PPCRL_LIVESSP.DLL.1312FADD_90E2_487F_B4BC_5B3F1469FB3C"
    "ComponentVersion"="7.250.4225.0"
    "ProductVersion"="7.250.4225"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\419260314FB88254887E0E7B0812F9CB\26ABA8B10F47DE741BC84A13825E198B]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="PPCRL_WLIDCREDPROV.DLL.1312FADD_90E2_487F_B4BC_5B3F1469FB3C"
    "ComponentVersion"="7.250.4225.0"
    "ProductVersion"="7.250.4225"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\41A877E9A1A3F0C4997C695C1C366D87\E97A59ECCF4EFFF4A857920FB449F22F]
    @DACL=(02 0000)
    "PatchGUID"="{4E0D259D-449D-43BD-8BB1-2354EB91DBAA}"
    "MediaCabinet"="UXPlatform_RTM_15.4.3508.1109"
    "File"="uxcore"
    "ComponentVersion"="15.4.3508.1109"
    "ProductVersion"="15.4.3502"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="10002"
    "SharedComponent"="0"
    "IsFullFile"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\4EFC61B13D9E1764188D8ADA058C32F8\E97A59ECCF4EFFF4A857920FB449F22F]
    @DACL=(02 0000)
    "PatchGUID"="{4E0D259D-449D-43BD-8BB1-2354EB91DBAA}"
    "MediaCabinet"="UXPlatform_RTM_15.4.3508.1109"
    "File"="wldcore"
    "ComponentVersion"="15.4.3508.1109"
    "ProductVersion"="15.4.3502"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="10006"
    "SharedComponent"="0"
    "IsFullFile"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\514B9BE7E5CA9AA4A9A62744F368E549\26ABA8B10F47DE741BC84A13825E198B]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="PPCRL_WLIDRES_32.DLL.D7E3D3D4_C059_4F60_8B26_AED871BD74F7"
    "ComponentVersion"="7.250.4225.0"
    "ProductVersion"="7.250.4225"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\54240704B0452F94C82AAA6E3855BCBC\26ABA8B10F47DE741BC84A13825E198B]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="PPCRL_SQMAPI.DLL.1312FADD_90E2_487F_B4BC_5B3F1469FB3C"
    "ComponentVersion"="6.1.7600.16385"
    "ProductVersion"="7.250.4225"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5D6ADAB2518910F4997547FA0877DF81\F132F0B0A6ECD384AA32773B467F9571]
    @DACL=(02 0000)
    "PatchGUID"="{873D09C1-62F2-4698-909C-2785D947A0FB}"
    "MediaCabinet"="WLXSuite_RTM_15.4.3508.1109"
    "File"="LangSelector.exe"
    "ComponentVersion"="15.4.3508.1109"
    "ProductVersion"="15.4.3502"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="10000"
    "SharedComponent"="0"
    "IsFullFile"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\636C3082D44A9374ABBF5B79235DAE06\7B292C385A83B0447A137070E0186AF4]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="objstoredll"
    "ComponentVersion"="15.4.3508.1109"
    "ProductVersion"="15.4.3508"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\6B8760239075CDA43837B6E980B8E590\26ABA8B10F47DE741BC84A13825E198B]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="SDKCOMPONENTS_PPCRL_IDBHO.DLL.1312FADD_90E2_487F_B4BC_5B3F1469FB3C"
    "ComponentVersion"="7.250.4225.0"
    "ProductVersion"="7.250.4225"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\73EECFEAB6256594692F6C2E33E0A27C\26ABA8B10F47DE741BC84A13825E198B]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="PPCRL_WLIDSVC.EXE.1312FADD_90E2_487F_B4BC_5B3F1469FB3C"
    "ComponentVersion"="7.250.4225.0"
    "ProductVersion"="7.250.4225"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7A624A7CF1944224D878EAE1BF4BB2AB\7B292C385A83B0447A137070E0186AF4]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="NatTravdll"
    "ComponentVersion"="15.4.3508.1109"
    "ProductVersion"="15.4.3508"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7B0C9993D8DA2624384812ECDDB65574\26ABA8B10F47DE741BC84A13825E198B]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="PPCRL_LIVESSP_32.DLL.D7E3D3D4_C059_4F60_8B26_AED871BD74F7"
    "ComponentVersion"="7.250.4225.0"
    "ProductVersion"="7.250.4225"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\804D2932791E77A58A2CD0A141EE7342\F132F0B0A6ECD384AA32773B467F9571]
    @DACL=(02 0000)
    "PatchGUID"="{873D09C1-62F2-4698-909C-2785D947A0FB}"
    "MediaCabinet"="WLXSuite_RTM_15.4.3508.1109"
    "File"="wlsres.dll"
    "ComponentVersion"="15.4.3508.1109"
    "ProductVersion"="15.4.3502"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="10013"
    "SharedComponent"="0"
    "IsFullFile"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\84045B466E3F77F509270CBBB1F248D1\F132F0B0A6ECD384AA32773B467F9571]
    @DACL=(02 0000)
    "PatchGUID"="{873D09C1-62F2-4698-909C-2785D947A0FB}"
    "MediaCabinet"="WLXSuite_RTM_15.4.3508.1109"
    "File"="wlshim.dll"
    "ComponentVersion"="15.4.3508.1109"
    "ProductVersion"="15.4.3502"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="10012"
    "SharedComponent"="0"
    "IsFullFile"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\8D30F2DD647CC694F8C0BB8051AB42AE\26ABA8B10F47DE741BC84A13825E198B]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="SDKCOMPONENTS_PPCRL_MSIDCRL40.DLL.1312FADD_90E2_487F_B4BC_5B3F1469FB3C"
    "ComponentVersion"="7.250.4225.0"
    "ProductVersion"="7.250.4225"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\91EC984DEA9DFCC4C8C0C247BFEB16B2\E97A59ECCF4EFFF4A857920FB449F22F]
    @DACL=(02 0000)
    "PatchGUID"="{4E0D259D-449D-43BD-8BB1-2354EB91DBAA}"
    "MediaCabinet"="UXPlatform_RTM_15.4.3508.1109"
    "File"="uxcontacts"
    "ComponentVersion"="15.4.3508.1109"
    "ProductVersion"="15.4.3502"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="10001"
    "SharedComponent"="0"
    "IsFullFile"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\98AC5150921101D5D8E43ADA3253DF42\B53C70A248384AD4A95944B2C6980A37]
    @DACL=(02 0000)
    "PatchGUID"="{D309EBD6-D876-4651-B0EF-321D776D71E1}"
    "MediaCabinet"="WLXSuiteLang_RTM_15.4.3508.1109"
    "File"="wlsres.dll.mui"
    "ComponentVersion"="15.4.3508.1109"
    "ProductVersion"="15.4.3502"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="10004"
    "SharedComponent"="0"
    "IsFullFile"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\9C495D138D4ED5843914DD78DAA6BC94\26ABA8B10F47DE741BC84A13825E198B]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="PPCRL_WLIDPROV.DLL.1312FADD_90E2_487F_B4BC_5B3F1469FB3C"
    "ComponentVersion"="7.250.4225.0"
    "ProductVersion"="7.250.4225"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\9F06C4322C2045F4CB4F21DFA9663D1B\F132F0B0A6ECD384AA32773B467F9571]
    @DACL=(02 0000)
    "PatchGUID"="{873D09C1-62F2-4698-909C-2785D947A0FB}"
    "MediaCabinet"="WLXSuite_RTM_15.4.3508.1109"
    "File"="wlupdate.dll"
    "ComponentVersion"="15.4.3508.1109"
    "ProductVersion"="15.4.3502"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="10015"
    "SharedComponent"="0"
    "IsFullFile"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\A25BD59580A90CF4D8BA52D5806E4854\26ABA8B10F47DE741BC84A13825E198B]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="PPCRL_WLIDSVCM.EXE.1312FADD_90E2_487F_B4BC_5B3F1469FB3C"
    "ComponentVersion"="7.250.4225.0"
    "ProductVersion"="7.250.4225"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\A84927CD0666D0545886CD341F90D0C8\26ABA8B10F47DE741BC84A13825E198B]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="PPCRL_WLIDNSP_32.DLL.D7E3D3D4_C059_4F60_8B26_AED871BD74F7"
    "ComponentVersion"="7.250.4225.0"
    "ProductVersion"="7.250.4225"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\A96A4D227AF349D44B623F3218D76E2B\26ABA8B10F47DE741BC84A13825E198B]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="SDKCOMPONENTS_PPCRL_MSIDCRL40_32.DLL.D7E3D3D4_C059_4F60_8B26_AED871BD74F7"
    "ComponentVersion"="7.250.4225.0"
    "ProductVersion"="7.250.4225"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\AB03DC935D903204D98088CA3FEF4E35\26ABA8B10F47DE741BC84A13825E198B]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="SDKCOMPONENTS_PPCRL_PPCRLCONFIG.DLL.1312FADD_90E2_487F_B4BC_5B3F1469FB3C"
    "ComponentVersion"="8.0.15114.0"
    "ProductVersion"="7.250.4225"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\AD1ABCF6D0E6B5C4788476CD4BF91737\26ABA8B10F47DE741BC84A13825E198B]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="PPCRL_WLIDRES.DLL.1312FADD_90E2_487F_B4BC_5B3F1469FB3C"
    "ComponentVersion"="7.250.4225.0"
    "ProductVersion"="7.250.4225"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\B3A6800C9080FE456AEF3C385AAEEE04\032440EF5AC97F34B985A55C2AA8F133]
    @DACL=(02 0000)
    "PatchGUID"="{1EC5441D-55AA-4443-A409-090658A67839}"
    "MediaCabinet"="WLXSuiteLang_RTM_15.4.3508.1109"
    "File"="wlsres.dll.mui"
    "ComponentVersion"="15.4.3508.1109"
    "ProductVersion"="15.4.3502"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="10004"
    "SharedComponent"="0"
    "IsFullFile"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\B6728DD80B45CF358B866972DEAD450B\032440EF5AC97F34B985A55C2AA8F133]
    @DACL=(02 0000)
    "PatchGUID"="{1EC5441D-55AA-4443-A409-090658A67839}"
    "MediaCabinet"="WLXSuiteLang_RTM_15.4.3508.1109"
    "File"="wlarp.exe"
    "ComponentVersion"="15.4.3508.1109"
    "ProductVersion"="15.4.3502"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="10002"
    "SharedComponent"="0"
    "IsFullFile"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\B6728DD80B45CF358B866972DEAD450B\B53C70A248384AD4A95944B2C6980A37]
    @DACL=(02 0000)
    "PatchGUID"="{D309EBD6-D876-4651-B0EF-321D776D71E1}"
    "MediaCabinet"="WLXSuiteLang_RTM_15.4.3508.1109"
    "File"="wlarp.exe"
    "ComponentVersion"="15.4.3508.1109"
    "ProductVersion"="15.4.3502"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="10002"
    "SharedComponent"="0"
    "IsFullFile"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\BAF6A4D8A51F9CE4D86431E877D59303\E97A59ECCF4EFFF4A857920FB449F22F]
    @DACL=(02 0000)
    "PatchGUID"="{4E0D259D-449D-43BD-8BB1-2354EB91DBAA}"
    "MediaCabinet"="UXPlatform_RTM_15.4.3508.1109"
    "File"="uxctl"
    "ComponentVersion"="15.4.3508.1109"
    "ProductVersion"="15.4.3502"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="10003"
    "SharedComponent"="0"
    "IsFullFile"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D5DF475856989C74B80DAE9D470C076E\7B292C385A83B0447A137070E0186AF4]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="presimdll"
    "ComponentVersion"="15.4.3508.1109"
    "ProductVersion"="15.4.3508"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA7FA13822F4E8F45982137ABA12C3E8\26ABA8B10F47DE741BC84A13825E198B]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="PPCRL_WLIDNSP.DLL.1312FADD_90E2_487F_B4BC_5B3F1469FB3C"
    "ComponentVersion"="7.250.4225.0"
    "ProductVersion"="7.250.4225"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\EDD37DFD921EF6346971F73F652ADFC9\26ABA8B10F47DE741BC84A13825E198B]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="PPCRL_WLIDPROV_32.DLL.D7E3D3D4_C059_4F60_8B26_AED871BD74F7"
    "ComponentVersion"="7.250.4225.0"
    "ProductVersion"="7.250.4225"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\EDE5069A62EDF734E94205F656D91E5B\E97A59ECCF4EFFF4A857920FB449F22F]
    @DACL=(02 0000)
    "PatchGUID"="{4E0D259D-449D-43BD-8BB1-2354EB91DBAA}"
    "MediaCabinet"="UXPlatform_RTM_15.4.3508.1109"
    "File"="uxcalendar"
    "ComponentVersion"="15.4.3508.1109"
    "ProductVersion"="15.4.3502"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="10000"
    "SharedComponent"="0"
    "IsFullFile"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\EFC46146A65C5015599CDD7DD3CF48F7\F132F0B0A6ECD384AA32773B467F9571]
    @DACL=(02 0000)
    "PatchGUID"="{873D09C1-62F2-4698-909C-2785D947A0FB}"
    "MediaCabinet"="WLXSuite_RTM_15.4.3508.1109"
    "File"="wlbici.dll"
    "ComponentVersion"="15.4.3508.1109"
    "ProductVersion"="15.4.3502"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="10008"
    "SharedComponent"="0"
    "IsFullFile"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\F6ED3B2A13600CD419A9B6E14A72A3DA\26ABA8B10F47DE741BC84A13825E198B]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="SDKCOMPONENTS_PPCRL_IDBHO_32.DLL.D7E3D3D4_C059_4F60_8B26_AED871BD74F7"
    "ComponentVersion"="7.250.4225.0"
    "ProductVersion"="7.250.4225"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\FC8BCFA70EEFEBB42B7A0DAB75A20D29\7B292C385A83B0447A137070E0186AF4]
    @DACL=(02 0000)
    "PatchGUID"=""
    "MediaCabinet"=""
    "File"="transpdll"
    "ComponentVersion"="15.4.3508.1109"
    "ProductVersion"="15.4.3508"
    "PatchSize"="0"
    "PatchAttributes"="0"
    "PatchSequence"="0"
    "SharedComponent"="0"
    "IsFullFile"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com]
    @DACL=(02 0000)
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com]
    @DACL=(02 0000)
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com]
    @DACL=(02 0000)
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com]
    @DACL=(02 0000)
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\010402.com]
    @DACL=(02 0000)
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com]
    @DACL=(02 0000)
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com]
    @DACL=(02 0000)
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-2005-search.com]
    @DACL=(02 0000)
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com]
    @DACL=(02 0000)
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1000gratisproben.com]
    @DACL=(02 0000)
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001namen.com]
    @DACL=(02 0000)
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100888290cs.com]
    @DACL=(02 0000)
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100sexlinks.com]
    @DACL=(02 0000)
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\10sek.com]
    @DACL=(02 0000)
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-26.net]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-27.net]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123fporn.info]
    @DACL=(02 0000)
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123haustiereundmehr.com]
    @DACL=(02 0000)
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123moviedownload.com]
    @DACL=(02 0000)
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123simsen.com]
    @DACL=(02 0000)
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123topsearch.com]
    @DACL=(02 0000)
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\125sms.co.uk]
    @DACL=(02 0000)
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\125sms.com]
    @DACL=(02 0000)
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12w.net]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\132.com]
    @DACL=(02
  • Post een of de twee laatste logs van MBAM!

    Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.
  • Beste Abraham,

    Wanneer ik op logbestanden klik, krijg ik enkel logbestanden van updates te zien. Kan dit zijn omdat ik CCleaner gebruik? Ik gebruik ook Advanced System Care 4 (bètaversie) en die liet me daarnet weten dat er een torjanAgent op mijn pc zat. "C:\Windows\system32\WinTab32.dll"

    Hier is alvast een log van een nieuwe scan van MBAM.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Databaseversie: 5851

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8080.16413

    23/02/2011 14:16:15
    mbam-log-2011-02-23 (14-16-15).txt

    Scantype: Snelle scan
    Objecten gescand: 164363
    Verstreken tijd: 4 minuut/minuten, 55 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)


    Viel het log van Combofix wat mee?

    Bedankt,
    Stef
  • Dat Iobit tool "Advanced System Care" is in feite een programma wat de chinezen hebben gemaakt met van westerse antivirusmakers en van Malwarebyte MBAM gestolen databases!

    Bovendien kan dit tool door de aanwezige antirusbestanden conflicteren met de door jouw gebruikte antivirus!

    Dus deïnstalleren die hap is mijn advies!
  • Komt in orde :wink:
    Is mijn pc voorts 'genezen', of moet er nog wat gebeuren?

    Stef
  • Neen.

    Volgende stap:

    [b:14ea29fabf]Welk programma[/b:14ea29fabf]: Kaspersky [b:14ea29fabf]TDSSKiller[/b:14ea29fabf]
    [b:14ea29fabf]Waarvoor/waarom[/b:14ea29fabf]: Rootkitscanner
    [b:14ea29fabf]Moeilijkheidsgraad[/b:14ea29fabf]: geen
    [b:14ea29fabf]Downloadlokatie[/b:14ea29fabf]: Dit programma absoluut naar het bureaublad downloaden!
    [b:14ea29fabf]Download[/b:14ea29fabf] [b:14ea29fabf]TDSSKiller[/b:14ea29fabf] [b:14ea29fabf]hier[/b:14ea29fabf].

    [b:14ea29fabf]Installatie[/b:14ea29fabf]:
    [list:14ea29fabf][*:14ea29fabf] pak het bestand uit op je bureaublad.[/list:u:14ea29fabf]

    [b:14ea29fabf]TDSSKiller gebruiken[/b:14ea29fabf]:
    [list:14ea29fabf][*:14ea29fabf]Windows 2000 en Windows XP: start TDSSKiller middels dubbelklik op TDSSKiller.exe.
    [*:14ea29fabf]Windows Vista en Windows 7: start TDSSKiller middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:14ea29fabf]Als Administrator uitvoeren[/b:14ea29fabf].
    [*:14ea29fabf] Nadat de scan klaar is, vindt je het log in de C:\ partitie
    [*:14ea29fabf] Post de inhoud van dat log[/list:u:14ea29fabf]
  • Hier is het gevraagde log.

    2011/02/23 15:01:46.0163 1028 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
    2011/02/23 15:01:46.0490 1028 ================================================================================
    2011/02/23 15:01:46.0490 1028 SystemInfo:
    2011/02/23 15:01:46.0490 1028
    2011/02/23 15:01:46.0490 1028 OS Version: 6.1.7601 ServicePack: 1.0
    2011/02/23 15:01:46.0490 1028 Product type: Workstation
    2011/02/23 15:01:46.0490 1028 ComputerName: STEFPETIT-PC
    2011/02/23 15:01:46.0490 1028 UserName: Stef Petit
    2011/02/23 15:01:46.0490 1028 Windows directory: C:\Windows
    2011/02/23 15:01:46.0490 1028 System windows directory: C:\Windows
    2011/02/23 15:01:46.0490 1028 Running under WOW64
    2011/02/23 15:01:46.0490 1028 Processor architecture: Intel x64
    2011/02/23 15:01:46.0490 1028 Number of processors: 2
    2011/02/23 15:01:46.0490 1028 Page size: 0x1000
    2011/02/23 15:01:46.0490 1028 Boot type: Normal boot
    2011/02/23 15:01:46.0490 1028 ================================================================================
    2011/02/23 15:01:47.0114 1028 Initialize success
    2011/02/23 15:01:56.0225 2080 ================================================================================
    2011/02/23 15:01:56.0225 2080 Scan started
    2011/02/23 15:01:56.0225 2080 Mode: Manual;
    2011/02/23 15:01:56.0225 2080 ================================================================================
    2011/02/23 15:01:57.0582 2080 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    2011/02/23 15:01:57.0878 2080 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    2011/02/23 15:01:58.0034 2080 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    2011/02/23 15:01:58.0128 2080 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/02/23 15:01:58.0487 2080 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/02/23 15:01:58.0690 2080 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/02/23 15:01:59.0095 2080 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
    2011/02/23 15:01:59.0376 2080 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    2011/02/23 15:01:59.0563 2080 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    2011/02/23 15:01:59.0579 2080 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    2011/02/23 15:01:59.0657 2080 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/02/23 15:01:59.0969 2080 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/02/23 15:02:00.0281 2080 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
    2011/02/23 15:02:00.0608 2080 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/02/23 15:02:00.0920 2080 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
    2011/02/23 15:02:01.0342 2080 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    2011/02/23 15:02:01.0732 2080 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/02/23 15:02:02.0122 2080 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/02/23 15:02:02.0387 2080 aswFsBlk (ad3f9dbec81dab65d6f07f9c107d2a0b) C:\Windows\system32\drivers\aswFsBlk.sys
    2011/02/23 15:02:02.0699 2080 aswMonFlt (230146279d158b52f554c78d0d53d814) C:\Windows\system32\drivers\aswMonFlt.sys
    2011/02/23 15:02:02.0761 2080 aswRdr (d6efb0c6628ca23b7f5a23425d6df08c) C:\Windows\system32\drivers\aswRdr.sys
    2011/02/23 15:02:02.0964 2080 aswSnx (008ed766339ea60ea6fb0803cd006438) C:\Windows\system32\drivers\aswSnx.sys
    2011/02/23 15:02:03.0120 2080 aswSP (e3143bd9287335d281d31af2d03e4b48) C:\Windows\system32\drivers\aswSP.sys
    2011/02/23 15:02:03.0338 2080 aswTdi (8d559470124cc6d6ed9ec0a2e8abbe22) C:\Windows\system32\drivers\aswTdi.sys
    2011/02/23 15:02:03.0650 2080 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/02/23 15:02:03.0900 2080 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    2011/02/23 15:02:04.0680 2080 athr (e8e1ae3caa4c7286d40715336d8a11d4) C:\Windows\system32\DRIVERS\athrx.sys
    2011/02/23 15:02:05.0273 2080 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/02/23 15:02:05.0678 2080 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/02/23 15:02:06.0334 2080 BCM43XX (fb4fda64f2e8552eaeb5986c3f34462c) C:\Windows\system32\DRIVERS\bcmwl664.sys
    2011/02/23 15:02:06.0614 2080 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/02/23 15:02:06.0724 2080 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/02/23 15:02:07.0223 2080 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    2011/02/23 15:02:07.0644 2080 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/02/23 15:02:08.0034 2080 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/02/23 15:02:08.0377 2080 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/02/23 15:02:08.0830 2080 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/02/23 15:02:09.0157 2080 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/02/23 15:02:09.0407 2080 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/02/23 15:02:09.0656 2080 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/02/23 15:02:09.0844 2080 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/02/23 15:02:09.0968 2080 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    2011/02/23 15:02:10.0280 2080 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/02/23 15:02:10.0982 2080 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/02/23 15:02:11.0326 2080 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/02/23 15:02:11.0700 2080 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    2011/02/23 15:02:12.0246 2080 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    2011/02/23 15:02:12.0574 2080 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/02/23 15:02:12.0979 2080 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    2011/02/23 15:02:13.0245 2080 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/02/23 15:02:13.0744 2080 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    2011/02/23 15:02:13.0978 2080 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/02/23 15:02:14.0025 2080 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/02/23 15:02:14.0212 2080 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/02/23 15:02:14.0461 2080 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/02/23 15:02:15.0210 2080 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/02/23 15:02:15.0709 2080 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/02/23 15:02:16.0068 2080 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\drivers\ENTECH64.sys
    2011/02/23 15:02:16.0458 2080 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    2011/02/23 15:02:16.0723 2080 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/02/23 15:02:16.0957 2080 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/02/23 15:02:17.0051 2080 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/02/23 15:02:17.0379 2080 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/02/23 15:02:17.0503 2080 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/02/23 15:02:17.0597 2080 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/02/23 15:02:17.0893 2080 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    2011/02/23 15:02:18.0034 2080 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/02/23 15:02:18.0143 2080 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/02/23 15:02:18.0252 2080 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/02/23 15:02:18.0315 2080 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/02/23 15:02:18.0689 2080 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/02/23 15:02:19.0017 2080 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    2011/02/23 15:02:19.0235 2080 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    2011/02/23 15:02:19.0641 2080 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/02/23 15:02:19.0906 2080 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/02/23 15:02:20.0187 2080 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/02/23 15:02:20.0514 2080 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    2011/02/23 15:02:20.0842 2080 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    2011/02/23 15:02:21.0232 2080 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    2011/02/23 15:02:21.0388 2080 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    2011/02/23 15:02:21.0731 2080 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    2011/02/23 15:02:21.0949 2080 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
    2011/02/23 15:02:22.0230 2080 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
    2011/02/23 15:02:23.0977 2080 igfx (c02b4a9988a5be86348c74d6f8cc7e81) C:\Windows\system32\DRIVERS\igdkmd64.sys
    2011/02/23 15:02:24.0601 2080 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/02/23 15:02:25.0163 2080 IntcAzAudAddService (3edd3ce185da3e6aaec22adcfd7b1d54) C:\Windows\system32\drivers\RTKVHD64.sys
    2011/02/23 15:02:25.0413 2080 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    2011/02/23 15:02:25.0537 2080 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/02/23 15:02:25.0818 2080 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/02/23 15:02:25.0943 2080 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    2011/02/23 15:02:26.0083 2080 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/02/23 15:02:26.0130 2080 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/02/23 15:02:26.0302 2080 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    2011/02/23 15:02:26.0473 2080 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    2011/02/23 15:02:26.0739 2080 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    2011/02/23 15:02:26.0895 2080 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    2011/02/23 15:02:27.0051 2080 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    2011/02/23 15:02:27.0175 2080 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/02/23 15:02:27.0238 2080 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/02/23 15:02:27.0425 2080 L1C (c221e6bf2393850bdb6271f16e34c3ac) C:\Windows\system32\DRIVERS\l1c51x64.sys
    2011/02/23 15:02:27.0534 2080 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/02/23 15:02:27.0753 2080 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
    2011/02/23 15:02:28.0049 2080 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
    2011/02/23 15:02:28.0345 2080 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
    2011/02/23 15:02:28.0517 2080 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/02/23 15:02:28.0595 2080 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/02/23 15:02:28.0735 2080 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/02/23 15:02:28.0813 2080 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/02/23 15:02:29.0047 2080 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/02/23 15:02:29.0266 2080 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/02/23 15:02:29.0375 2080 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/02/23 15:02:29.0656 2080 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/02/23 15:02:29.0874 2080 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/02/23 15:02:30.0030 2080 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    2011/02/23 15:02:30.0249 2080 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/02/23 15:02:30.0467 2080 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    2011/02/23 15:02:30.0545 2080 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    2011/02/23 15:02:30.0779 2080 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/02/23 15:02:31.0185 2080 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    2011/02/23 15:02:31.0543 2080 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/02/23 15:02:31.0762 2080 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/02/23 15:02:31.0980 2080 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/02/23 15:02:32.0183 2080 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    2011/02/23 15:02:32.0464 2080 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    2011/02/23 15:02:32.0682 2080 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/02/23 15:02:32.0760 2080 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/02/23 15:02:33.0103 2080 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    2011/02/23 15:02:33.0478 2080 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/02/23 15:02:33.0665 2080 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/02/23 15:02:33.0883 2080 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/02/23 15:02:34.0195 2080 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    2011/02/23 15:02:34.0585 2080 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    2011/02/23 15:02:34.0741 2080 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/02/23 15:02:34.0975 2080 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/02/23 15:02:35.0194 2080 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/02/23 15:02:35.0412 2080 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS
    wifi.sys
    2011/02/23 15:02:36.0067 2080 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers
    dis.sys
    2011/02/23 15:02:36.0457 2080 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS
    discap.sys
    2011/02/23 15:02:36.0769 2080 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS
    distapi.sys
    2011/02/23 15:02:37.0097 2080 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS
    disuio.sys
    2011/02/23 15:02:37.0222 2080 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS
    diswan.sys
    2011/02/23 15:02:37.0425 2080 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    2011/02/23 15:02:37.0581 2080 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS
    etbios.sys
    2011/02/23 15:02:37.0737 2080 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS
    etbt.sys
    2011/02/23 15:02:37.0924 2080 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS
    frd960.sys
    2011/02/23 15:02:38.0127 2080 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/02/23 15:02:38.0314 2080 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers
    siproxy.sys
    2011/02/23 15:02:38.0641 2080 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
    2011/02/23 15:02:38.0782 2080 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/02/23 15:02:38.0922 2080 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers
    vraid.sys
    2011/02/23 15:02:39.0078 2080 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers
    vstor.sys
    2011/02/23 15:02:39.0203 2080 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers
    v_agp.sys
    2011/02/23 15:02:39.0453 2080 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    2011/02/23 15:02:39.0624 2080 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/02/23 15:02:39.0780 2080 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    2011/02/23 15:02:40.0014 2080 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    2011/02/23 15:02:40.0092 2080 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    2011/02/23 15:02:40.0279 2080 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/02/23 15:02:40.0373 2080 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
    2011/02/23 15:02:40.0623 2080 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/02/23 15:02:40.0794 2080 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/02/23 15:02:41.0028 2080 Point64 (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys
    2011/02/23 15:02:41.0278 2080 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/02/23 15:02:41.0621 2080 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/02/23 15:02:41.0855 2080 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    2011/02/23 15:02:42.0058 2080 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
    2011/02/23 15:02:42.0245 2080 PTSimBus (225d3660f926fe761bc8ce10c512aa02) C:\Windows\system32\DRIVERS\PTSimBus.sys
    2011/02/23 15:02:42.0354 2080 PTSimHid (bd2194786abaf4860f41118c0c103e7b) C:\Windows\system32\DRIVERS\PTSimHid.sys
    2011/02/23 15:02:42.0853 2080 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/02/23 15:02:43.0025 2080 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/02/23 15:02:43.0306 2080 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/02/23 15:02:43.0711 2080 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/02/23 15:02:43.0914 2080 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/02/23 15:02:44.0398 2080 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/02/23 15:02:44.0523 2080 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/02/23 15:02:44.0679 2080 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/02/23 15:02:45.0084 2080 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/02/23 15:02:45.0287 2080 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/02/23 15:02:45.0412 2080 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/02/23 15:02:45.0599 2080 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/02/23 15:02:45.0958 2080 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/02/23 15:02:46.0301 2080 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    2011/02/23 15:02:46.0691 2080 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    2011/02/23 15:02:47.0455 2080 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/02/23 15:02:47.0877 2080 RSUSBSTOR (fb39af63d6617f028ba0ebc21b83360d) C:\Windows\system32\Drivers\RtsUStor.sys
    2011/02/23 15:02:48.0079 2080 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    2011/02/23 15:02:48.0142 2080 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    2011/02/23 15:02:48.0298 2080 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    2011/02/23 15:02:48.0391 2080 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/02/23 15:02:48.0828 2080 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/02/23 15:02:49.0062 2080 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/02/23 15:02:49.0109 2080 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/02/23 15:02:49.0452 2080 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/02/23 15:02:49.0717 2080 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    2011/02/23 15:02:50.0076 2080 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/02/23 15:02:50.0513 2080 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    2011/02/23 15:02:50.0685 2080 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/02/23 15:02:51.0075 2080 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/02/23 15:02:51.0309 2080 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/02/23 15:02:51.0480 2080 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/02/23 15:02:51.0808 2080 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/02/23 15:02:52.0182 2080 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
    2011/02/23 15:02:52.0182 2080 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
    2011/02/23 15:02:52.0260 2080 sptd - detected Locked file (1)
    2011/02/23 15:02:52.0572 2080 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
    2011/02/23 15:02:53.0009 2080 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
    2011/02/23 15:02:53.0290 2080 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/02/23 15:02:53.0836 2080 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/02/23 15:02:54.0039 2080 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    2011/02/23 15:02:54.0397 2080 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/02/23 15:02:54.0756 2080 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
    2011/02/23 15:02:55.0084 2080 TClass2k (530a7f0966493dd437e4342f12ccd63b) C:\Windows\system32\DRIVERS\TClass2k.sys
    2011/02/23 15:02:55.0630 2080 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
    2011/02/23 15:02:56.0316 2080 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/02/23 15:02:56.0769 2080 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    2011/02/23 15:02:57.0081 2080 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/02/23 15:02:57.0471 2080 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/02/23 15:02:57.0783 2080 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    2011/02/23 15:02:58.0110 2080 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    2011/02/23 15:02:58.0469 2080 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
    2011/02/23 15:02:58.0843 2080 truecrypt (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys
    2011/02/23 15:02:59.0202 2080 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/02/23 15:02:59.0608 2080 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    2011/02/23 15:03:00.0076 2080 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/02/23 15:03:00.0450 2080 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/02/23 15:03:00.0731 2080 UCTblHid (01662b4865fdb282677b11cf416757ce) C:\Windows\system32\DRIVERS\UCTblHid.sys
    2011/02/23 15:03:01.0183 2080 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    2011/02/23 15:03:01.0527 2080 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    2011/02/23 15:03:01.0885 2080 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    2011/02/23 15:03:02.0088 2080 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/02/23 15:03:02.0182 2080 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
    2011/02/23 15:03:02.0431 2080 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    2011/02/23 15:03:02.0821 2080 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/02/23 15:03:03.0243 2080 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
    2011/02/23 15:03:03.0570 2080 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/02/23 15:03:04.0038 2080 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/02/23 15:03:04.0319 2080 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
    2011/02/23 15:03:04.0709 2080 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/02/23 15:03:04.0959 2080 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    2011/02/23 15:03:05.0130 2080 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    2011/02/23 15:03:05.0193 2080 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/02/23 15:03:05.0551 2080 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/02/23 15:03:05.0785 2080 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    2011/02/23 15:03:05.0910 2080 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    2011/02/23 15:03:06.0082 2080 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    2011/02/23 15:03:06.0175 2080 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    2011/02/23 15:03:06.0409 2080 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    2011/02/23 15:03:06.0487 2080 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/02/23 15:03:06.0924 2080 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/02/23 15:03:07.0189 2080 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/02/23 15:03:07.0361 2080 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/02/23 15:03:07.0564 2080 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/02/23 15:03:07.0642 2080 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/02/23 15:03:08.0110 2080 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/02/23 15:03:08.0625 2080 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/02/23 15:03:08.0874 2080 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/02/23 15:03:08.0952 2080 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/02/23 15:03:09.0327 2080 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    2011/02/23 15:03:09.0717 2080 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/02/23 15:03:10.0153 2080 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    2011/02/23 15:03:10.0465 2080 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/02/23 15:03:10.0699 2080 ================================================================================
    2011/02/23 15:03:10.0699 2080 Scan finished
    2011/02/23 15:03:10.0699 2080 ================================================================================
    2011/02/23 15:03:10.0715 0664 Detected object count: 1
    2011/02/23 15:03:13.0273 0664 Locked file(sptd) - User select action: Skip
  • Post nu eerst een nieuw/aktueel Hijack This-log.
  • Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:15:22, on 23/02/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8080.16413)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
    C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2start.exe
    C:\Users\Stef Petit\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Stef Petit\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Stef Petit\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Stef Petit\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Stef Petit\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Stef Petit\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.248.254.11:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [LManager] "C:\Program Files (x86)\Launch Manager\LManager.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O8 - Extra context menu item: Free YouTube Download - C:\Users\Stef Petit\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stef Petit\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex
    actrl.cab?lmi=100
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LAlarm Service (LAlarmService) - LAlarm Systems - C:\Program Files\LAlarm\LAlarmService.exe
    O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - (no file)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - Unknown owner - (no file)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\Windows\System32\Drivers\WTSRV.EXE (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: webcamXP Service (wxpSvc) - Unknown owner - C:\Program Files (x86)\wLite\wService.exe


    End of file - 9116 bytes

    Ik heb nu gemerkt dat ik bij de rootkit scan de keuze heb gemaakt om het bestand niet te verwijderen. Moet ik opnieuw scannen en nu wel verwijderen?

    Alvast bedankt,
    Stef
  • Hoi Stef, indien je Deamon Tools in Windows hebt, dan is het goed!

    Indien niet, dan is spdt.sys een rootkit.
    Dan mag je TDSSKiller nogmaals gebruiken!


    Graag wil ook het volgende van jou:

    [list:f4cf02687b][b:f4cf02687b]graag een Uninstall-lijst posten:[/b:f4cf02687b]
    [*:f4cf02687b] start HijackThis,
    [*:f4cf02687b] klik op de knop [b:f4cf02687b]Open the Misc Tools section[/b:f4cf02687b],
    [*:f4cf02687b] klik op de knop [b:f4cf02687b]Open Uninstall Manager[/b:f4cf02687b]
    [*:f4cf02687b] Klik op de knop [b:f4cf02687b]Save[/b:f4cf02687b].[/list:u:f4cf02687b]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.