Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Trojan verwijderd, is mij pc nu wel veilig? HijackThis log

None
23 antwoorden
  • Enige tijd geleden heb ik met Malwarebytes' Anti-Malware een trojan van mijn pc verwijderd. Daarna heeft ie geen spyware meer gevonden.
    Voor de zekerheid heb ik nog een hijackThis log gemaakt, kan iemand hier voor mij naar kijken?
    Alvast bedankt.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 22:24:10, on 14-6-2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files (x86)\Ralink\Common\RaUI.exe
    C:\Users\Gijs\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Users\Gijs\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe
    O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Gijs\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [RGSC] D:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-2249780994-661647712-1259628986-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-2249780994-661647712-1259628986-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - Startup: Dropbox.lnk = Gijs\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O4 - Global Startup: PC Alert 4.lnk = C:\Program Files (x86)\MSI\PC Alert 4\StartPCAlert4.exe
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\Ralink\Common\RaUI.exe
    O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: &Virtueel toetsenbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Users\Gijs\Desktop\PartyCasino.lnk (file missing)
    O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Users\Gijs\Desktop\PartyCasino.lnk (file missing)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Gijs\Desktop\PartyPoker.lnk (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Gijs\Desktop\PartyPoker.lnk (file missing)
    O9 - Extra button: URL Adviseur - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32
    vvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
    O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: wampapache - Apache Software Foundation - D:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - D:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 13785 bytes


  • Hallo Hans, je mag nu eerst het volgende doen:

    sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:f7769b40e0]Fix checked[/b:f7769b40e0] klikt!


    Start nu HijackThis middels rechtsklik met Administratorrechten (lukt dat niet ga dan naar de installatielokatie van HijackThis en start "hijackthis.exe" vervolgens met administratorrechten.)en klik op de knop [b:f7769b40e0]Do a Scan only,

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Users\Gijs\Desktop\PartyCasino.lnk (file missing)
    O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Users\Gijs\Desktop\PartyCasino.lnk (file missing)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Gijs\Desktop\PartyPoker.lnk (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Gijs\Desktop\PartyPoker.lnk (file missing)[/b:f7769b40e0]

    [list:f7769b40e0][*:f7769b40e0] zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen
    [*:f7769b40e0] Sluit nu de webbrowser en vervolgens klik je daarna op de knop [b:f7769b40e0]Fix checked[/b:f7769b40e0]
    [*:f7769b40e0] Klik hierna HijackThis op uit.[/list:u:f7769b40e0]
    [b:f7769b40e0] Start de computer na de fix opnieuw op[/b:f7769b40e0]


    Daarna doe je de twee scans zoals hieronder vermeld:

    1) [b:f7769b40e0]Welk programma[/b:f7769b40e0]: MBRCheck.exe
    [b:f7769b40e0]Waarvoor/waarom[/b:f7769b40e0]: speciale scan op mbr-rootkits
    [b:f7769b40e0]Moeilijkheidsgraad[/b:f7769b40e0]: geen.
    [b:f7769b40e0]Download MBRCheck.exe[/b:f7769b40e0]

    [b:f7769b40e0]MBRCheck.exe opstarten[/b:f7769b40e0]:
    Windows 2000 en Windows XP: start "MBRCheck.exe" middels dubbelklik op "MBRCheck.exe".
    Windows Vista en Windows 7: start "MBRCheck.exe" middels rechtsklik op "MBRCheck.exe" en dan kiezen voor "Als Administrator uitvoeren".

    [list:f7769b40e0][*:f7769b40e0]een zwart scherm toont zich met enkele data erin.
    [*:f7769b40e0]Op je bureaublad zal een logbestand met de naam "MBRcheckxxxx.txt" verschijnen.
    [*:f7769b40e0]Kopieer nu de inhoud van dat log in je volgende post.[/list:u:f7769b40e0]


    2) [b:f7769b40e0]Welk programma[/b:f7769b40e0]: Kaspersky [b:f7769b40e0]TDSSKiller[/b:f7769b40e0]
    [b:f7769b40e0]Waarvoor/waarom[/b:f7769b40e0]: Rootkitscanner
    [b:f7769b40e0]Moeilijkheidsgraad[/b:f7769b40e0]: geen
    [b:f7769b40e0]Downloadlokatie[/b:f7769b40e0]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
    [b:f7769b40e0]Download[/b:f7769b40e0] [b:f7769b40e0]TDSSKiller[/b:f7769b40e0] [b:f7769b40e0]hier[/b:f7769b40e0].

    [b:f7769b40e0]Installatie[/b:f7769b40e0]:
    [list:f7769b40e0][*:f7769b40e0] pak het bestand uit op je bureaublad.[/list:u:f7769b40e0]

    [b:f7769b40e0]TDSSKiller gebruiken[/b:f7769b40e0]:
    [list:f7769b40e0][*:f7769b40e0]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe.
    [*:f7769b40e0]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:f7769b40e0]Als Administrator uitvoeren[/b:f7769b40e0].
    [*:f7769b40e0] Nadat de scan klaar is, vindt je het log in de C:\ partitie
    [*:f7769b40e0] Post de inhoud van dat log[/list:u:f7769b40e0]

  • hallo Abraham,
    Bedankt voor je reactie.
    Hier de verschillende logjes:


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:00:17, on 15-6-2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files (x86)\Ralink\Common\RaUI.exe
    C:\Users\Gijs\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Users\Gijs\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe
    O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Gijs\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [RGSC] D:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-2249780994-661647712-1259628986-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-2249780994-661647712-1259628986-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - Startup: Dropbox.lnk = Gijs\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O4 - Global Startup: PC Alert 4.lnk = C:\Program Files (x86)\MSI\PC Alert 4\StartPCAlert4.exe
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\Ralink\Common\RaUI.exe
    O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: &Virtueel toetsenbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: URL Adviseur - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32
    vvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
    O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: wampapache - Apache Software Foundation - D:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - D:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 12555 bytes



    MBRCheck, version 1.2.3
    © 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: Service Pack 1 (build 7601), 64-bit
    Base Board Manufacturer: MSI
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: MSI
    System Product Name: MS-7599
    Logical Drives Mask: 0x00003c3c

    Kernel Drivers (total 200):
    0x02E1D000 \SystemRoot\system32
    toskrnl.exe
    0x03406000 \SystemRoot\system32\hal.dll
    0x00BAD000 \SystemRoot\system32\kdcom.dll
    0x00C6F000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00C7C000 \SystemRoot\system32\PSHED.dll
    0x00C90000 \SystemRoot\system32\CLFS.SYS
    0x00CEE000 \SystemRoot\system32\CI.dll
    0x00EE2000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F86000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x01056000 \SystemRoot\System32\Drivers\spho.sys
    0x0117C000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x01185000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x00F95000 \SystemRoot\system32\drivers\ACPI.sys
    0x011B4000 \SystemRoot\system32\drivers\msisadrv.sys
    0x011BE000 \SystemRoot\system32\drivers\vdrvroot.sys
    0x011CB000 \SystemRoot\system32\drivers\pci.sys
    0x01000000 \SystemRoot\System32\drivers\partmgr.sys
    0x01015000 \SystemRoot\system32\drivers\volmgr.sys
    0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
    0x0102A000 \SystemRoot\system32\drivers\pciide.sys
    0x01031000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x00E5C000 \SystemRoot\System32\drivers\mountmgr.sys
    0x01041000 \SystemRoot\system32\drivers\atapi.sys
    0x00E76000 \SystemRoot\system32\drivers\ataport.SYS
    0x0104A000 \SystemRoot\system32\drivers\amdxata.sys
    0x00DAE000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00EA0000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01230000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x00C00000 \SystemRoot\System32\Drivers\msrpc.sys
    0x013D3000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x0141E000 \SystemRoot\System32\Drivers\cng.sys
    0x01490000 \SystemRoot\System32\drivers\pcw.sys
    0x014A1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x014AB000 \SystemRoot\system32\drivers
    dis.sys
    0x0159E000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01200000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x0167B000 \SystemRoot\System32\drivers\tcpip.sys
    0x0187F000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x018C9000 \SystemRoot\system32\drivers\volsnap.sys
    0x01915000 \SystemRoot\System32\Drivers\spldr.sys
    0x0191D000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01957000 \SystemRoot\System32\Drivers\mup.sys
    0x01969000 \SystemRoot\system32\DRIVERS\klbg.sys
    0x01977000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01980000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x019BA000 \SystemRoot\system32\DRIVERS\disk.sys
    0x019D0000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x01636000 \SystemRoot\system32\drivers\cdrom.sys
    0x02C2B000 \SystemRoot\system32\DRIVERS\klif.sys
    0x02C88000 \SystemRoot\System32\Drivers\Null.SYS
    0x02C91000 \SystemRoot\System32\Drivers\Beep.SYS
    0x02C98000 \SystemRoot\System32\drivers\vga.sys
    0x02CA6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02CCB000 \SystemRoot\System32\drivers\watchdog.sys
    0x02CDB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02CE4000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02CED000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x02CF6000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02D01000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x02D12000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x02D34000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x04826000 \SystemRoot\system32\DRIVERS\kl1.sys
    0x04D4F000 \SystemRoot\system32\drivers\afd.sys
    0x02D41000 \SystemRoot\System32\DRIVERS
    etbt.sys
    0x04DD8000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x04800000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x04DE1000 \SystemRoot\system32\DRIVERS\klim6.sys
    0x02D86000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x04DEB000 \SystemRoot\system32\DRIVERS
    etbios.sys
    0x02D9C000 \SystemRoot\system32\DRIVERS\serial.sys
    0x02DB9000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02DD4000 \SystemRoot\system32\drivers\termdd.sys
    0x042A9000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x042FA000 \SystemRoot\system32\drivers
    siproxy.sys
    0x04306000 \SystemRoot\system32\drivers\mssmbios.sys
    0x04311000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
    0x0431B000 \SystemRoot\System32\drivers\discache.sys
    0x0432A000 \SystemRoot\System32\Drivers\dfsc.sys
    0x04348000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x04359000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x0437F000 \SystemRoot\system32\DRIVERS\amdppm.sys
    0x13057000 \SystemRoot\system32\DRIVERS
    vlddmkm.sys
    0x13CFC000 \SystemRoot\System32\Drivers
    vBridge.kmd
    0x13CFE000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x13000000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x04394000 \SystemRoot\system32\drivers\HDAudBus.sys
    0x043B8000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
    0x13046000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
    0x13DF2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x043CA000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x04200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x04256000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x04267000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x04273000 \SystemRoot\system32\drivers\i8042prt.sys
    0x04291000 \SystemRoot\system32\drivers\kbdclass.sys
    0x03EAF000 \SystemRoot\system32\DRIVERS
    etr28x.sys
    0x03F97000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x03FA4000 \SystemRoot\System32\Drivers\azqblf41.SYS
    0x03FE9000 \SystemRoot\system32\drivers\wmiacpi.sys
    0x03E00000 \SystemRoot\system32\drivers\CompositeBus.sys
    0x03E10000 \SystemRoot\system32\DRIVERS\serscan.sys
    0x03E18000 \SystemRoot\system32\drivers\ksthunk.sys
    0x03E1E000 \SystemRoot\system32\drivers\ks.sys
    0x03E61000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x03E77000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x03E9B000 \SystemRoot\system32\DRIVERS
    distapi.sys
    0x04475000 \SystemRoot\system32\DRIVERS
    diswan.sys
    0x044A4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x044BF000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x044E0000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x044FA000 \SystemRoot\system32\drivers\mouclass.sys
    0x04509000 \SystemRoot\system32\drivers\swenum.sys
    0x0450B000 \SystemRoot\system32\drivers\umbus.sys
    0x0451D000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x04577000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x0458C000 \SystemRoot\system32\drivers
    vhda64v.sys
    0x045B9000 \SystemRoot\system32\drivers\portcls.sys
    0x04400000 \SystemRoot\system32\drivers\drmk.sys
    0x05E18000 \SystemRoot\system32\drivers\HdAudio.sys
    0x00080000 \SystemRoot\System32\win32k.sys
    0x05E74000 \SystemRoot\System32\drivers\Dxapi.sys
    0x05E80000 \SystemRoot\system32\drivers\hidusb.sys
    0x05E8E000 \SystemRoot\system32\drivers\HIDCLASS.SYS
    0x05EA7000 \SystemRoot\system32\drivers\HIDPARSE.SYS
    0x05EB0000 \SystemRoot\system32\drivers\USBD.SYS
    0x05EB2000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x05ECF000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x05EDC000 \SystemRoot\system32\DRIVERS\klmouflt.sys
    0x05EE6000 \SystemRoot\system32\DRIVERS\xusb21.sys
    0x05EF9000 \SystemRoot\system32\drivers\USBSTOR.SYS
    0x05F14000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x05F22000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x05F30000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x05F3C000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x05F45000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x00400000 \SystemRoot\System32\TSDDD.dll
    0x006C0000 \SystemRoot\System32\cdd.dll
    0x00920000 \SystemRoot\System32\ATMFD.DLL
    0x05F58000 \SystemRoot\system32\drivers\luafv.sys
    0x05F7B000 \SystemRoot\system32\drivers\WudfPf.sys
    0x05F9C000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x04422000 \SystemRoot\system32\DRIVERS
    wifi.sys
    0x05FB1000 \SystemRoot\system32\DRIVERS
    disuio.sys
    0x05FC4000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x066ED000 \SystemRoot\system32\drivers\HTTP.sys
    0x067B6000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x067D4000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x06600000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x0662D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0667A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x07421000 \SystemRoot\system32\drivers\peauth.sys
    0x074C7000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x074D2000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x07503000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x07515000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x08010000 \SystemRoot\System32\DRIVERS\srv.sys
    0x080A8000 \SystemRoot\system32\DRIVERS\LVPr2M64.sys
    0x080B2000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x080E3000 \SystemRoot\system32\drivers\mrxdav.sys
    0x0810B000 \??\C:\Windows\system32\drivers\mbam.sys
    0x08186000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x770D0000 \Windows\System32
    tdll.dll
    0x47FE0000 \Windows\System32\smss.exe
    0xFF3F0000 \Windows\System32\apisetschema.dll
    0xFF040000 \Windows\System32\autochk.exe
    0xFF370000 \Windows\System32\gdi32.dll
    0xFF2F0000 \Windows\System32\shlwapi.dll
    0xFF2E0000 \Windows\System32
    si.dll
    0xFF240000 \Windows\System32\msvcrt.dll
    0xFF170000 \Windows\System32\usp10.dll
    0x76F80000 \Windows\System32\urlmon.dll
    0xFF140000 \Windows\System32\imm32.dll
    0xFF030000 \Windows\System32\msctf.dll
    0xFF010000 \Windows\System32\imagehlp.dll
    0xFEF70000 \Windows\System32\clbcatq.dll
    0x76E60000 \Windows\System32\kernel32.dll
    0xFEE90000 \Windows\System32\advapi32.dll
    0xFEE70000 \Windows\System32\sechost.dll
    0x772A0000 \Windows\System32
    ormaliz.dll
    0x76D60000 \Windows\System32\user32.dll
    0xFEE20000 \Windows\System32\ws2_32.dll
    0xFEDC0000 \Windows\System32\Wldap32.dll
    0x77290000 \Windows\System32\psapi.dll
    0xFED40000 \Windows\System32\difxapi.dll
    0xFED30000 \Windows\System32\lpk.dll
    0xFEC90000 \Windows\System32\comdlg32.dll
    0xFEB60000 \Windows\System32\rpcrt4.dll
    0x76B50000 \Windows\System32\iertutil.dll
    0xFE950000 \Windows\System32\ole32.dll
    0xFE770000 \Windows\System32\setupapi.dll
    0xFD9E0000 \Windows\System32\shell32.dll
    0xFD900000 \Windows\System32\oleaut32.dll
    0x769F0000 \Windows\System32\wininet.dll
    0xFD860000 \Windows\System32\comctl32.dll
    0xFD840000 \Windows\System32\devobj.dll
    0xFD6D0000 \Windows\System32\crypt32.dll
    0xFD690000 \Windows\System32\cfgmgr32.dll
    0xFD620000 \Windows\System32\KernelBase.dll
    0xFD5E0000 \Windows\System32\wintrust.dll
    0xFD5D0000 \Windows\System32\msasn1.dll

    Processes (total 86):
    0 System Idle Process
    4 System
    352 C:\Windows\System32\smss.exe
    460 csrss.exe
    520 C:\Windows\System32\wininit.exe
    552 csrss.exe
    608 C:\Windows\System32\services.exe
    616 C:\Windows\System32\winlogon.exe
    628 C:\Windows\System32\lsass.exe
    636 C:\Windows\System32\lsm.exe
    752 C:\Windows\System32\svchost.exe
    816 C:\Windows\System32
    vvsvc.exe
    856 C:\Windows\System32\svchost.exe
    932 C:\Windows\System32\svchost.exe
    984 C:\Windows\System32\svchost.exe
    1016 C:\Windows\System32\svchost.exe
    704 C:\Windows\System32\svchost.exe
    1076 C:\Windows\System32\svchost.exe
    1272 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    1284 C:\Windows\System32
    vvsvc.exe
    1404 C:\Windows\System32\wlanext.exe
    1412 C:\Windows\System32\conhost.exe
    1512 C:\Windows\System32\spoolsv.exe
    1548 C:\Windows\System32\svchost.exe
    1628 C:\Windows\SysWOW64\svchost.exe
    1664 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1696 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    1732 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1800 C:\Windows\System32\svchost.exe
    1824 C:\Windows\SysWOW64\svchost.exe
    1856 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
    1908 LVPrS64H.exe
    1100 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
    1376 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    2224 C:\Windows\System32\taskhost.exe
    2308 C:\Windows\System32\dwm.exe
    2368 C:\Windows\explorer.exe
    2740 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    2960 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    3008 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    3016 C:\Program Files (x86)\SEC\Natural Color\NaturalColorLoad.exe
    2324 C:\Windows\System32\svchost.exe
    2600 C:\Windows\System32\svchost.exe
    2968 C:\Program Files\NVIDIA Corporation\Display
    vtray.exe
    2560 C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
    1264 C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
    1032 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    3068 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    3096 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    3148 C:\Program Files (x86)\Ralink\Common\RaUI.exe
    3164 C:\Users\Gijs\AppData\Roaming\Dropbox\bin\Dropbox.exe
    3304 C:\Program Files (x86)\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe
    3332 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    3400 C:\Windows\System32\svchost.exe
    3452 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    3472 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    3636 C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    3984 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    3508 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2400 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    4180 C:\Windows\System32\SearchIndexer.exe
    4240 WmiPrvSE.exe
    4540 C:\Windows\System32\svchost.exe
    4596 C:\Windows\System32\svchost.exe
    4820 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    4852 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    4980 WUDFHost.exe
    4008 C:\Program Files\iPod\bin\iPodService.exe
    3732 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    4728 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    1228 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    5068 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    4620 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    696 C:\Windows\System32\svchost.exe
    4604 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5028 C:\Windows\System32\taskeng.exe
    5356 C:\Users\Gijs\AppData\Local\Google\Chrome\Application\chrome.exe
    3812 C:\Users\Gijs\AppData\Local\Google\Chrome\Application\chrome.exe
    1440 C:\Windows\SysWOW64\rundll32.exe
    5308 C:\Users\Gijs\AppData\Local\Google\Chrome\Application\chrome.exe
    6000 C:\Windows\System32\SearchProtocolHost.exe
    5900 C:\Windows\System32\SearchFilterHost.exe
    2664 C:\Windows\System32\audiodg.exe
    5688 C:\Users\Gijs\Desktop\MBRCheck.exe
    5100 C:\Windows\System32\conhost.exe
    3368 C:\Windows\System32\dllhost.exe

    \\.\C: –> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
    \\.\D: –> \\.\PhysicalDrive0 at offset 0x00000075`ec600000 (NTFS)

    PhysicalDrive0 Model Number: SAMSUNGHD103SJ, Rev: 1AJ100E4

    Size Device Name MBR Status
    ——————————————–
    931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!



    2011/06/15 08:55:04.0539 5844 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
    2011/06/15 08:55:04.0617 5844 ================================================================================
    2011/06/15 08:55:04.0617 5844 SystemInfo:
    2011/06/15 08:55:04.0617 5844
    2011/06/15 08:55:04.0617 5844 OS Version: 6.1.7601 ServicePack: 1.0
    2011/06/15 08:55:04.0617 5844 Product type: Workstation
    2011/06/15 08:55:04.0617 5844 ComputerName: GIJS-PC
    2011/06/15 08:55:04.0617 5844 UserName: Gijs
    2011/06/15 08:55:04.0617 5844 Windows directory: C:\Windows
    2011/06/15 08:55:04.0617 5844 System windows directory: C:\Windows
    2011/06/15 08:55:04.0617 5844 Running under WOW64
    2011/06/15 08:55:04.0617 5844 Processor architecture: Intel x64
    2011/06/15 08:55:04.0617 5844 Number of processors: 4
    2011/06/15 08:55:04.0617 5844 Page size: 0x1000
    2011/06/15 08:55:04.0617 5844 Boot type: Normal boot
    2011/06/15 08:55:04.0617 5844 ================================================================================
    2011/06/15 08:55:05.0460 5844 Initialize success
    2011/06/15 08:55:10.0889 5272 ================================================================================
    2011/06/15 08:55:10.0889 5272 Scan started
    2011/06/15 08:55:10.0889 5272 Mode: Manual;
    2011/06/15 08:55:10.0889 5272 ================================================================================
    2011/06/15 08:55:11.0887 5272 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    2011/06/15 08:55:11.0934 5272 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    2011/06/15 08:55:11.0965 5272 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    2011/06/15 08:55:12.0027 5272 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/06/15 08:55:12.0074 5272 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/06/15 08:55:12.0105 5272 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/06/15 08:55:12.0152 5272 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
    2011/06/15 08:55:12.0183 5272 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    2011/06/15 08:55:12.0246 5272 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    2011/06/15 08:55:12.0277 5272 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    2011/06/15 08:55:12.0308 5272 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/06/15 08:55:12.0339 5272 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/06/15 08:55:12.0371 5272 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    2011/06/15 08:55:12.0386 5272 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/06/15 08:55:12.0417 5272 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    2011/06/15 08:55:12.0433 5272 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    2011/06/15 08:55:12.0480 5272 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/06/15 08:55:12.0495 5272 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/06/15 08:55:12.0527 5272 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/06/15 08:55:12.0651 5272 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    2011/06/15 08:55:12.0729 5272 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/06/15 08:55:12.0761 5272 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/06/15 08:55:12.0807 5272 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/06/15 08:55:12.0839 5272 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/06/15 08:55:12.0885 5272 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    2011/06/15 08:55:12.0901 5272 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/06/15 08:55:12.0917 5272 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/06/15 08:55:12.0948 5272 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/06/15 08:55:12.0963 5272 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/06/15 08:55:12.0979 5272 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/06/15 08:55:12.0995 5272 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/06/15 08:55:13.0026 5272 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/06/15 08:55:13.0057 5272 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/06/15 08:55:13.0073 5272 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    2011/06/15 08:55:13.0088 5272 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/06/15 08:55:13.0119 5272 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/06/15 08:55:13.0151 5272 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/06/15 08:55:13.0166 5272 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    2011/06/15 08:55:13.0213 5272 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    2011/06/15 08:55:13.0229 5272 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/06/15 08:55:13.0260 5272 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    2011/06/15 08:55:13.0275 5272 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/06/15 08:55:13.0322 5272 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    2011/06/15 08:55:13.0353 5272 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/06/15 08:55:13.0369 5272 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/06/15 08:55:13.0416 5272 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/06/15 08:55:13.0447 5272 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/06/15 08:55:13.0509 5272 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/06/15 08:55:13.0603 5272 ElbyCDFL (9387a484d31209d7fc3f795a787294db) C:\Windows\system32\Drivers\ElbyCDFL.sys
    2011/06/15 08:55:13.0728 5272 ElbyCDIO (702d5606cf2199e0edea6f0e0d27cd10) C:\Windows\system32\Drivers\ElbyCDIO.sys
    2011/06/15 08:55:13.0790 5272 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/06/15 08:55:13.0821 5272 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    2011/06/15 08:55:13.0853 5272 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/06/15 08:55:13.0868 5272 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/06/15 08:55:13.0884 5272 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/06/15 08:55:13.0915 5272 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/06/15 08:55:13.0931 5272 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/06/15 08:55:14.0009 5272 FLASHSYS (5b314cc7640d091de8f3bc822490da28) C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys
    2011/06/15 08:55:14.0040 5272 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/06/15 08:55:14.0087 5272 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    2011/06/15 08:55:14.0118 5272 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/06/15 08:55:14.0133 5272 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/06/15 08:55:14.0165 5272 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/06/15 08:55:14.0180 5272 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/06/15 08:55:14.0211 5272 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/06/15 08:55:14.0243 5272 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/06/15 08:55:14.0274 5272 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    2011/06/15 08:55:14.0289 5272 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    2011/06/15 08:55:14.0321 5272 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/06/15 08:55:14.0336 5272 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/06/15 08:55:14.0352 5272 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/06/15 08:55:14.0383 5272 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    2011/06/15 08:55:14.0477 5272 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    2011/06/15 08:55:14.0523 5272 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    2011/06/15 08:55:14.0555 5272 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    2011/06/15 08:55:14.0586 5272 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    2011/06/15 08:55:14.0633 5272 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    2011/06/15 08:55:14.0664 5272 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/06/15 08:55:14.0695 5272 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    2011/06/15 08:55:14.0726 5272 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/06/15 08:55:14.0757 5272 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/06/15 08:55:14.0773 5272 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    2011/06/15 08:55:14.0820 5272 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/06/15 08:55:14.0851 5272 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/06/15 08:55:14.0867 5272 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    2011/06/15 08:55:14.0898 5272 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    2011/06/15 08:55:14.0913 5272 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    2011/06/15 08:55:14.0945 5272 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    2011/06/15 08:55:14.0991 5272 kl1 (db449f50e5141458eb58e64ffac4863f) C:\Windows\system32\DRIVERS\kl1.sys
    2011/06/15 08:55:15.0007 5272 KLBG (87200a8afe40532baa4d2b24a7ba0eea) C:\Windows\system32\DRIVERS\klbg.sys
    2011/06/15 08:55:15.0069 5272 KLIF (09bad645d3843669c281431c7df2db2e) C:\Windows\system32\DRIVERS\klif.sys
    2011/06/15 08:55:15.0116 5272 KLIM6 (630f22545379437737cf4172f09fe449) C:\Windows\system32\DRIVERS\klim6.sys
    2011/06/15 08:55:15.0132 5272 klmouflt (786791291939abb11f6d0f040da23912) C:\Windows\system32\DRIVERS\klmouflt.sys
    2011/06/15 08:55:15.0194 5272 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    2011/06/15 08:55:15.0241 5272 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/06/15 08:55:15.0257 5272 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/06/15 08:55:15.0303 5272 L1C (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys
    2011/06/15 08:55:15.0335 5272 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/06/15 08:55:15.0381 5272 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/06/15 08:55:15.0397 5272 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/06/15 08:55:15.0413 5272 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/06/15 08:55:15.0428 5272 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/06/15 08:55:15.0459 5272 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/06/15 08:55:15.0491 5272 lvpopf64 (c586cc39820b6e7fe3657fed8329d300) C:\Windows\system32\DRIVERS\lvpopf64.sys
    2011/06/15 08:55:15.0553 5272 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
    2011/06/15 08:55:15.0615 5272 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
    2011/06/15 08:55:15.0662 5272 LVRS64 (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys
    2011/06/15 08:55:15.0756 5272 LVUVC64 (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys
    2011/06/15 08:55:15.0849 5272 MBAMProtector (ed49fd1373de93617a1f6d128d98fe4d) C:\Windows\system32\drivers\mbam.sys
    2011/06/15 08:55:15.0943 5272 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/06/15 08:55:15.0990 5272 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/06/15 08:55:16.0021 5272 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/06/15 08:55:16.0052 5272 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/06/15 08:55:16.0068 5272 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    2011/06/15 08:55:16.0099 5272 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/06/15 08:55:16.0115 5272 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    2011/06/15 08:55:16.0146 5272 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    2011/06/15 08:55:16.0161 5272 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/06/15 08:55:16.0193 5272 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    2011/06/15 08:55:16.0224 5272 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/06/15 08:55:16.0239 5272 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/06/15 08:55:16.0271 5272 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/06/15 08:55:16.0286 5272 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    2011/06/15 08:55:16.0317 5272 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    2011/06/15 08:55:16.0349 5272 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/06/15 08:55:16.0364 5272 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/06/15 08:55:16.0380 5272 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    2011/06/15 08:55:16.0411 5272 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/06/15 08:55:16.0442 5272 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/06/15 08:55:16.0458 5272 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/06/15 08:55:16.0473 5272 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    2011/06/15 08:55:16.0505 5272 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    2011/06/15 08:55:16.0551 5272 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/06/15 08:55:16.0567 5272 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/06/15 08:55:16.0598 5272 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/06/15 08:55:16.0645 5272 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS
    wifi.sys
    2011/06/15 08:55:16.0676 5272 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers
    dis.sys
    2011/06/15 08:55:16.0707 5272 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS
    discap.sys
    2011/06/15 08:55:16.0723 5272 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS
    distapi.sys
    2011/06/15 08:55:16.0770 5272 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS
    disuio.sys
    2011/06/15 08:55:16.0801 5272 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS
    diswan.sys
    2011/06/15 08:55:16.0832 5272 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    2011/06/15 08:55:16.0863 5272 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS
    etbios.sys
    2011/06/15 08:55:16.0895 5272 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS
    etbt.sys
    2011/06/15 08:55:16.0941 5272 netr28x (336a9164be14da360a7e95dba26fcc30) C:\Windows\system32\DRIVERS
    etr28x.sys
    2011/06/15 08:55:16.0988 5272 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS
    frd960.sys
    2011/06/15 08:55:17.0035 5272 nmwcdx64 (ad8c3895155ee8d057f073856b2d5851) C:\Windows\system32\drivers
    mwcdx64.sys
    2011/06/15 08:55:17.0051 5272 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/06/15 08:55:17.0066 5272 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers
    siproxy.sys
    2011/06/15 08:55:17.0113 5272 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    2011/06/15 08:55:17.0144 5272 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/06/15 08:55:17.0175 5272 NVHDA (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers
    vhda64v.sys
    2011/06/15 08:55:17.0363 5272 nvlddmkm (a963c2c276a97b088ded5d7a83be8052) C:\Windows\system32\DRIVERS
    vlddmkm.sys
    2011/06/15 08:55:17.0441 5272 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers
    vraid.sys
    2011/06/15 08:55:17.0472 5272 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers
    vstor.sys
    2011/06/15 08:55:17.0534 5272 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers
    v_agp.sys
    2011/06/15 08:55:17.0565 5272 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    2011/06/15 08:55:17.0612 5272 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/06/15 08:55:17.0628 5272 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    2011/06/15 08:55:17.0690 5272 PCAlertDriver (764333cfc8ab20c4367525be5d67fa74) C:\Program Files (x86)\MSI\PC Alert 4\NTGLM7X64.sys
    2011/06/15 08:55:17.0737 5272 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    2011/06/15 08:55:17.0768 5272 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    2011/06/15 08:55:17.0784 5272 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/06/15 08:55:17.0815 5272 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/06/15 08:55:17.0831 5272 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/06/15 08:55:17.0924 5272 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/06/15 08:55:17.0940 5272 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/06/15 08:55:17.0987 5272 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    2011/06/15 08:55:18.0049 5272 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/06/15 08:55:18.0096 5272 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/06/15 08:55:18.0127 5272 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/06/15 08:55:18.0143 5272 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/06/15 08:55:18.0174 5272 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/06/15 08:55:18.0205 5272 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/06/15 08:55:18.0236 5272 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/06/15 08:55:18.0252 5272 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/06/15 08:55:18.0299 5272 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/06/15 08:55:18.0314 5272 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/06/15 08:55:18.0330 5272 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/06/15 08:55:18.0361 5272 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/06/15 08:55:18.0392 5272 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/06/15 08:55:18.0408 5272 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    2011/06/15 08:55:18.0455 5272 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    2011/06/15 08:55:18.0486 5272 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/06/15 08:55:18.0517 5272 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    2011/06/15 08:55:18.0564 5272 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/06/15 08:55:18.0579 5272 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/06/15 08:55:18.0626 5272 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/06/15 08:55:18.0642 5272 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/06/15 08:55:18.0673 5272 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/06/15 08:55:18.0704 5272 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    2011/06/15 08:55:18.0720 5272 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/06/15 08:55:18.0735 5272 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    2011/06/15 08:55:18.0767 5272 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/06/15 08:55:18.0782 5272 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/06/15 08:55:18.0813 5272 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/06/15 08:55:18.0829 5272 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/06/15 08:55:18.0860 5272 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/06/15 08:55:18.0907 5272 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
    2011/06/15 08:55:18.0907 5272 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
    2011/06/15 08:55:18.0923 5272 sptd - detected LockedFile.Multi.Generic (1)
    2011/06/15 08:55:18.0969 5272 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
    2011/06/15 08:55:19.0001 5272 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
    2011/06/15 08:55:19.0032 5272 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/06/15 08:55:19.0063 5272 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/06/15 08:55:19.0094 5272 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    2011/06/15 08:55:19.0141 5272 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    2011/06/15 08:55:19.0219 5272 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
    2011/06/15 08:55:19.0297 5272 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/06/15 08:55:19.0328 5272 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    2011/06/15 08:55:19.0359 5272 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/06/15 08:55:19.0375 5272 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/06/15 08:55:19.0391 5272 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    2011/06/15 08:55:19.0422 5272 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    2011/06/15 08:55:19.0453 5272 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/06/15 08:55:19.0484 5272 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    2011/06/15 08:55:19.0515 5272 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/06/15 08:55:19.0531 5272 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/06/15 08:55:19.0562 5272 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    2011/06/15 08:55:19.0593 5272 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    2011/06/15 08:55:19.0640 5272 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    2011/06/15 08:55:19.0656 5272 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/06/15 08:55:19.0703 5272 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
    2011/06/15 08:55:19.0734 5272 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    2011/06/15 08:55:19.0765 5272 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
    2011/06/15 08:55:19.0781 5272 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    2011/06/15 08:55:19.0827 5272 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/06/15 08:55:19.0859 5272 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/06/15 08:55:19.0890 5272 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/06/15 08:55:19.0921 5272 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/06/15 08:55:19.0937 5272 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
    2011/06/15 08:55:19.0952 5272 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/06/15 08:55:19.0968 5272 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    2011/06/15 08:55:19.0999 5272 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    2011/06/15 08:55:20.0030 5272 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/06/15 08:55:20.0046 5272 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/06/15 08:55:20.0061 5272 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    2011/06/15 08:55:20.0108 5272 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    2011/06/15 08:55:20.0139 5272 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    2011/06/15 08:55:20.0155 5272 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    2011/06/15 08:55:20.0186 5272 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    2011/06/15 08:55:20.0217 5272 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/06/15 08:55:20.0233 5272 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/06/15 08:55:20.0264 5272 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/06/15 08:55:20.0295 5272 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/06/15 08:55:20.0342 5272 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/06/15 08:55:20.0358 5272 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/06/15 08:55:20.0405 5272 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/06/15 08:55:20.0420 5272 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/06/15 08:55:20.0467 5272 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/06/15 08:55:20.0483 5272 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/06/15 08:55:20.0529 5272 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/06/15 08:55:20.0561 5272 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    2011/06/15 08:55:20.0592 5272 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/06/15 08:55:20.0623 5272 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    2011/06/15 08:55:20.0639 5272 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/06/15 08:55:20.0685 5272 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
    2011/06/15 08:55:20.0717 5272 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    2011/06/15 08:55:20.0717 5272 ================================================================================
    2011/06/15 08:55:20.0717 5272 Scan finished
    2011/06/15 08:55:20.0717 5272 ================================================================================
    2011/06/15 08:55:20.0717 2936 Detected object count: 1
    2011/06/15 08:55:20.0717 2936 Actual detected object count: 1
    2011/06/15 08:57:18.0325 2936 LockedFile.Multi.Generic(sptd) - User select action: Skip







































  • Hoi Hans, heb jij DaemonTools in jouw Windows?
  • Hoi Abraham,

    Klopt ik maak soms gebruik van DaemonTools
  • Oké, dan moeten we die voor de duur van de fix deaktiveren.
    Overigens: beide voorgaande logs zijn verder prima.

    [b:92291b2c92]Welk programma[/b:92291b2c92]: Defogger
    [b:92291b2c92]Waarvoor/waarom[/b:92291b2c92]: Tool om CD-emulator-software te de-aktiveren dan wel weer te re-aktiveren
    [b:92291b2c92]Moeilijkheidsgraad[/b:92291b2c92]: geen.


    Download [b:92291b2c92]Defogger[/b:92291b2c92] naar of herplaats het tool naar jouw bureaublad.
    [list:92291b2c92][*:92291b2c92]Dubbelklik op Defogger.exe om de tool te starten.
    [*:92291b2c92]In het scherm dat verschijnt klik je op de knop "Disable".
    [*:92291b2c92]In het volgende scherm klik je op Ja (Yes) om verder te gaan.
    [*:92291b2c92]Wacht vervolgens tot je de melding 'Finished' krijgt en klik in dat scherm op "Ok".
    [*:92291b2c92]Indien DeFogger vraagt om de computer te herstarten doe je dit.[/list:u:92291b2c92]
  • Dat is allemaal goed gegaan.
    Bedankt voor de hulp Abraham
  • Hoiu Hans, wil je alsnog het log posten, ook al denk je dat het nu goed is, hoeft dat nog helemaal niet te zijn!
  • Bij deze de log:

    ComboFix 11-06-14.03 - Gijs 15-06-2011 11:13:38.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.6143.4519 [GMT 2:00]
    Gestart vanuit: c:\users\Gijs\Desktop\ComboFix.exe
    AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    AV: Kaspersky Anti-Virus *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
    FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    SP: Kaspersky Anti-Virus *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    SP: Kaspersky Anti-Virus *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    [i:ef313e4141] ADS - Windows: deleted 24 bytes in 1 streams. [/i:ef313e4141]
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Gijs\AppData\Roaming\chrtmp
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-05-15 to 2011-06-15 ))))))))))))))))))))))))))))))
    .
    .
    2011-06-15 09:18 . 2011-06-15 09:18 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
    2011-06-15 09:18 . 2011-06-15 09:18 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-06-15 06:31 . 2011-06-15 06:31 ——– d—–w- c:\users\Gijs\AppData\Local\{F3EA22BB-A13B-4AED-B843-7E2B9F457CF1}
    2011-06-14 20:20 . 2011-06-14 20:20 ——– d—–w- c:\users\Gijs\AppData\Local\{245A3917-0C8A-4749-A176-147A76D70CF7}
    2011-06-08 06:37 . 2011-06-08 06:37 ——– d—–w- c:\users\Gijs\AppData\Local\{7F620562-C224-4EE6-B1EC-8449582CAC2D}
    2011-06-07 18:54 . 2011-06-07 18:54 ——– d—–w- c:\users\Gijs\AppData\Local\{5F151409-E9E5-4B2B-86FB-C9589D61895E}
    2011-06-07 11:35 . 2011-05-29 07:11 39984 —-a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-06-07 11:35 . 2011-05-29 07:11 25912 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-07 11:23 . 2011-05-09 22:00 8718160 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6DA7B30-5A29-44C0-A591-DACE775DEAB1}\mpengine.dll
    2011-06-07 11:20 . 2011-06-07 11:20 ——– d—–w- c:\users\Gijs\AppData\Local\{2645CAE0-A891-43A4-98B3-1D9DE19C97EA}
    2011-06-06 11:13 . 2011-06-06 11:13 ——– d—–w- c:\users\Gijs\AppData\Local\{E99D0F40-2CC1-439E-A82A-9C4BD0E65CC5}
    2011-06-06 10:46 . 2011-06-06 10:46 ——– d—–w- c:\program files (x86)\Trend Micro
    2011-06-06 10:29 . 2011-06-06 10:29 ——– d—–w- c:\users\Gijs\AppData\Roaming\Malwarebytes
    2011-06-06 10:29 . 2011-06-06 10:29 ——– d—–w- c:\programdata\Malwarebytes
    2011-06-06 10:29 . 2011-06-07 11:35 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-06-06 10:14 . 2011-06-06 11:10 ——– d—–w- c:\programdata\Spybot - Search & Destroy
    2011-06-06 10:14 . 2011-06-06 11:10 ——– d—–w- c:\program files (x86)\Spybot - Search & Destroy
    2011-06-06 09:53 . 2011-06-06 09:53 49752 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-06-06 09:50 . 2011-06-06 09:50 ——– d—–w- c:\programdata\Lavasoft
    2011-06-06 09:50 . 2011-06-06 09:50 ——– d—–w- c:\program files (x86)\Lavasoft
    2011-06-06 08:59 . 2011-06-06 08:59 ——– d—–w- c:\users\Gijs\AppData\Local\{867FABF6-4B31-4106-A38E-940D6758162C}
    2011-06-01 07:40 . 2011-06-01 07:40 ——– d—–w- c:\users\Gijs\AppData\Local\{5987075E-E297-42B0-8C9E-3B6FB7206F99}
    2011-05-31 19:40 . 2011-05-31 19:40 ——– d—–w- c:\users\Gijs\AppData\Local\{7E6D5432-AB38-46B4-BE78-19DA93D0DB97}
    2011-05-31 09:41 . 2011-06-06 11:10 ——– d—–w- c:\users\Gijs\AppData\Roaming\Binreader
    2011-05-31 07:40 . 2011-05-31 07:40 ——– d—–w- c:\users\Gijs\AppData\Local\{CF22327E-127A-4F61-A5C4-6F3272BC490C}
    2011-05-29 13:11 . 2011-05-29 13:11 ——– d—–w- c:\users\Gijs\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
    2011-05-29 13:11 . 2011-06-06 11:10 ——– d—–w- c:\program files (x86)\TweetDeck
    2011-05-29 10:11 . 2011-05-29 10:11 ——– d—–w- c:\users\Gijs\AppData\Local\{714F9955-FAFF-428A-A81D-3868A75BA835}
    2011-05-28 22:10 . 2011-05-28 22:10 ——– d—–w- c:\users\Gijs\AppData\Local\{2792084F-D26A-46FB-BFC1-EE3BCF96CC88}
    2011-05-28 21:11 . 2011-05-28 21:11 ——– d—–w- c:\users\Gijs\AppData\Local\{AC02F29F-3F11-467F-A7BB-680DA2FB17B1}
    2011-05-26 06:49 . 2011-05-26 06:49 ——– d—–w- c:\users\Gijs\AppData\Local\{FC33F5A2-7328-4154-813F-E9FF40321594}
    2011-05-25 21:35 . 2011-05-25 21:35 ——– d—–w- c:\users\Gijs\AppData\Local\{8122624F-A076-465D-9DEA-1CCEA468A5ED}
    2011-05-25 06:51 . 2011-04-22 22:15 27520 —-a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-05-25 06:48 . 2011-05-25 06:48 ——– d—–w- c:\users\Gijs\AppData\Local\{BDA0EFAC-C664-439D-81F0-5304101FF5A9}
    2011-05-24 19:15 . 2011-05-24 19:16 ——– d—–w- c:\users\Gijs\Nieuwe map
    2011-05-24 19:11 . 2011-05-24 19:11 ——– d—–w- c:\users\Gijs\AppData\Local\{87BD7060-4E82-421E-B40B-72693D7C0906}
    2011-05-24 12:53 . 2011-05-24 12:53 ——– d–h–r- c:\users\Gijs\AppData\Roaming\SecuROM
    2011-05-24 11:39 . 2011-04-09 06:58 142336 —-a-w- c:\windows\system32\poqexec.exe
    2011-05-24 11:39 . 2011-04-09 05:56 123904 —-a-w- c:\windows\SysWow64\poqexec.exe
    2011-05-24 06:53 . 2011-05-24 06:53 ——– d—–w- c:\users\Gijs\AppData\Local\{4A6FE3A5-DB06-4092-B550-2105E7AEE7C6}
    2011-05-23 08:46 . 2011-05-23 08:46 ——– d—–w- c:\users\Gijs\AppData\Local\{464EDAFD-4DF4-4E37-933C-AEFCB3A043D5}
    2011-05-23 06:48 . 2011-05-23 06:48 ——– d—–w- c:\users\Gijs\AppData\Local\{04BDEA90-D219-4E59-BF29-2969C6D5BED5}
    2011-05-22 11:22 . 2011-05-22 11:22 ——– d—–w- c:\users\Gijs\AppData\Local\{E643EB56-2DB0-4633-B585-E98DD32ECC99}
    2011-05-21 06:23 . 2011-05-21 06:23 ——– d—–w- c:\users\Gijs\AppData\Local\{0534311D-84A3-4430-9C4F-7DE442277B01}
    2011-05-20 13:47 . 2011-05-20 13:47 ——– d—–w- c:\program files\iTunes
    2011-05-20 13:47 . 2011-05-20 13:47 ——– d—–w- c:\program files (x86)\iTunes
    2011-05-20 13:47 . 2011-05-20 13:47 ——– d—–w- c:\program files\iPod
    2011-05-20 13:44 . 2011-05-20 13:44 ——– d—–w- c:\program files\Bonjour
    2011-05-20 13:44 . 2011-05-20 13:44 ——– d—–w- c:\program files (x86)\Bonjour
    2011-05-20 13:32 . 2011-05-20 13:32 ——– d—–w- c:\users\Gijs\AppData\Local\{6F20AF86-3BB6-4950-8C16-34D9995DFE55}
    2011-05-18 07:20 . 2011-05-18 07:20 ——– d—–w- c:\users\Gijs\AppData\Local\{8B39DBE3-E0B8-45F7-AA99-5660A78184AB}
    2011-05-17 21:58 . 2011-05-17 21:58 404640 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-05-17 21:56 . 2011-05-17 21:56 ——– d—–w- c:\users\Gijs\AppData\Local\{CCDF8A55-993E-4AAD-BCB9-0E389A5EBB8D}
    2011-05-17 07:02 . 2011-05-17 07:02 ——– d—–w- c:\users\Gijs\AppData\Local\{3638A00F-23B0-4E1D-A262-4D5C3F5B56DF}
    2011-05-16 18:59 . 2011-05-16 18:59 ——– d—–w- c:\users\Gijs\AppData\Local\{B599F498-8F07-41F7-90A8-93C369373200}
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-01 08:11 . 2011-05-01 08:11 86528 —-a-w- c:\windows\SysWow64\iesysprep.dll
    2011-05-01 08:11 . 2011-05-01 08:11 76800 —-a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-05-01 08:11 . 2011-05-01 08:11 74752 —-a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-05-01 08:11 . 2011-05-01 08:11 74752 —-a-w- c:\windows\SysWow64\iesetup.dll
    2011-05-01 08:11 . 2011-05-01 08:11 63488 —-a-w- c:\windows\SysWow64\tdc.ocx
    2011-05-01 08:11 . 2011-05-01 08:11 48640 —-a-w- c:\windows\SysWow64\mshtmler.dll
    2011-05-01 08:11 . 2011-05-01 08:11 367104 —-a-w- c:\windows\SysWow64\html.iec
    2011-05-01 08:11 . 2011-05-01 08:11 23552 —-a-w- c:\windows\SysWow64\licmgr10.dll
    2011-05-01 08:11 . 2011-05-01 08:11 1797632 —-a-w- c:\windows\SysWow64\jscript9.dll
    2011-05-01 08:11 . 2011-05-01 08:11 161792 —-a-w- c:\windows\SysWow64\msls31.dll
    2011-05-01 08:11 . 2011-05-01 08:11 1427456 —-a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-05-01 08:11 . 2011-05-01 08:11 1126912 —-a-w- c:\windows\SysWow64\wininet.dll
    2011-05-01 08:11 . 2011-05-01 08:11 110592 —-a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-05-01 08:11 . 2011-05-01 08:11 420864 —-a-w- c:\windows\SysWow64\vbscript.dll
    2011-05-01 08:11 . 2011-05-01 08:11 35840 —-a-w- c:\windows\SysWow64\imgutil.dll
    2011-05-01 08:11 . 2011-05-01 08:11 2382848 —-a-w- c:\windows\SysWow64\mshtml.tlb
    2011-05-01 08:11 . 2011-05-01 08:11 152064 —-a-w- c:\windows\SysWow64\wextract.exe
    2011-05-01 08:11 . 2011-05-01 08:11 150528 —-a-w- c:\windows\SysWow64\iexpress.exe
    2011-05-01 08:11 . 2011-05-01 08:11 142848 —-a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-05-01 08:11 . 2011-05-01 08:11 11776 —-a-w- c:\windows\SysWow64\mshta.exe
    2011-05-01 08:11 . 2011-05-01 08:11 101888 —-a-w- c:\windows\SysWow64\admparse.dll
    2011-05-01 08:11 . 2011-05-01 08:11 89088 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-05-01 08:11 . 2011-05-01 08:11 222208 —-a-w- c:\windows\system32\msls31.dll
    2011-05-01 08:11 . 2011-05-01 08:11 91648 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-05-01 08:11 . 2011-05-01 08:11 85504 —-a-w- c:\windows\system32\iesetup.dll
    2011-05-01 08:11 . 2011-05-01 08:11 76800 —-a-w- c:\windows\system32\tdc.ocx
    2011-05-01 08:11 . 2011-05-01 08:11 603648 —-a-w- c:\windows\system32\vbscript.dll
    2011-05-01 08:11 . 2011-05-01 08:11 49664 —-a-w- c:\windows\system32\imgutil.dll
    2011-05-01 08:11 . 2011-05-01 08:11 48640 —-a-w- c:\windows\system32\mshtmler.dll
    2011-05-01 08:11 . 2011-05-01 08:11 448512 —-a-w- c:\windows\system32\html.iec
    2011-05-01 08:11 . 2011-05-01 08:11 30720 —-a-w- c:\windows\system32\licmgr10.dll
    2011-05-01 08:11 . 2011-05-01 08:11 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-05-01 08:11 . 2011-05-01 08:11 2303488 —-a-w- c:\windows\system32\jscript9.dll
    2011-05-01 08:11 . 2011-05-01 08:11 173056 —-a-w- c:\windows\system32\ieUnatt.exe
    2011-05-01 08:11 . 2011-05-01 08:11 165888 —-a-w- c:\windows\system32\iexpress.exe
    2011-05-01 08:11 . 2011-05-01 08:11 160256 —-a-w- c:\windows\system32\wextract.exe
    2011-05-01 08:11 . 2011-05-01 08:11 1492992 —-a-w- c:\windows\system32\inetcpl.cpl
    2011-05-01 08:11 . 2011-05-01 08:11 1389056 —-a-w- c:\windows\system32\wininet.dll
    2011-05-01 08:11 . 2011-05-01 08:11 135168 —-a-w- c:\windows\system32\IEAdvpack.dll
    2011-05-01 08:11 . 2011-05-01 08:11 12288 —-a-w- c:\windows\system32\mshta.exe
    2011-05-01 08:11 . 2011-05-01 08:11 114176 —-a-w- c:\windows\system32\admparse.dll
    2011-05-01 08:11 . 2011-05-01 08:11 111616 —-a-w- c:\windows\system32\iesysprep.dll
    2011-04-30 19:37 . 2009-07-14 02:36 152576 —-a-w- c:\windows\SysWow64\msclmd.dll
    2011-04-30 19:37 . 2009-07-14 02:36 175616 —-a-w- c:\windows\system32\msclmd.dll
    2011-04-09 16:55 . 2011-04-09 16:55 15453336 —-a-w- c:\windows\SysWow64\xlive.dll
    2011-04-09 16:55 . 2011-04-09 16:55 13642904 —-a-w- c:\windows\SysWow64\xlivefnt.dll
    2011-04-09 07:02 . 2011-05-11 08:42 5562240 —-a-w- c:\windows\system32
    toskrnl.exe
    2011-04-09 06:02 . 2011-05-11 08:42 3967872 —-a-w- c:\windows\SysWow64
    tkrnlpa.exe
    2011-04-09 06:02 . 2011-05-11 08:42 3912576 —-a-w- c:\windows\SysWow64
    toskrnl.exe
    2011-04-08 05:14 . 2011-05-01 08:25 8411752 —-a-w- c:\windows\system32
    vwgf2umx.dll
    2011-04-08 05:14 . 2011-05-01 08:25 67176 —-a-w- c:\windows\system32\OpenCL.dll
    2011-04-08 05:14 . 2011-05-01 08:25 57960 —-a-w- c:\windows\SysWow64\OpenCL.dll
    2011-04-08 05:14 . 2011-05-01 08:25 20700264 —-a-w- c:\windows\system32
    voglv64.dll
    2011-04-08 05:14 . 2011-05-01 08:25 1619048 —-a-w- c:\windows\system32
    vdispco6420140.dll
    2011-04-08 05:14 . 2011-05-01 08:25 15227496 —-a-w- c:\windows\SysWow64
    voglv32.dll
    2011-04-08 05:14 . 2011-05-01 08:25 1404008 —-a-w- c:\windows\system32
    vgenco642060.dll
    2011-04-08 05:14 . 2011-05-01 08:25 13262184 —-a-w- c:\windows\system32\drivers
    vlddmkm.sys
    2011-04-08 05:14 . 2011-05-01 08:25 6974056 —-a-w- c:\windows\system32
    vcuda.dll
    2011-04-08 05:14 . 2011-05-01 08:25 5183080 —-a-w- c:\windows\SysWow64
    vcuda.dll
    2011-04-08 05:14 . 2011-05-01 08:25 2893416 —-a-w- c:\windows\system32
    vcuvid.dll
    2011-04-08 05:14 . 2011-05-01 08:25 2765928 —-a-w- c:\windows\SysWow64
    vcuvid.dll
    2011-04-08 05:14 . 2011-05-01 08:25 2204264 —-a-w- c:\windows\system32
    vcuvenc.dll
    2011-04-08 05:14 . 2011-05-01 08:25 2074216 —-a-w- c:\windows\SysWow64
    vcuvenc.dll
    2011-04-08 05:14 . 2011-05-01 08:25 18578536 —-a-w- c:\windows\system32
    vcompiler.dll
    2011-04-08 05:14 . 2011-05-01 08:25 13007464 —-a-w- c:\windows\SysWow64
    vcompiler.dll
    2011-04-08 05:14 . 2011-05-01 08:25 12934248 —-a-w- c:\windows\system32
    vd3dumx.dll
    2011-04-08 05:14 . 2011-05-01 08:25 10071656 —-a-w- c:\windows\SysWow64
    vd3dum.dll
    2011-04-08 05:14 . 2011-05-01 08:25 2034280 —-a-w- c:\windows\SysWow64
    vapi.dll
    2011-04-08 05:14 . 2011-03-08 17:40 6299752 —-a-w- c:\windows\SysWow64
    vwgf2um.dll
    2011-04-08 05:14 . 2010-10-15 10:03 2273896 —-a-w- c:\windows\system32
    vapi64.dll
    2011-04-07 21:19 . 2011-04-07 21:19 2582120 —-a-w- c:\windows\system32
    vsvcr.dll
    2011-04-07 21:19 . 2011-04-07 21:19 117864 —-a-w- c:\windows\system32
    vmctray.dll
    2011-04-07 21:19 . 2011-04-07 21:19 1012328 —-a-w- c:\windows\system32
    vvsvc.exe
    2011-04-07 21:19 . 2011-04-07 21:19 797288 —-a-w- c:\windows\system32\easyUpdatusAPIU64.dll
    2011-04-07 21:19 . 2011-04-07 21:19 6338152 —-a-w- c:\windows\system32
    vcpl.dll
    2011-04-07 21:18 . 2011-04-07 21:18 3041384 —-a-w- c:\windows\system32
    vsvc64.dll
    2011-04-06 14:26 . 2011-04-06 14:26 96544 —-a-w- c:\windows\system32\dnssd.dll
    2011-04-06 14:26 . 2011-04-06 14:26 69408 —-a-w- c:\windows\system32\jdns_sd.dll
    2011-04-06 14:26 . 2011-04-06 14:26 237856 —-a-w- c:\windows\system32\dnssdX.dll
    2011-04-06 14:26 . 2011-04-06 14:26 119584 —-a-w- c:\windows\system32\dns-sd.exe
    2011-04-06 14:20 . 2011-04-06 14:20 91424 —-a-w- c:\windows\SysWow64\dnssd.dll
    2011-04-06 14:20 . 2011-04-06 14:20 75040 —-a-w- c:\windows\SysWow64\jdns_sd.dll
    2011-04-06 14:20 . 2011-04-06 14:20 197920 —-a-w- c:\windows\SysWow64\dnssdX.dll
    2011-04-06 14:20 . 2011-04-06 14:20 107808 —-a-w- c:\windows\SysWow64\dns-sd.exe
    2011-03-25 03:29 . 2011-05-11 08:42 343040 —-a-w- c:\windows\system32\drivers\usbhub.sys
    2011-03-25 03:29 . 2011-05-11 08:42 98816 —-a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-03-25 03:29 . 2011-05-11 08:42 325120 —-a-w- c:\windows\system32\drivers\usbport.sys
    2011-03-25 03:29 . 2011-05-11 08:42 52736 —-a-w- c:\windows\system32\drivers\usbehci.sys
    2011-03-25 03:29 . 2011-05-11 08:42 25600 —-a-w- c:\windows\system32\drivers\usbohci.sys
    2011-03-25 03:28 . 2011-05-11 08:42 7936 —-a-w- c:\windows\system32\drivers\usbd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 —-a-w- c:\users\Gijs\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 —-a-w- c:\users\Gijs\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 —-a-w- c:\users\Gijs\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-10-15 340520]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "DelReg"="c:\program files (x86)\MSI\OverclockingCenter\DelReg.exe" [2008-12-04 196608]
    "CloneCDTray"="d:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-26 421160]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    .
    c:\users\Gijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Gijs\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
    EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2011-3-7 969216]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
    NaturalColorLoad.lnk - c:\program files (x86)\SEC\Natural Color\NaturalColorLoad.exe [2011-3-26 155715]
    PC Alert 4.lnk - c:\program files (x86)\MSI\PC Alert 4\StartPCAlert4.exe [2011-3-8 188416]
    Ralink Wireless Utility.lnk - c:\program files (x86)\Ralink\Common\RaUI.exe [2011-1-3 1672480]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
    R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [2008-02-15 15192]
    R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
    R3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
    R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers
    mwcdx64.sys [x]
    R3 PCAlertDriver;PCAlertDriver;c:\program files (x86)\MSI\PC Alert 4\NTGLM7X64.sys [2008-09-19 43632]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [x]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
    S2 MSSQL$PAPEXPRESS;SQL Server (PAPEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
    S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2009-12-15 212256]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe [2011-04-07 378472]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS
    etr28x.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers
    vhda64v.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2249780994-661647712-1259628986-1000Core.job
    - c:\users\Gijs\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-15 10:17]
    .
    2011-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2249780994-661647712-1259628986-1000UA.job
    - c:\users\Gijs\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-15 10:17]
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 —-a-w- c:\users\Gijs\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 —-a-w- c:\users\Gijs\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 —-a-w- c:\users\Gijs\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 —-a-w- c:\users\Gijs\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.2.1
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Wow6432Node-HKCU-Run-IBP - (no file)
    Wow6432Node-HKCU-Run-RGSC - d:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_USERS\S-1-5-21-2249780994-661647712-1259628986-1000\Software\SecuROM\License information*]
    "datasecu"=hex:a3,8e,96,79,da,d8,c4,da,89,36,40,13,3c,c2,c1,90,c5,75,db,99,8c,
    40,8f,ae,48,26,cb,0a,fa,8d,6a,9f,7b,0c,81,94,c8,dd,8b,1f,0b,76,82,da,95,03,\
    "rkeysecu"=hex:a3,d6,f3,ec,c0,f9,5d,77,06,b3,ce,86,f5,d2,f0,ec
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
    c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
    c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\program files (x86)\Ralink\Common\RaRegistry.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-06-15 11:22:31 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-06-15 09:22
    .
    Pre-Run: 409.756.524.544 bytes beschikbaar
    Post-Run: 409.022.570.496 bytes beschikbaar
    .
    - - End Of File - - D3EF2B868F53876B1575A00ECA824BE5






























  • Hoi Hans, doe het volgende:

    [b:4377f47656]Doe de ESET online scan (Klik).[/b:4377f47656]
    [list:4377f47656]
    [*:4377f47656]Klik op de knop [b:4377f47656]ESET Online Scanner[/b:4377f47656]
    [*:4377f47656]Zet een vinkje bij [b:4377f47656]YES, I accept the Terms of Use[/b:4377f47656]
    [*:4377f47656]Klik op [b:4377f47656]Start[/b:4377f47656]
    [*:4377f47656]Sta het ActiveX control toe om te installeren.
    [*:4377f47656]Klik op [b:4377f47656]"Advanced settings"[/b:4377f47656]
    [*:4377f47656]Zet een vinkje bij de volgende opties:
    [list:4377f47656][*:4377f47656][b:4377f47656]Remove found threats[/b:4377f47656]
    [*:4377f47656][b:4377f47656]Scan archives[/b:4377f47656]
    [*:4377f47656][b:4377f47656]Scan for potentially unwanted applications[/b:4377f47656]
    [*:4377f47656][b:4377f47656]Scan for potentially unsafe applications[/b:4377f47656]
    [*:4377f47656][b:4377f47656]Enable Anti-Stealth technology [/b:4377f47656][/list:u:4377f47656]
    [*:4377f47656]Klik op [b:4377f47656]Start[/b:4377f47656]
    [*:4377f47656]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
    [*:4377f47656]Je mag het venster sluiten wanneer de scan klaar is.
    [*:4377f47656]Gebruik [b:4377f47656]Kladblok[/b:4377f47656] om het logje te openen. Dit logje vind je in de lokatie C:\Program Files\EsetOnlineScanner\[b:4377f47656]log.txt[/b:4377f47656]
    [*:4377f47656]Kopieer en plak de inhoud van dit logje in je volgende bericht.[/list:u:4377f47656]
    N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller!
  • Hoi Abraham,

    De log zier er zo uit:


    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK

    Ik heb ook nog de resultaten van de scan in een txt bestandje gezet:


    D:\mijn docs\Mijn ontvangen bestanden\Genuine Windows XP CrackPack.rar a variant of Win32/HackTool.Patcher.A application deleted - quarantined
    D:\mijn docs\Mijn ontvangen bestanden\Genuine Windows XP CrackPack\wgapatch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
  • Jij hebt eerder een niet legitieme Windows gebruikt?
  • Dat was een hele tijd geleden ja, op een andere pc. Ik had toen een backup van mijn documenten gemaakt en daar stond dit in.
    Nu gebruik ik gewoon een legitieme versie
  • Oké - verwijder dan asap die twee cracks en leeg direkt daarna de prullenbak!

    Doe daarna dit: om te kijken hoe je huidige veiligheidssituatie is.

    Download naar je bureaublad [b:584108bd5e].
    [list:584108bd5e][*:584108bd5e] Klik/dubbelklik op [b:584108bd5e]SecurityCheck.exe[/b:584108bd5e] en let op de instrukties in het zwarte vesnter.
    [*:584108bd5e] Een Kladblok document genaamd [b:584108bd5e]checkup.txt[/b:584108bd5e] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
    [*:584108bd5e] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:584108bd5e]
    Post de inhoud van [b:584108bd5e]checkup.txt [/b:584108bd5e]in je volgende post.
  • Hierbij:


    Results of screen317's Security Check version 0.99.13
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    [b:8a9df875cc]``````````````````````````````
    [u:8a9df875cc]Antivirus/Firewall Check:[/u:8a9df875cc][/b:8a9df875cc]
    ESET Online Scanner v3
    Kaspersky Anti-Virus 2010
    [size=1:8a9df875cc]WMI entry may not exist for antivirus; attempting automatic update.[/size:8a9df875cc]
    [b:8a9df875cc]```````````````````````````````
    [u:8a9df875cc]Anti-malware/Other Utilities Check:[/u:8a9df875cc][/b:8a9df875cc]
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 24
  • Daar moet het een en ander dus geupdated worden!

    1) Download daarom eerst naar je bureaublad [b:44825db52f]Java 6 Update 26 (x86) voor Windows 7/XP/Vista/2000/2003/2008 Offline[/b:44825db52f]

    Echter nog niet de nieuwe versie installeren!


    Je gaat daarna eerst naar Configuratiescherm
    [list:44825db52f][*:44825db52f][b:44825db52f]Software[/b:44825db52f] - Windows 2000/Windows XP
    [*:44825db52f][b:44825db52f]Programma's en onderdelen[/b:44825db52f] - Windows Vista en Windows 7[/list:u:44825db52f] en je verwijdert daar [b:44825db52f]Java(TM) 6 Update 24[/b:44825db52f]

    Vervolgens start jij je PC opnieuw op.

    Dan mag je daarna de nieuwste Java versie installeren.


    N.B. Windows 64-bit gebruikers doen het het zelfde met de reeds geïnstalleerde oude Java x64.

    [b:44825db52f]Java 6 Update 26 (x64) Offline[/b:44825db52f]


    2) Adobe Reader Versie X(10.1) is uit - deze is veiliger dan de voorgaande Readers, doordat deze versie in een virtuele omgeving opstart!

    Dus: verwijder eerst de oude Reader en dan ga naar http://get.adobe.com/nl
    eader/
    om de nieuwste versie te verkrijgen!


    Na de installatie Adobe Reader updaten:

    dat doe je door in de menubalk van Adobe Reader op de knop [b:44825db52f]Help[/b:44825db52f] te klikken
    en vervolgens in het uitklapmenu op [b:44825db52f]Controleren op updates…[/b:44825db52f] te klikken.

    De updater zal dan aktief worden, let op meldingen.
    Is er een update beschikbaar, geef akkoord en wacht verdere meldingen in de systray af.

    N.B. - zorg er wel voor dat Adobe Reader afgesloten is indien de update wordt geïnstalleerd.


    3) Adobe Flashplayer is ook vernieuwd!

    Zie daarvoor: http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=213334
  • Is gebeurd. Ben ik nu klaar?
  • Vertel nu eerst hoe jou Windows nu draait.
  • Mijn windows draait nu erg soepel, nergens last van of vreemde dingen die gebeuren. Het draait zelfs beter dan eerst.
  • hoi Hans, dan gaan we opruimen:

    Defogger: je mag DaemonTools weer aktiveren.


    ComboFix mag nu verwijderd worden:
    [list:67f08213b7][*:67f08213b7] ga daarvoor naar Start - Uitvoeren
    [*:67f08213b7] kopieer en plak hierin het volgende: [b:67f08213b7]Combofix /Uninstall[/b:67f08213b7]
    [*:67f08213b7] klik daarna op [b:67f08213b7]OK[/b:67f08213b7].
    [*:67f08213b7] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:67f08213b7]

    Voorbeeld:

    [img:67f08213b7]http://www.emphyrio.be/images/SMUninstall_combofix.png[/img:67f08213b7]

    Uitvoeren kan ook gestart worden door de toetsen "Windowstoets + R" gelijktijdig in te drukken.

    [i:67f08213b7]Dit zal Combofix verwijderen inclusief gerelateerde mappen en bestanden,
    herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
    gaat verborgen bestanden en systeembestanden terug verbergen
    en reset je Systeemherstel opnieuw.[/i:67f08213b7]



    Download [b:67f08213b7] (by OldTimer)
    [list:67f08213b7][*:67f08213b7]Plaats het bestand op je bureaublad.
    [*:67f08213b7]Zorg dat er een internetverbinding is.
    [*:67f08213b7]Vista / W7 Gebruikers :
    [list:67f08213b7][*:67f08213b7]Klik vervolgens met je rechtermuisknop op OTC.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.[/list:u:67f08213b7]
    [*:67f08213b7]XP Gebruikers:
    [list:67f08213b7][*:67f08213b7]Dubbelklik op OTC[/list:u:67f08213b7]
    [*:67f08213b7]Klik nu op de knop "CleanUp!"
    [*:67f08213b7]Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil,
    mag je dit toestaan, het programma heeft die connectie nodig.
    [*:67f08213b7]OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.[/list:u:67f08213b7]

    [i:67f08213b7][b:67f08213b7]Nota[/b:67f08213b7]: Het gebruik van OTC.exe zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.[/i:67f08213b7]


    En dan nog een tip:

    ga een paar keer per jaar naar [b:67f08213b7]Secunia PSI[/b:67f08213b7] (klik) om te controleren of ook alles binnen Windows uptodate is.
    Want alleen dan is Windows op zijn veiligst!

    Klik op de Secunia site eerst op de knop [b:67f08213b7]Start Scanner[/b:67f08213b7] en zet vervolgens op de nieuwe pagina eerst een vinkje bij [b:67f08213b7]Enable thorough system inspection[/b:67f08213b7] aleer op [b:67f08213b7]Start[/b:67f08213b7] te klikken!

    Gebruik je geen Java, dan zal de site niet werken.
    Dan kan je de [b:67f08213b7]Secunia Personal Software Inspector (PSI)[/b:67f08213b7] downloaden en installeren.
    N.B.: na installatie start dit tool automatisch met Windows, maar dat is echt niet nodig en kan uitgescakeld worden!
    http://secunia.com/vulnerability_scanning/personal/

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.