Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

HijackThis log vanwege computerproblemen!

Abraham54
76 antwoorden
  • Naar aanleiding van mijn ander topic
    http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=1467880#1467880
    deze logfile:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 16:52:49, on 17-11-2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B3T61C75\HijackThis (1).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://willibrord.orionelo.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll (file missing)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111113150322.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe"
    unkey
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
    O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://*.mcafee.com
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 13863 bytes
  • Hoi, je log toont feitelijk niets bijzonders.

    [b:f9de499291]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:f9de499291]
    [list:f9de499291][*:f9de499291]Lees alle instrukties goed door.
    [*:f9de499291]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat serieuze problemen in Windows veroorzaken.
    [*:f9de499291]Onthou je van het gebruik van tools cq. updates anders dan die ik jou adviseer te gebruiken.
    [*:f9de499291]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken.
    [*:f9de499291]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht.
    [*:f9de499291]De fix, eenmaal gestart, moet afgewerkt worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:f9de499291][/color:f9de499291]

    [b:f9de499291]Stap •1•[/b:f9de499291][/color:f9de499291]
    [[b:f9de499291]Welk programma[/b:f9de499291]: Kaspersky [b:f9de499291]TDSSKiller[/b:f9de499291]
    [b:f9de499291]Waarvoor/waarom[/b:f9de499291]: Rootkitscanner
    [b:f9de499291]Moeilijkheidsgraad[/b:f9de499291]: geen
    [b:f9de499291]Downloadlokatie[/b:f9de499291]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
    [b:f9de499291]Download[/b:f9de499291] [b:f9de499291]TDSSKiller[/b:f9de499291] [b:f9de499291]hier[/b:f9de499291].

    [b:f9de499291]Installatie[/b:f9de499291]:
    [list:f9de499291][*:f9de499291] pak het bestand uit op je bureaublad.[/list:u:f9de499291]

    [b:f9de499291]TDSSKiller gebruiken[/b:f9de499291]:
    [list:f9de499291][*:f9de499291]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe.
    [*:f9de499291]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:f9de499291]Als Administrator uitvoeren[/b:f9de499291].
    [*:f9de499291]Idien TDSSKiller met een bericht komt over een beschikbare update, dan voer je deze eerst uit.[/list:u:f9de499291]
    [img:f9de499291]http://www.imgdumper.nl/uploads4/4dc1d6438f791/4dc1d6438d897-TDSSKiller_2011-05-05_00-26-21.jpg[/img:f9de499291]

    [list:f9de499291][*:f9de499291]Klik vervolgens op de knop [b:f9de499291]"Start Scan"[/b:f9de499291] en volg de instructies.
    [*:f9de499291] Nadat de scan klaar is klik je op de knop [b:f9de499291]"Report"[/b:f9de499291].
    [*:f9de499291]Er opent een kladblokbestand. Post de inhoud van dit bestand.
    [list:f9de499291][*:f9de499291][b:f9de499291]Herstart de pc indien TDSSKiller die optie aangeeft (Reboot now).[/b:f9de499291]
    [*:f9de499291]Wanneer het opnieuw opstarten noodzakelijk is, vind je de logfile in [b:f9de499291]C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt[/b:f9de499291][/list:u:f9de499291][/list:u:f9de499291]
    [b:f9de499291]Stap •2•[/b:f9de499291][/color:f9de499291]
    [b:f9de499291]Welk programma[/b:f9de499291]: ComboFix
    [b:f9de499291]Waarvoor/waarom[/b:f9de499291]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:f9de499291]Moeilijkheidsgraad[/b:f9de499291]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:f9de499291]Downloadlokatie[/b:f9de499291]: Dit programma absoluut naar het bureaublad downloaden!
    [b:f9de499291]Download ComboFix via één van deze locaties[/b:f9de499291]:
    [list:f9de499291][*:f9de499291][b:f9de499291]Bleepingcomputer[/b:f9de499291]
    [*:f9de499291][b:f9de499291]ForoSpyware[/b:f9de499291]
    [*:f9de499291][b:f9de499291]Geekstogo[/b:f9de499291][/list:u:f9de499291]
    [b:f9de499291]Hier[/b:f9de499291] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:f9de499291]Hier[/b:f9de499291] en [b:f9de499291]hier[/b:f9de499291] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:f9de499291]Voor alle duidelijkheid nogmaals[/b:f9de499291]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:f9de499291]Opmerkingen[/b:f9de499291]:
    [list:f9de499291][*:f9de499291] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:f9de499291]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:f9de499291]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:f9de499291]
    [b:f9de499291]ComboFix is opgestart[/b:f9de499291]:
    [list:f9de499291][*:f9de499291]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:f9de499291]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:f9de499291]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:f9de499291]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:f9de499291]Post de inhoud van dit logbestand in je volgende bericht.
    [*:f9de499291]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:f9de499291]
    [b:f9de499291]Belangrijke opmerking[/b:f9de499291]:
    [list:f9de499291][*:f9de499291][b:f9de499291]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:f9de499291][/b:f9de499291]
    [*:f9de499291][b:f9de499291]Illegal operation attempted on a registery key that has been marked for deletion.[/color:f9de499291][/b:f9de499291]
    [*:f9de499291][b:f9de499291]Start dan de computer opnieuw op.[/color:f9de499291][/b:f9de499291][/list:u:f9de499291]

    [b:f9de499291]Stap •3•[/b:f9de499291][/color:f9de499291]
    [b:f9de499291]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:f9de499291]
    [list:f9de499291][*:f9de499291] TDSSKiller-log
    [*:f9de499291] ComboFix.txt-log
    [/list:u:f9de499291]
  • TDSS log

    21:39:27.0487 1156 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
    21:39:29.0134 1156 ============================================================
    21:39:29.0135 1156 Current date / time: 2011/11/17 21:39:29.0134
    21:39:29.0135 1156 SystemInfo:
    21:39:29.0135 1156
    21:39:29.0135 1156 OS Version: 6.1.7601 ServicePack: 1.0
    21:39:29.0135 1156 Product type: Workstation
    21:39:29.0135 1156 ComputerName: NICO-LAPTOP
    21:39:29.0135 1156 UserName: Nico
    21:39:29.0135 1156 Windows directory: C:\Windows
    21:39:29.0135 1156 System windows directory: C:\Windows
    21:39:29.0135 1156 Running under WOW64
    21:39:29.0135 1156 Processor architecture: Intel x64
    21:39:29.0135 1156 Number of processors: 4
    21:39:29.0135 1156 Page size: 0x1000
    21:39:29.0135 1156 Boot type: Normal boot
    21:39:29.0135 1156 ============================================================
    21:39:29.0741 1156 Initialize success
    21:39:32.0043 7980 ============================================================
    21:39:32.0043 7980 Scan started
    21:39:32.0043 7980 Mode: Manual;
    21:39:32.0043 7980 ============================================================
    21:39:34.0148 7980 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    21:39:34.0191 7980 1394ohci - ok
    21:39:34.0234 7980 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    21:39:34.0236 7980 ACPI - ok
    21:39:34.0327 7980 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    21:39:34.0364 7980 AcpiPmi - ok
    21:39:34.0428 7980 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    21:39:34.0445 7980 adp94xx - ok
    21:39:34.0574 7980 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    21:39:34.0583 7980 adpahci - ok
    21:39:34.0617 7980 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    21:39:34.0624 7980 adpu320 - ok
    21:39:34.0892 7980 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    21:39:34.0942 7980 AFD - ok
    21:39:35.0130 7980 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
    21:39:35.0155 7980 AgereSoftModem - ok
    21:39:35.0257 7980 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    21:39:35.0263 7980 agp440 - ok
    21:39:35.0311 7980 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    21:39:35.0316 7980 aliide - ok
    21:39:35.0420 7980 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    21:39:35.0423 7980 amdide - ok
    21:39:35.0465 7980 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    21:39:35.0469 7980 AmdK8 - ok
    21:39:35.0705 7980 amdkmdag (f05b22ce901fc26ae55a1a27aa674d96) C:\Windows\system32\DRIVERS\atikmdag.sys
    21:39:35.0971 7980 amdkmdag - ok
    21:39:36.0085 7980 amdkmdap (ed25d58581b5a28593c277f482fccd62) C:\Windows\system32\DRIVERS\atikmpag.sys
    21:39:36.0131 7980 amdkmdap - ok
    21:39:36.0156 7980 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    21:39:36.0159 7980 AmdPPM - ok
    21:39:36.0279 7980 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    21:39:36.0333 7980 amdsata - ok
    21:39:36.0370 7980 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    21:39:36.0378 7980 amdsbs - ok
    21:39:36.0491 7980 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    21:39:36.0559 7980 amdxata - ok
    21:39:36.0636 7980 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    21:39:36.0673 7980 AppID - ok
    21:39:36.0780 7980 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    21:39:36.0785 7980 arc - ok
    21:39:36.0795 7980 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    21:39:36.0807 7980 arcsas - ok
    21:39:36.0837 7980 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    21:39:36.0843 7980 AsyncMac - ok
    21:39:36.0938 7980 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    21:39:36.0942 7980 atapi - ok
    21:39:37.0116 7980 atikmdag (f05b22ce901fc26ae55a1a27aa674d96) C:\Windows\system32\DRIVERS\atikmdag.sys
    21:39:37.0147 7980 atikmdag - ok
    21:39:37.0273 7980 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    21:39:37.0284 7980 b06bdrv - ok
    21:39:37.0396 7980 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    21:39:37.0403 7980 b57nd60a - ok
    21:39:37.0435 7980 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    21:39:37.0439 7980 Beep - ok
    21:39:37.0568 7980 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    21:39:37.0578 7980 blbdrive - ok
    21:39:37.0615 7980 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    21:39:37.0665 7980 bowser - ok
    21:39:37.0758 7980 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    21:39:37.0767 7980 BrFiltLo - ok
    21:39:37.0778 7980 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    21:39:37.0786 7980 BrFiltUp - ok
    21:39:37.0810 7980 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    21:39:37.0819 7980 Brserid - ok
    21:39:37.0847 7980 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    21:39:37.0852 7980 BrSerWdm - ok
    21:39:37.0931 7980 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    21:39:37.0935 7980 BrUsbMdm - ok
    21:39:37.0942 7980 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    21:39:37.0946 7980 BrUsbSer - ok
    21:39:37.0964 7980 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    21:39:37.0967 7980 BTHMODEM - ok
    21:39:37.0998 7980 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    21:39:38.0003 7980 cdfs - ok
    21:39:38.0107 7980 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    21:39:38.0164 7980 cdrom - ok
    21:39:38.0290 7980 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
    21:39:38.0331 7980 cfwids - ok
    21:39:38.0426 7980 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    21:39:38.0429 7980 circlass - ok
    21:39:38.0476 7980 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    21:39:38.0487 7980 CLFS - ok
    21:39:38.0657 7980 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    21:39:38.0663 7980 CmBatt - ok
    21:39:38.0707 7980 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    21:39:38.0710 7980 cmdide - ok
    21:39:38.0807 7980 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    21:39:38.0864 7980 CNG - ok
    21:39:38.0979 7980 CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\Windows\system32\drivers\CHDRT64.sys
    21:39:39.0030 7980 CnxtHdAudService - ok
    21:39:39.0192 7980 CnxtHdmiAudService (89c99ab4ae9535f727791592d84d4821) C:\Windows\system32\drivers\CHDMI64.sys
    21:39:39.0256 7980 CnxtHdmiAudService - ok
    21:39:39.0365 7980 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    21:39:39.0370 7980 Compbatt - ok
    21:39:39.0412 7980 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    21:39:39.0472 7980 CompositeBus - ok
    21:39:39.0576 7980 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    21:39:39.0580 7980 crcdisk - ok
    21:39:39.0665 7980 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    21:39:39.0740 7980 DfsC - ok
    21:39:39.0833 7980 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    21:39:39.0837 7980 discache - ok
    21:39:39.0867 7980 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    21:39:39.0873 7980 Disk - ok
    21:39:39.0986 7980 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    21:39:39.0995 7980 drmkaud - ok
    21:39:40.0103 7980 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    21:39:40.0166 7980 DXGKrnl - ok
    21:39:40.0323 7980 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    21:39:40.0428 7980 ebdrv - ok
    21:39:40.0535 7980 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    21:39:40.0545 7980 elxstor - ok
    21:39:40.0598 7980 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    21:39:40.0602 7980 ErrDev - ok
    21:39:40.0693 7980 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    21:39:40.0705 7980 exfat - ok
    21:39:40.0739 7980 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    21:39:40.0747 7980 fastfat - ok
    21:39:40.0830 7980 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    21:39:40.0836 7980 fdc - ok
    21:39:40.0887 7980 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    21:39:40.0892 7980 FileInfo - ok
    21:39:40.0903 7980 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    21:39:40.0908 7980 Filetrace - ok
    21:39:40.0929 7980 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    21:39:40.0934 7980 flpydisk - ok
    21:39:41.0032 7980 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    21:39:41.0080 7980 FltMgr - ok
    21:39:41.0119 7980 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    21:39:41.0123 7980 FsDepends - ok
    21:39:41.0177 7980 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    21:39:41.0181 7980 Fs_Rec - ok
    21:39:41.0241 7980 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    21:39:41.0299 7980 fvevol - ok
    21:39:41.0403 7980 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\Windows\system32\DRIVERS\FwLnk.sys
    21:39:41.0442 7980 FwLnk - ok
    21:39:41.0477 7980 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    21:39:41.0482 7980 gagp30kx - ok
    21:39:41.0497 7980 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    21:39:41.0501 7980 hcw85cir - ok
    21:39:41.0594 7980 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    21:39:41.0652 7980 HdAudAddService - ok
    21:39:41.0677 7980 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    21:39:41.0678 7980 HDAudBus - ok
    21:39:41.0704 7980 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    21:39:41.0740 7980 HECIx64 - ok
    21:39:41.0832 7980 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    21:39:41.0837 7980 HidBatt - ok
    21:39:41.0850 7980 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    21:39:41.0856 7980 HidBth - ok
    21:39:41.0888 7980 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    21:39:41.0894 7980 HidIr - ok
    21:39:41.0985 7980 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    21:39:42.0042 7980 HidUsb - ok
    21:39:42.0119 7980 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    21:39:42.0164 7980 HpSAMD - ok
    21:39:42.0247 7980 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    21:39:42.0308 7980 HTTP - ok
    21:39:42.0398 7980 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    21:39:42.0439 7980 hwpolicy - ok
    21:39:42.0474 7980 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    21:39:42.0481 7980 i8042prt - ok
    21:39:42.0520 7980 iaStor (85977cd13fc16069ce0af7943a811775) C:\Windows\system32\DRIVERS\iaStor.sys
    21:39:42.0524 7980 iaStor - ok
    21:39:42.0627 7980 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    21:39:42.0722 7980 iaStorV - ok
    21:39:42.0754 7980 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    21:39:42.0759 7980 iirsp - ok
    21:39:42.0879 7980 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
    21:39:42.0945 7980 Impcd - ok
    21:39:42.0981 7980 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    21:39:42.0984 7980 intelide - ok
    21:39:43.0015 7980 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    21:39:43.0016 7980 intelppm - ok
    21:39:43.0110 7980 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:39:43.0157 7980 IpFilterDriver - ok
    21:39:43.0201 7980 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    21:39:43.0244 7980 IPMIDRV - ok
    21:39:43.0331 7980 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    21:39:43.0333 7980 IPNAT - ok
    21:39:43.0363 7980 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    21:39:43.0368 7980 IRENUM - ok
    21:39:43.0407 7980 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    21:39:43.0412 7980 isapnp - ok
    21:39:43.0496 7980 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    21:39:43.0560 7980 iScsiPrt - ok
    21:39:43.0586 7980 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    21:39:43.0591 7980 kbdclass - ok
    21:39:43.0695 7980 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    21:39:43.0752 7980 kbdhid - ok
    21:39:43.0835 7980 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    21:39:43.0878 7980 KSecDD - ok
    21:39:43.0982 7980 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    21:39:44.0026 7980 KSecPkg - ok
    21:39:44.0077 7980 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    21:39:44.0081 7980 ksthunk - ok
    21:39:44.0194 7980 L1C (655a5d8e80869781cce23760ada7e695) C:\Windows\system32\DRIVERS\L1C62x64.sys
    21:39:44.0253 7980 L1C - ok
    21:39:44.0298 7980 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    21:39:44.0303 7980 lltdio - ok
    21:39:44.0409 7980 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    21:39:44.0416 7980 LSI_FC - ok
    21:39:44.0429 7980 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    21:39:44.0433 7980 LSI_SAS - ok
    21:39:44.0441 7980 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    21:39:44.0445 7980 LSI_SAS2 - ok
    21:39:44.0455 7980 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    21:39:44.0460 7980 LSI_SCSI - ok
    21:39:44.0489 7980 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    21:39:44.0492 7980 luafv - ok
    21:39:44.0654 7980 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    21:39:44.0660 7980 megasas - ok
    21:39:44.0686 7980 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    21:39:44.0695 7980 MegaSR - ok
    21:39:44.0763 7980 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
    21:39:44.0765 7980 mfeapfk - ok
    21:39:44.0849 7980 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
    21:39:44.0910 7980 mfeavfk - ok
    21:39:45.0016 7980 mfeavfk01 - ok
    21:39:45.0082 7980 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
    21:39:45.0141 7980 mfefirek - ok
    21:39:45.0268 7980 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
    21:39:45.0321 7980 mfehidk - ok
    21:39:45.0413 7980 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
    21:39:45.0454 7980 mfenlfk - ok
    21:39:45.0500 7980 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
    21:39:45.0548 7980 mferkdet - ok
    21:39:45.0636 7980 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
    21:39:45.0696 7980 mfewfpk - ok
    21:39:45.0749 7980 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    21:39:45.0752 7980 Modem - ok
    21:39:45.0848 7980 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    21:39:45.0849 7980 monitor - ok
    21:39:45.0899 7980 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    21:39:45.0903 7980 mouclass - ok
    21:39:46.0015 7980 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    21:39:46.0019 7980 mouhid - ok
    21:39:46.0077 7980 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    21:39:46.0126 7980 mountmgr - ok
    21:39:46.0232 7980 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    21:39:46.0324 7980 mpio - ok
    21:39:46.0360 7980 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    21:39:46.0366 7980 mpsdrv - ok
    21:39:46.0464 7980 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    21:39:46.0514 7980 MRxDAV - ok
    21:39:46.0554 7980 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:39:46.0628 7980 mrxsmb - ok
    21:39:46.0725 7980 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:39:46.0773 7980 mrxsmb10 - ok
    21:39:46.0793 7980 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:39:46.0831 7980 mrxsmb20 - ok
    21:39:46.0871 7980 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    21:39:46.0929 7980 msahci - ok
    21:39:47.0030 7980 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    21:39:47.0084 7980 msdsm - ok
    21:39:47.0127 7980 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    21:39:47.0150 7980 Msfs - ok
    21:39:47.0177 7980 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    21:39:47.0183 7980 mshidkmdf - ok
    21:39:47.0274 7980 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    21:39:47.0278 7980 msisadrv - ok
    21:39:47.0312 7980 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    21:39:47.0319 7980 MSKSSRV - ok
    21:39:47.0350 7980 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    21:39:47.0355 7980 MSPCLOCK - ok
    21:39:47.0439 7980 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    21:39:47.0442 7980 MSPQM - ok
    21:39:47.0503 7980 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    21:39:47.0537 7980 MsRPC - ok
    21:39:47.0573 7980 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    21:39:47.0573 7980 mssmbios - ok
    21:39:47.0662 7980 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    21:39:47.0668 7980 MSTEE - ok
    21:39:47.0677 7980 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    21:39:47.0685 7980 MTConfig - ok
    21:39:47.0706 7980 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    21:39:47.0711 7980 Mup - ok
    21:39:47.0729 7980 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS
    wifi.sys
    21:39:47.0737 7980 NativeWifiP - ok
    21:39:47.0795 7980 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers
    dis.sys
    21:39:47.0801 7980 NDIS - ok
    21:39:47.0888 7980 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS
    discap.sys
    21:39:47.0897 7980 NdisCap - ok
    21:39:47.0961 7980 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS
    distapi.sys
    21:39:47.0963 7980 NdisTapi - ok
    21:39:48.0015 7980 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS
    disuio.sys
    21:39:48.0087 7980 Ndisuio - ok
    21:39:48.0192 7980 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS
    diswan.sys
    21:39:48.0253 7980 NdisWan - ok
    21:39:48.0289 7980 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    21:39:48.0331 7980 NDProxy - ok
    21:39:48.0418 7980 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS
    etbios.sys
    21:39:48.0425 7980 NetBIOS - ok
    21:39:48.0472 7980 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS
    etbt.sys
    21:39:48.0524 7980 NetBT - ok
    21:39:48.0636 7980 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS
    frd960.sys
    21:39:48.0640 7980 nfrd960 - ok
    21:39:48.0662 7980 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    21:39:48.0666 7980 Npfs - ok
    21:39:48.0675 7980 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers
    siproxy.sys
    21:39:48.0679 7980 nsiproxy - ok
    21:39:48.0737 7980 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    21:39:48.0791 7980 Ntfs - ok
    21:39:48.0882 7980 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    21:39:48.0887 7980 Null - ok
    21:39:48.0918 7980 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers
    vraid.sys
    21:39:48.0960 7980 nvraid - ok
    21:39:48.0978 7980 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers
    vstor.sys
    21:39:49.0015 7980 nvstor - ok
    21:39:49.0111 7980 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers
    v_agp.sys
    21:39:49.0132 7980 nv_agp - ok
    21:39:49.0163 7980 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    21:39:49.0169 7980 ohci1394 - ok
    21:39:49.0291 7980 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    21:39:49.0299 7980 Parport - ok
    21:39:49.0343 7980 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    21:39:49.0409 7980 partmgr - ok
    21:39:49.0516 7980 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    21:39:49.0519 7980 pci - ok
    21:39:49.0554 7980 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    21:39:49.0561 7980 pciide - ok
    21:39:49.0655 7980 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    21:39:49.0663 7980 pcmcia - ok
    21:39:49.0683 7980 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    21:39:49.0688 7980 pcw - ok
    21:39:49.0707 7980 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    21:39:49.0725 7980 PEAUTH - ok
    21:39:49.0830 7980 PGEffect (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys
    21:39:49.0900 7980 PGEffect - ok
    21:39:50.0020 7980 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    21:39:50.0066 7980 PptpMiniport - ok
    21:39:50.0087 7980 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    21:39:50.0091 7980 Processor - ok
    21:39:50.0179 7980 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    21:39:50.0180 7980 Psched - ok
    21:39:50.0302 7980 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    21:39:50.0323 7980 ql2300 - ok
    21:39:50.0417 7980 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    21:39:50.0421 7980 ql40xx - ok
    21:39:50.0442 7980 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    21:39:50.0446 7980 QWAVEdrv - ok
    21:39:50.0455 7980 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    21:39:50.0459 7980 RasAcd - ok
    21:39:50.0511 7980 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    21:39:50.0514 7980 RasAgileVpn - ok
    21:39:50.0610 7980 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:39:50.0652 7980 Rasl2tp - ok
    21:39:50.0695 7980 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    21:39:50.0701 7980 RasPppoe - ok
    21:39:50.0772 7980 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    21:39:50.0778 7980 RasSstp - ok
    21:39:50.0816 7980 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    21:39:50.0870 7980 rdbss - ok
    21:39:50.0904 7980 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    21:39:50.0909 7980 rdpbus - ok
    21:39:51.0009 7980 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:39:51.0013 7980 RDPCDD - ok
    21:39:51.0035 7980 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    21:39:51.0040 7980 RDPENCDD - ok
    21:39:51.0064 7980 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    21:39:51.0067 7980 RDPREFMP - ok
    21:39:51.0102 7980 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    21:39:51.0149 7980 RDPWD - ok
    21:39:51.0252 7980 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    21:39:51.0301 7980 rdyboost - ok
    21:39:51.0341 7980 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    21:39:51.0345 7980 rspndr - ok
    21:39:51.0396 7980 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
    21:39:51.0399 7980 RSUSBSTOR - ok
    21:39:51.0512 7980 rtl8192se (7475548b0ba58eba4d12414fc9e9dfe6) C:\Windows\system32\DRIVERS\rtl8192se.sys
    21:39:51.0568 7980 rtl8192se - ok
    21:39:51.0638 7980 SbieDrv (742112ce7abb11dc17a561b4291be9c6) C:\Program Files\Sandboxie\SbieDrv.sys
    21:39:51.0700 7980 SbieDrv - ok
    21:39:51.0791 7980 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    21:39:51.0876 7980 sbp2port - ok
    21:39:51.0911 7980 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    21:39:51.0953 7980 scfilter - ok
    21:39:51.0986 7980 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    21:39:51.0989 7980 secdrv - ok
    21:39:52.0070 7980 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    21:39:52.0074 7980 Serenum - ok
    21:39:52.0086 7980 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    21:39:52.0090 7980 Serial - ok
    21:39:52.0118 7980 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    21:39:52.0122 7980 sermouse - ok
    21:39:52.0164 7980 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    21:39:52.0187 7980 sffdisk - ok
    21:39:52.0279 7980 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    21:39:52.0286 7980 sffp_mmc - ok
    21:39:52.0301 7980 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    21:39:52.0360 7980 sffp_sd - ok
    21:39:52.0407 7980 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    21:39:52.0411 7980 sfloppy - ok
    21:39:52.0503 7980 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    21:39:52.0511 7980 SiSRaid2 - ok
    21:39:52.0521 7980 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    21:39:52.0529 7980 SiSRaid4 - ok
    21:39:52.0550 7980 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    21:39:52.0556 7980 Smb - ok
    21:39:52.0586 7980 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    21:39:52.0590 7980 spldr - ok
    21:39:52.0627 7980 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    21:39:52.0668 7980 srv - ok
    21:39:52.0765 7980 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    21:39:52.0820 7980 srv2 - ok
    21:39:52.0834 7980 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    21:39:52.0892 7980 srvnet - ok
    21:39:52.0995 7980 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    21:39:53.0001 7980 stexstor - ok
    21:39:53.0053 7980 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    21:39:53.0059 7980 swenum - ok
    21:39:53.0180 7980 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\Windows\system32\DRIVERS\SynTP.sys
    21:39:53.0226 7980 SynTP - ok
    21:39:53.0323 7980 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    21:39:53.0380 7980 Tcpip - ok
    21:39:53.0531 7980 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    21:39:53.0548 7980 TCPIP6 - ok
    21:39:53.0635 7980 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    21:39:53.0710 7980 tcpipreg - ok
    21:39:53.0755 7980 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
    21:39:53.0794 7980 tdcmdpst - ok
    21:39:53.0882 7980 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    21:39:53.0888 7980 TDPIPE - ok
    21:39:53.0897 7980 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    21:39:53.0901 7980 TDTCP - ok
    21:39:53.0945 7980 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    21:39:53.0987 7980 tdx - ok
    21:39:54.0101 7980 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    21:39:54.0133 7980 TermDD - ok
    21:39:54.0269 7980 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:39:54.0317 7980 tssecsrv - ok
    21:39:54.0385 7980 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    21:39:54.0441 7980 TsUsbFlt - ok
    21:39:54.0562 7980 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    21:39:54.0564 7980 tunnel - ok
    21:39:54.0603 7980 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
    21:39:54.0662 7980 TVALZ - ok
    21:39:54.0754 7980 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys
    21:39:54.0808 7980 TVALZFL - ok
    21:39:54.0837 7980 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    21:39:54.0841 7980 uagp35 - ok
    21:39:54.0936 7980 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    21:39:54.0981 7980 udfs - ok
    21:39:55.0036 7980 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    21:39:55.0040 7980 uliagpkx - ok
    21:39:55.0149 7980 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    21:39:55.0194 7980 umbus - ok
    21:39:55.0226 7980 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    21:39:55.0229 7980 UmPass - ok
    21:39:55.0331 7980 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    21:39:55.0386 7980 usbccgp - ok
    21:39:55.0423 7980 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    21:39:55.0428 7980 usbcir - ok
    21:39:55.0455 7980 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    21:39:55.0511 7980 usbehci - ok
    21:39:55.0628 7980 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    21:39:55.0681 7980 usbhub - ok
    21:39:55.0699 7980 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    21:39:55.0759 7980 usbohci - ok
    21:39:55.0801 7980 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    21:39:55.0805 7980 usbprint - ok
    21:39:55.0909 7980 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:39:55.0966 7980 USBSTOR - ok
    21:39:55.0995 7980 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    21:39:56.0035 7980 usbuhci - ok
    21:39:56.0102 7980 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    21:39:56.0141 7980 usbvideo - ok
    21:39:56.0259 7980 VBoxDrv (c40fecb0bd5da4e40690ef9ae4558a8c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
    21:39:56.0321 7980 VBoxDrv - ok
    21:39:56.0422 7980 VBoxNetAdp (b3fc2d5f35e05e12c28f786c140d1cbd) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
    21:39:56.0478 7980 VBoxNetAdp - ok
    21:39:56.0503 7980 VBoxNetFlt (91ef7f61587323cb1658fe919d091ec3) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
    21:39:56.0544 7980 VBoxNetFlt - ok
    21:39:56.0585 7980 VBoxUSB (ceb09d7c50f047aa457212188d28fc28) C:\Windows\system32\Drivers\VBoxUSB.sys
    21:39:56.0626 7980 VBoxUSB - ok
    21:39:56.0750 7980 VBoxUSBMon (cf8b6507670127041ca78ef82c56ee45) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
    21:39:56.0803 7980 VBoxUSBMon - ok
    21:39:56.0852 7980 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    21:39:56.0857 7980 vdrvroot - ok
    21:39:56.0968 7980 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    21:39:56.0973 7980 vga - ok
    21:39:56.0994 7980 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    21:39:57.0001 7980 VgaSave - ok
    21:39:57.0047 7980 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    21:39:57.0106 7980 vhdmp - ok
    21:39:57.0178 7980 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    21:39:57.0185 7980 viaide - ok
    21:39:57.0214 7980 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    21:39:57.0259 7980 volmgr - ok
    21:39:57.0294 7980 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    21:39:57.0340 7980 volmgrx - ok
    21:39:57.0374 7980 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    21:39:57.0414 7980 volsnap - ok
    21:39:57.0524 7980 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    21:39:57.0536 7980 vsmraid - ok
    21:39:57.0585 7980 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    21:39:57.0588 7980 vwifibus - ok
    21:39:57.0696 7980 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    21:39:57.0704 7980 vwififlt - ok
    21:39:57.0724 7980 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    21:39:57.0731 7980 vwifimp - ok
    21:39:57.0790 7980 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    21:39:57.0798 7980 WacomPen - ok
    21:39:57.0939 7980 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    21:39:57.0985 7980 WANARP - ok
    21:39:58.0002 7980 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    21:39:58.0003 7980 Wanarpv6 - ok
    21:39:58.0099 7980 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    21:39:58.0109 7980 Wd - ok
    21:39:58.0137 7980 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    21:39:58.0152 7980 Wdf01000 - ok
    21:39:58.0260 7980 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    21:39:58.0263 7980 WfpLwf - ok
    21:39:58.0281 7980 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    21:39:58.0284 7980 WIMMount - ok
    21:39:58.0408 7980 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    21:39:58.0413 7980 WmiAcpi - ok
    21:39:58.0456 7980 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    21:39:58.0456 7980 ws2ifsl - ok
    21:39:58.0496 7980 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    21:39:58.0542 7980 WudfPf - ok
    21:39:58.0642 7980 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:39:58.0694 7980 WUDFRd - ok
    21:39:58.0752 7980 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    21:39:58.0768 7980 \Device\Harddisk0\DR0 - ok
    21:39:58.0786 7980 Boot (0x1200) (04740ece94bd3eca8ab715fb831edd5a) \Device\Harddisk0\DR0\Partition0
    21:39:58.0787 7980 \Device\Harddisk0\DR0\Partition0 - ok
    21:39:58.0806 7980 Boot (0x1200) (94fa0d90c10f2c47b3524e6dab3948a5) \Device\Harddisk0\DR0\Partition1
    21:39:58.0807 7980 \Device\Harddisk0\DR0\Partition1 - ok
    21:39:58.0808 7980 ============================================================
    21:39:58.0808 7980 Scan finished
    21:39:58.0808 7980 ============================================================
    21:39:58.0820 3384 Detected object count: 0
    21:39:58.0820 3384 Actual detected object count: 0








    Combofix Log

    ComboFix 11-11-17.03 - Nico 17-11-2011 22:03:48.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3959.2624 [GMT 1:00]
    Gestart vanuit: d:\gebruikers\Nico\Downloads\ComboFix.exe
    AV: McAfeeAntivirus en antispyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfeeFirewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfeeAntivirus en antispyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\slwga.dll . . . . konden niet verwijderd worden
    c:\windows\system32\srrstr.dll . . . . konden niet verwijderd worden
    c:\windows\system32\systemcpl.dll . . . . konden niet verwijderd worden
    c:\windows\system32\termsrv.dll . . . . konden niet verwijderd worden
    c:\windows\SysWow64\odbcad32.exe
    .
    —– File Replicators —–
    .
    c:\windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe
    c:\windows\Installer\{04B9F1A8-CC3B-CCF8-71B6-1ABFE4E00590}\ARPPRODUCTICON.exe
    c:\windows\Installer\{04DE4606-6C76-A25C-BD13-646479CE1A5C}\ARPPRODUCTICON.exe
    c:\windows\Installer\{058E65E2-AFC2-8974-43A2-1EA5A4A53471}\ARPPRODUCTICON.exe
    c:\windows\Installer\{06A81056-303F-A212-191D-35310DE5759F}\ARPPRODUCTICON.exe
    c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
    c:\windows\Installer\{0AA381AC-7BBB-5B29-836C-5E13BB91154A}\ARPPRODUCTICON.exe
    c:\windows\Installer\{0DDCEDBA-8C17-CC50-7448-9131F3EF7517}\ARPPRODUCTICON.exe
    c:\windows\Installer\{162E46EB-F7C6-4B01-2384-349980B3F1BF}\ARPPRODUCTICON.exe
    c:\windows\Installer\{16622EEF-D159-3EB8-0EE3-F01B98317CED}\ARPPRODUCTICON.exe
    c:\windows\Installer\{1C0526C4-478A-9066-F37A-E58F08A21FE9}\ARPPRODUCTICON.exe
    c:\windows\Installer\{1E9FC118-651D-4934-97BE-E53CAE5C7D45}\ARPPRODUCTICON.exe
    c:\windows\Installer\{1F1E9571-0EA2-7AA3-647B-16698BED9CF4}\ARPPRODUCTICON.exe
    c:\windows\Installer\{1FDB8BA3-9E5F-369F-C2A2-AA4AD06F0640}\ARPPRODUCTICON.exe
    c:\windows\Installer\{24642C6B-1F1F-362F-6A7F-14C75C9EE603}\ARPPRODUCTICON.exe
    c:\windows\Installer\{313B4B6B-61B3-5F70-647B-E6285A9D81DF}\ARPPRODUCTICON.exe
    c:\windows\Installer\{3264BE02-6AC0-96B3-A212-392A850D58CA}\ARPPRODUCTICON.exe
    c:\windows\Installer\{3CB58AB7-6750-F510-F055-27FA68D77472}\ARPPRODUCTICON.exe
    c:\windows\Installer\{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}\ARPPRODUCTICON.exe
    c:\windows\Installer\{53007195-C491-23E9-D420-EDAB61E57609}\ARPPRODUCTICON.exe
    c:\windows\Installer\{5833EB1F-F1FD-DA8E-B2BA-C23E58BB0C65}\ARPPRODUCTICON.exe
    c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe
    c:\windows\Installer\{68A8941B-6E97-B11C-1B10-C3370E4CC885}\ARPPRODUCTICON.exe
    c:\windows\Installer\{6B59A12B-D448-E129-28E9-57D1E2E5F7BB}\ARPPRODUCTICON.exe
    c:\windows\Installer\{6CDB6681-B777-4DAD-412E-7933B9296850}\ARPPRODUCTICON.exe
    c:\windows\Installer\{7B81F6BB-7C9C-E66F-9989-42EEB1076F84}\ARPPRODUCTICON.exe
    c:\windows\Installer\{85010422-4932-6A9E-C222-A994DA299C81}\ARPPRODUCTICON.exe
    c:\windows\Installer\{8557397C-A42D-486F-97B3-A2CBC2372593}\ARPPRODUCTICON.exe
    c:\windows\Installer\{89505FE0-A07E-928A-42F4-DA1B2788C01B}\ARPPRODUCTICON.exe
    c:\windows\Installer\{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}\ARPPRODUCTICON.exe
    c:\windows\Installer\{90BF0360-A1DB-4599-A643-95AB90A52C1E}\ARPPRODUCTICON.exe
    c:\windows\Installer\{925D058B-564A-443A-B4B2-7E90C6432E55}\ARPPRODUCTICON.exe
    c:\windows\Installer\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}\ARPPRODUCTICON.exe
    c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe
    c:\windows\Installer\{9A9BE8E5-2263-3EFA-FDD1-11F6E267EEF9}\ARPPRODUCTICON.exe
    c:\windows\Installer\{9C6210BC-CF1C-E637-C74D-28612585CAD9}\ARPPRODUCTICON.exe
    c:\windows\Installer\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}\ARPPRODUCTICON.exe
    c:\windows\Installer\{AFE6E077-E0A3-2993-0913-8DEEADF4E2DE}\ARPPRODUCTICON.exe
    c:\windows\Installer\{B6D38690-755E-4F40-A35A-23F8BC2B86AC}\ARPPRODUCTICON.exe
    c:\windows\Installer\{BA28817B-738A-9284-D3D6-E973982AEF3B}\ARPPRODUCTICON.exe
    c:\windows\Installer\{C58362EF-CABB-B475-065B-FD07C0D49770}\ARPPRODUCTICON.exe
    c:\windows\Installer\{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}\ARPPRODUCTICON.exe
    c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe
    c:\windows\Installer\{D432AD16-2F8C-0022-E2F1-E27DCB5F6949}\ARPPRODUCTICON.exe
    c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe
    c:\windows\Installer\{E616437B-CE55-B463-ED6B-408E29A073CB}\ARPPRODUCTICON.exe
    c:\windows\Installer\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}\ARPPRODUCTICON.exe
    c:\windows\Installer\{E718AAF4-CB80-9649-347E-C9A9803BE6D0}\ARPPRODUCTICON.exe
    c:\windows\Installer\{F5EB2C27-3F16-01B6-BA56-316BC0F8CA87}\ARPPRODUCTICON.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-10-17 to 2011-11-17 ))))))))))))))))))))))))))))))
    .
    .
    2011-11-17 21:11 . 2011-11-17 21:11 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-11-17 15:51 . 2011-11-17 15:51 388096 —-a-r- c:\users\Nico\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-16 13:57 . 2011-11-16 13:57 ——– d—–w- c:\users\Nico\AppData\Roaming\Malwarebytes
    2011-11-16 13:56 . 2011-11-16 13:56 ——– d—–w- c:\programdata\Malwarebytes
    2011-11-16 13:56 . 2011-11-16 13:56 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-11-16 13:56 . 2011-08-31 16:00 25416 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-15 15:39 . 2011-10-07 04:16 8570192 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC9FF7C7-644A-4139-9B41-D6E1D040E242}\mpengine.dll
    2011-11-09 18:30 . 2011-10-01 05:45 886784 —-a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-09 18:30 . 2011-10-01 04:37 708608 —-a-w- c:\program files (x86)\Common Files\System\wab32.dll
    2011-11-09 18:30 . 2011-09-29 16:29 1923952 —-a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 18:30 . 2011-09-29 04:03 3144704 —-a-w- c:\windows\system32\win32k.sys
    2011-11-09 17:44 . 2011-11-17 19:33 ——– d—–w- c:\users\Nico\AppData\Local\PokerStars
    2011-11-09 17:43 . 2011-11-09 17:53 ——– d—–w- c:\program files (x86)\PokerStars
    2011-10-23 12:30 . 2011-10-23 12:30 8192 —-a-w- c:\windows\SysWow64\srvany.exe
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-18 13:32 . 2011-08-27 13:31 161168 —-a-w- c:\windows\system32\mfevtps.exe
    2011-10-15 12:16 . 2011-08-27 13:32 10248 —-a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-10-15 12:16 . 2011-08-27 13:31 75808 —-a-w- c:\windows\system32\drivers\mfenlfk.sys
    2011-10-15 12:16 . 2011-08-27 13:31 65264 —-a-w- c:\windows\system32\drivers\cfwids.sys
    2011-10-15 12:16 . 2011-08-27 13:31 647080 —-a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-10-15 12:16 . 2011-08-27 13:31 481768 —-a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-10-15 12:16 . 2011-08-27 13:31 284648 —-a-w- c:\windows\system32\drivers\mfewfpk.sys
    2011-10-15 12:16 . 2011-08-27 13:31 229528 —-a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-10-15 12:16 . 2011-08-27 13:31 160280 —-a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-10-15 12:16 . 2011-08-27 13:31 100912 —-a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-10-15 10:54 . 2011-09-12 13:53 414368 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-09-01 05:24 . 2011-10-13 20:59 2309120 —-a-w- c:\windows\system32\jscript9.dll
    2011-09-01 05:17 . 2011-10-13 20:59 1389056 —-a-w- c:\windows\system32\wininet.dll
    2011-09-01 05:12 . 2011-10-13 21:00 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-09-01 02:35 . 2011-10-13 20:59 1798144 —-a-w- c:\windows\SysWow64\jscript9.dll
    2011-09-01 02:28 . 2011-10-13 20:59 1126912 —-a-w- c:\windows\SysWow64\wininet.dll
    2011-09-01 02:22 . 2011-10-13 21:00 2382848 —-a-w- c:\windows\SysWow64\mshtml.tlb
    2011-08-28 11:22 . 2009-07-14 02:36 175616 —-a-w- c:\windows\system32\msclmd.dll
    2011-08-28 11:22 . 2009-07-14 02:36 152576 —-a-w- c:\windows\SysWow64\msclmd.dll
    2011-08-27 13:28 . 2011-08-27 13:28 86528 —-a-w- c:\windows\SysWow64\iesysprep.dll
    2011-08-27 13:28 . 2011-08-27 13:28 76800 —-a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-08-27 13:28 . 2011-08-27 13:28 74752 —-a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-08-27 13:28 . 2011-08-27 13:28 74752 —-a-w- c:\windows\SysWow64\iesetup.dll
    2011-08-27 13:28 . 2011-08-27 13:28 63488 —-a-w- c:\windows\SysWow64\tdc.ocx
    2011-08-27 13:28 . 2011-08-27 13:28 48640 —-a-w- c:\windows\SysWow64\mshtmler.dll
    2011-08-27 13:28 . 2011-08-27 13:28 420864 —-a-w- c:\windows\SysWow64\vbscript.dll
    2011-08-27 13:28 . 2011-08-27 13:28 367104 —-a-w- c:\windows\SysWow64\html.iec
    2011-08-27 13:28 . 2011-08-27 13:28 35840 —-a-w- c:\windows\SysWow64\imgutil.dll
    2011-08-27 13:28 . 2011-08-27 13:28 23552 —-a-w- c:\windows\SysWow64\licmgr10.dll
    2011-08-27 13:28 . 2011-08-27 13:28 161792 —-a-w- c:\windows\SysWow64\msls31.dll
    2011-08-27 13:28 . 2011-08-27 13:28 152064 —-a-w- c:\windows\SysWow64\wextract.exe
    2011-08-27 13:28 . 2011-08-27 13:28 150528 —-a-w- c:\windows\SysWow64\iexpress.exe
    2011-08-27 13:28 . 2011-08-27 13:28 142848 —-a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-08-27 13:28 . 2011-08-27 13:28 1427456 —-a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-08-27 13:28 . 2011-08-27 13:28 11776 —-a-w- c:\windows\SysWow64\mshta.exe
    2011-08-27 13:28 . 2011-08-27 13:28 110592 —-a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-08-27 13:28 . 2011-08-27 13:28 101888 —-a-w- c:\windows\SysWow64\admparse.dll
    2011-08-27 13:28 . 2011-08-27 13:28 91648 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-08-27 13:28 . 2011-08-27 13:28 89088 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-08-27 13:28 . 2011-08-27 13:28 85504 —-a-w- c:\windows\system32\iesetup.dll
    2011-08-27 13:28 . 2011-08-27 13:28 76800 —-a-w- c:\windows\system32\tdc.ocx
    2011-08-27 13:28 . 2011-08-27 13:28 603648 —-a-w- c:\windows\system32\vbscript.dll
    2011-08-27 13:28 . 2011-08-27 13:28 49664 —-a-w- c:\windows\system32\imgutil.dll
    2011-08-27 13:28 . 2011-08-27 13:28 48640 —-a-w- c:\windows\system32\mshtmler.dll
    2011-08-27 13:28 . 2011-08-27 13:28 448512 —-a-w- c:\windows\system32\html.iec
    2011-08-27 13:28 . 2011-08-27 13:28 30720 —-a-w- c:\windows\system32\licmgr10.dll
    2011-08-27 13:28 . 2011-08-27 13:28 222208 —-a-w- c:\windows\system32\msls31.dll
    2011-08-27 13:28 . 2011-08-27 13:28 173056 —-a-w- c:\windows\system32\ieUnatt.exe
    2011-08-27 13:28 . 2011-08-27 13:28 165888 —-a-w- c:\windows\system32\iexpress.exe
    2011-08-27 13:28 . 2011-08-27 13:28 160256 —-a-w- c:\windows\system32\wextract.exe
    2011-08-27 13:28 . 2011-08-27 13:28 1492992 —-a-w- c:\windows\system32\inetcpl.cpl
    2011-08-27 13:28 . 2011-08-27 13:28 135168 —-a-w- c:\windows\system32\IEAdvpack.dll
    2011-08-27 13:28 . 2011-08-27 13:28 12288 —-a-w- c:\windows\system32\mshta.exe
    2011-08-27 13:28 . 2011-08-27 13:28 114176 —-a-w- c:\windows\system32\admparse.dll
    2011-08-27 13:28 . 2011-08-27 13:28 111616 —-a-w- c:\windows\system32\iesysprep.dll
    2011-08-27 05:37 . 2011-10-13 05:49 861696 —-a-w- c:\windows\system32\oleaut32.dll
    2011-08-27 05:37 . 2011-10-13 05:49 331776 —-a-w- c:\windows\system32\oleacc.dll
    2011-08-27 04:26 . 2011-10-13 05:49 571904 —-a-w- c:\windows\SysWow64\oleaut32.dll
    2011-08-27 04:26 . 2011-10-13 05:49 233472 —-a-w- c:\windows\SysWow64\oleacc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
    "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-08-27 638736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-26 102400]
    "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 937920]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
    R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
    S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2011-08-10 102608]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
    S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-03-17 258928]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
    S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys [x]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
    S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    — Andere Services/Drivers In Geheugen —
    .
    *Deregistered* - mfeavfk01
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2271613879-2368526444-3534850837-1000Core.job
    - c:\users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 13:31]
    .
    2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2271613879-2368526444-3534850837-1000UA.job
    - c:\users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 13:31]
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
    "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-02-11 1050072]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.nederland.fm/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
    HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
    HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
    HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ýM3]
    @Class="Shell"
    .
    [HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ýM3\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*ýM3]
    "0"=hex:46,3a,5c,4d,75,7a,69,65,6b,5c,41,76,69,63,69,69,20,2d,20,4c,65,76,65,
    6c,73,20,28,50,61,72,74,79,20,52,65,6d,69,78,29,2e,6d,70,33,00,74,00,2e,00,\
    "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @=&quo
  • Het ComboFix-log is niet compleet - schijnbaar is het laatse ervan ergens blijven hangen!

    Je kan het terugvinden in C:\combofix.txt
  • ComboFix 11-11-17.03 - Nico 17-11-2011 22:03:48.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3959.2624 [GMT 1:00]
    Gestart vanuit: d:\gebruikers\Nico\Downloads\ComboFix.exe
    AV: McAfeeAntivirus en antispyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfeeFirewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfeeAntivirus en antispyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\slwga.dll . . . . konden niet verwijderd worden
    c:\windows\system32\srrstr.dll . . . . konden niet verwijderd worden
    c:\windows\system32\systemcpl.dll . . . . konden niet verwijderd worden
    c:\windows\system32\termsrv.dll . . . . konden niet verwijderd worden
    c:\windows\SysWow64\odbcad32.exe
    .
    —– File Replicators —–
    .
    c:\windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe
    c:\windows\Installer\{04B9F1A8-CC3B-CCF8-71B6-1ABFE4E00590}\ARPPRODUCTICON.exe
    c:\windows\Installer\{04DE4606-6C76-A25C-BD13-646479CE1A5C}\ARPPRODUCTICON.exe
    c:\windows\Installer\{058E65E2-AFC2-8974-43A2-1EA5A4A53471}\ARPPRODUCTICON.exe
    c:\windows\Installer\{06A81056-303F-A212-191D-35310DE5759F}\ARPPRODUCTICON.exe
    c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
    c:\windows\Installer\{0AA381AC-7BBB-5B29-836C-5E13BB91154A}\ARPPRODUCTICON.exe
    c:\windows\Installer\{0DDCEDBA-8C17-CC50-7448-9131F3EF7517}\ARPPRODUCTICON.exe
    c:\windows\Installer\{162E46EB-F7C6-4B01-2384-349980B3F1BF}\ARPPRODUCTICON.exe
    c:\windows\Installer\{16622EEF-D159-3EB8-0EE3-F01B98317CED}\ARPPRODUCTICON.exe
    c:\windows\Installer\{1C0526C4-478A-9066-F37A-E58F08A21FE9}\ARPPRODUCTICON.exe
    c:\windows\Installer\{1E9FC118-651D-4934-97BE-E53CAE5C7D45}\ARPPRODUCTICON.exe
    c:\windows\Installer\{1F1E9571-0EA2-7AA3-647B-16698BED9CF4}\ARPPRODUCTICON.exe
    c:\windows\Installer\{1FDB8BA3-9E5F-369F-C2A2-AA4AD06F0640}\ARPPRODUCTICON.exe
    c:\windows\Installer\{24642C6B-1F1F-362F-6A7F-14C75C9EE603}\ARPPRODUCTICON.exe
    c:\windows\Installer\{313B4B6B-61B3-5F70-647B-E6285A9D81DF}\ARPPRODUCTICON.exe
    c:\windows\Installer\{3264BE02-6AC0-96B3-A212-392A850D58CA}\ARPPRODUCTICON.exe
    c:\windows\Installer\{3CB58AB7-6750-F510-F055-27FA68D77472}\ARPPRODUCTICON.exe
    c:\windows\Installer\{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}\ARPPRODUCTICON.exe
    c:\windows\Installer\{53007195-C491-23E9-D420-EDAB61E57609}\ARPPRODUCTICON.exe
    c:\windows\Installer\{5833EB1F-F1FD-DA8E-B2BA-C23E58BB0C65}\ARPPRODUCTICON.exe
    c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe
    c:\windows\Installer\{68A8941B-6E97-B11C-1B10-C3370E4CC885}\ARPPRODUCTICON.exe
    c:\windows\Installer\{6B59A12B-D448-E129-28E9-57D1E2E5F7BB}\ARPPRODUCTICON.exe
    c:\windows\Installer\{6CDB6681-B777-4DAD-412E-7933B9296850}\ARPPRODUCTICON.exe
    c:\windows\Installer\{7B81F6BB-7C9C-E66F-9989-42EEB1076F84}\ARPPRODUCTICON.exe
    c:\windows\Installer\{85010422-4932-6A9E-C222-A994DA299C81}\ARPPRODUCTICON.exe
    c:\windows\Installer\{8557397C-A42D-486F-97B3-A2CBC2372593}\ARPPRODUCTICON.exe
    c:\windows\Installer\{89505FE0-A07E-928A-42F4-DA1B2788C01B}\ARPPRODUCTICON.exe
    c:\windows\Installer\{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}\ARPPRODUCTICON.exe
    c:\windows\Installer\{90BF0360-A1DB-4599-A643-95AB90A52C1E}\ARPPRODUCTICON.exe
    c:\windows\Installer\{925D058B-564A-443A-B4B2-7E90C6432E55}\ARPPRODUCTICON.exe
    c:\windows\Installer\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}\ARPPRODUCTICON.exe
    c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe
    c:\windows\Installer\{9A9BE8E5-2263-3EFA-FDD1-11F6E267EEF9}\ARPPRODUCTICON.exe
    c:\windows\Installer\{9C6210BC-CF1C-E637-C74D-28612585CAD9}\ARPPRODUCTICON.exe
    c:\windows\Installer\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}\ARPPRODUCTICON.exe
    c:\windows\Installer\{AFE6E077-E0A3-2993-0913-8DEEADF4E2DE}\ARPPRODUCTICON.exe
    c:\windows\Installer\{B6D38690-755E-4F40-A35A-23F8BC2B86AC}\ARPPRODUCTICON.exe
    c:\windows\Installer\{BA28817B-738A-9284-D3D6-E973982AEF3B}\ARPPRODUCTICON.exe
    c:\windows\Installer\{C58362EF-CABB-B475-065B-FD07C0D49770}\ARPPRODUCTICON.exe
    c:\windows\Installer\{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}\ARPPRODUCTICON.exe
    c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe
    c:\windows\Installer\{D432AD16-2F8C-0022-E2F1-E27DCB5F6949}\ARPPRODUCTICON.exe
    c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe
    c:\windows\Installer\{E616437B-CE55-B463-ED6B-408E29A073CB}\ARPPRODUCTICON.exe
    c:\windows\Installer\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}\ARPPRODUCTICON.exe
    c:\windows\Installer\{E718AAF4-CB80-9649-347E-C9A9803BE6D0}\ARPPRODUCTICON.exe
    c:\windows\Installer\{F5EB2C27-3F16-01B6-BA56-316BC0F8CA87}\ARPPRODUCTICON.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-10-17 to 2011-11-17 ))))))))))))))))))))))))))))))
    .
    .
    2011-11-17 21:11 . 2011-11-17 21:11 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-11-17 15:51 . 2011-11-17 15:51 388096 —-a-r- c:\users\Nico\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-16 13:57 . 2011-11-16 13:57 ——– d—–w- c:\users\Nico\AppData\Roaming\Malwarebytes
    2011-11-16 13:56 . 2011-11-16 13:56 ——– d—–w- c:\programdata\Malwarebytes
    2011-11-16 13:56 . 2011-11-16 13:56 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-11-16 13:56 . 2011-08-31 16:00 25416 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-15 15:39 . 2011-10-07 04:16 8570192 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC9FF7C7-644A-4139-9B41-D6E1D040E242}\mpengine.dll
    2011-11-09 18:30 . 2011-10-01 05:45 886784 —-a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-09 18:30 . 2011-10-01 04:37 708608 —-a-w- c:\program files (x86)\Common Files\System\wab32.dll
    2011-11-09 18:30 . 2011-09-29 16:29 1923952 —-a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 18:30 . 2011-09-29 04:03 3144704 —-a-w- c:\windows\system32\win32k.sys
    2011-11-09 17:44 . 2011-11-17 19:33 ——– d—–w- c:\users\Nico\AppData\Local\PokerStars
    2011-11-09 17:43 . 2011-11-09 17:53 ——– d—–w- c:\program files (x86)\PokerStars
    2011-10-23 12:30 . 2011-10-23 12:30 8192 —-a-w- c:\windows\SysWow64\srvany.exe
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-18 13:32 . 2011-08-27 13:31 161168 —-a-w- c:\windows\system32\mfevtps.exe
    2011-10-15 12:16 . 2011-08-27 13:32 10248 —-a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-10-15 12:16 . 2011-08-27 13:31 75808 —-a-w- c:\windows\system32\drivers\mfenlfk.sys
    2011-10-15 12:16 . 2011-08-27 13:31 65264 —-a-w- c:\windows\system32\drivers\cfwids.sys
    2011-10-15 12:16 . 2011-08-27 13:31 647080 —-a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-10-15 12:16 . 2011-08-27 13:31 481768 —-a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-10-15 12:16 . 2011-08-27 13:31 284648 —-a-w- c:\windows\system32\drivers\mfewfpk.sys
    2011-10-15 12:16 . 2011-08-27 13:31 229528 —-a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-10-15 12:16 . 2011-08-27 13:31 160280 —-a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-10-15 12:16 . 2011-08-27 13:31 100912 —-a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-10-15 10:54 . 2011-09-12 13:53 414368 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-09-01 05:24 . 2011-10-13 20:59 2309120 —-a-w- c:\windows\system32\jscript9.dll
    2011-09-01 05:17 . 2011-10-13 20:59 1389056 —-a-w- c:\windows\system32\wininet.dll
    2011-09-01 05:12 . 2011-10-13 21:00 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-09-01 02:35 . 2011-10-13 20:59 1798144 —-a-w- c:\windows\SysWow64\jscript9.dll
    2011-09-01 02:28 . 2011-10-13 20:59 1126912 —-a-w- c:\windows\SysWow64\wininet.dll
    2011-09-01 02:22 . 2011-10-13 21:00 2382848 —-a-w- c:\windows\SysWow64\mshtml.tlb
    2011-08-28 11:22 . 2009-07-14 02:36 175616 —-a-w- c:\windows\system32\msclmd.dll
    2011-08-28 11:22 . 2009-07-14 02:36 152576 —-a-w- c:\windows\SysWow64\msclmd.dll
    2011-08-27 13:28 . 2011-08-27 13:28 86528 —-a-w- c:\windows\SysWow64\iesysprep.dll
    2011-08-27 13:28 . 2011-08-27 13:28 76800 —-a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-08-27 13:28 . 2011-08-27 13:28 74752 —-a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-08-27 13:28 . 2011-08-27 13:28 74752 —-a-w- c:\windows\SysWow64\iesetup.dll
    2011-08-27 13:28 . 2011-08-27 13:28 63488 —-a-w- c:\windows\SysWow64\tdc.ocx
    2011-08-27 13:28 . 2011-08-27 13:28 48640 —-a-w- c:\windows\SysWow64\mshtmler.dll
    2011-08-27 13:28 . 2011-08-27 13:28 420864 —-a-w- c:\windows\SysWow64\vbscript.dll
    2011-08-27 13:28 . 2011-08-27 13:28 367104 —-a-w- c:\windows\SysWow64\html.iec
    2011-08-27 13:28 . 2011-08-27 13:28 35840 —-a-w- c:\windows\SysWow64\imgutil.dll
    2011-08-27 13:28 . 2011-08-27 13:28 23552 —-a-w- c:\windows\SysWow64\licmgr10.dll
    2011-08-27 13:28 . 2011-08-27 13:28 161792 —-a-w- c:\windows\SysWow64\msls31.dll
    2011-08-27 13:28 . 2011-08-27 13:28 152064 —-a-w- c:\windows\SysWow64\wextract.exe
    2011-08-27 13:28 . 2011-08-27 13:28 150528 —-a-w- c:\windows\SysWow64\iexpress.exe
    2011-08-27 13:28 . 2011-08-27 13:28 142848 —-a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-08-27 13:28 . 2011-08-27 13:28 1427456 —-a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-08-27 13:28 . 2011-08-27 13:28 11776 —-a-w- c:\windows\SysWow64\mshta.exe
    2011-08-27 13:28 . 2011-08-27 13:28 110592 —-a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-08-27 13:28 . 2011-08-27 13:28 101888 —-a-w- c:\windows\SysWow64\admparse.dll
    2011-08-27 13:28 . 2011-08-27 13:28 91648 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-08-27 13:28 . 2011-08-27 13:28 89088 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-08-27 13:28 . 2011-08-27 13:28 85504 —-a-w- c:\windows\system32\iesetup.dll
    2011-08-27 13:28 . 2011-08-27 13:28 76800 —-a-w- c:\windows\system32\tdc.ocx
    2011-08-27 13:28 . 2011-08-27 13:28 603648 —-a-w- c:\windows\system32\vbscript.dll
    2011-08-27 13:28 . 2011-08-27 13:28 49664 —-a-w- c:\windows\system32\imgutil.dll
    2011-08-27 13:28 . 2011-08-27 13:28 48640 —-a-w- c:\windows\system32\mshtmler.dll
    2011-08-27 13:28 . 2011-08-27 13:28 448512 —-a-w- c:\windows\system32\html.iec
    2011-08-27 13:28 . 2011-08-27 13:28 30720 —-a-w- c:\windows\system32\licmgr10.dll
    2011-08-27 13:28 . 2011-08-27 13:28 222208 —-a-w- c:\windows\system32\msls31.dll
    2011-08-27 13:28 . 2011-08-27 13:28 173056 —-a-w- c:\windows\system32\ieUnatt.exe
    2011-08-27 13:28 . 2011-08-27 13:28 165888 —-a-w- c:\windows\system32\iexpress.exe
    2011-08-27 13:28 . 2011-08-27 13:28 160256 —-a-w- c:\windows\system32\wextract.exe
    2011-08-27 13:28 . 2011-08-27 13:28 1492992 —-a-w- c:\windows\system32\inetcpl.cpl
    2011-08-27 13:28 . 2011-08-27 13:28 135168 —-a-w- c:\windows\system32\IEAdvpack.dll
    2011-08-27 13:28 . 2011-08-27 13:28 12288 —-a-w- c:\windows\system32\mshta.exe
    2011-08-27 13:28 . 2011-08-27 13:28 114176 —-a-w- c:\windows\system32\admparse.dll
    2011-08-27 13:28 . 2011-08-27 13:28 111616 —-a-w- c:\windows\system32\iesysprep.dll
    2011-08-27 05:37 . 2011-10-13 05:49 861696 —-a-w- c:\windows\system32\oleaut32.dll
    2011-08-27 05:37 . 2011-10-13 05:49 331776 —-a-w- c:\windows\system32\oleacc.dll
    2011-08-27 04:26 . 2011-10-13 05:49 571904 —-a-w- c:\windows\SysWow64\oleaut32.dll
    2011-08-27 04:26 . 2011-10-13 05:49 233472 —-a-w- c:\windows\SysWow64\oleacc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
    "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-08-27 638736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-26 102400]
    "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 937920]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
    R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
    S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2011-08-10 102608]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
    S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-03-17 258928]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
    S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys [x]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
    S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    — Andere Services/Drivers In Geheugen —
    .
    *Deregistered* - mfeavfk01
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2271613879-2368526444-3534850837-1000Core.job
    - c:\users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 13:31]
    .
    2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2271613879-2368526444-3534850837-1000UA.job
    - c:\users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 13:31]
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
    "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-02-11 1050072]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.nederland.fm/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
    HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
    HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
    HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ýM3]
    @Class="Shell"
    .
    [HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ýM3\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*ýM3]
    "0"=hex:46,3a,5c,4d,75,7a,69,65,6b,5c,41,76,69,63,69,69,20,2d,20,4c,65,76,65,
    6c,73,20,28,50,61,72,74,79,20,52,65,6d,69,78,29,2e,6d,70,33,00,74,00,2e,00,\
    "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-11-17 22:19:19 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-11-17 21:19
    .
    Pre-Run: 114.978.451.456 bytes beschikbaar
    Post-Run: 117.780.062.208 bytes beschikbaar
    .
    - - End Of File - - 82BF197FE724904E2C82CDD90B32116C
  • Vertel hoe jouw Windows momenteel draait en waarom je een Hijack This begonnen bent?
  • Nu draait hij naar mijn doen wel goed. Sinds dat ik in mijn vorig topic werd verzocht malware scan uit te voeren, en 2 bestanden te verwijderen, heb ik geen last meer van vastlopingen van windows of iets dergelijks.

    Mijn aanleiding van dit topic staat hier: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=1467880#1467880

    Aanleiding van dit bericht:
    Tirm
    Ouwe rot

    Geregistreerd op: 27-6-2009
    Berichten: 783

    Geplaatst: do nov 17, 2011 1:30 am Onderwerp:
    ——————————————————————————–
    Plaats toch nog maar een hijackthis-log in de rubriek Beveiliging en privacy…


    Windows liep meerdere malen in korte tijd vast zowel bij afsluiten als bij actieve processen. Verder bleek McAfee toen uitgeschakeld te zijn als ik weer wou opstarten.

    Maar zoals ik begrijp is er aan deze logs niets te zien?
  • Ik zet alleen vraagtekens bij de vele vermeldingen in het log van ComboFix van
    [b:c6ddbaad47]ARPPRODUCTICON.exe [/b:c6ddbaad47]

    Het lijkt erop dat dit bestand vele malen vernieuwd is geworden!
  • Wat wil dat zeggen als iets vaak vernieuwd wordt dan?
  • Als je ARPPRODUCTICON.exe even in Google mikt, zie je info die doorgaans geruststellend klinkt, bijv. hier http://www.fixfiles.net/arpproducticon.exe.html

    Ik heb even gekeken op mijn XP-tje in de Windows-map.
    Bij mij zit ie in C:\WINDOWS\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726} en hij is 10 kb en van 21-8-2011. Op die datum heb ik Adobe Shockwave 11.6 geïnstalleerd of ge-updated, daar heeft het vermoedelijk mee te maken.

    Resultaat op Virustotal.com

    MD5: 6e42cf0d47af25dea4cecdbe093d521c
    Date first seen: 2009-02-11 13:31:45 (UTC)
    Date last seen: 2011-11-19 15:33:24 (UTC)
    Detection ratio: 0/42

    Check die van jou ook even op Virustotal.com. Een registerscan zou ik nooit doen. Daar word je mee doodgegooid op al dat soort websites. Er worden dan 5867 of zo fouten gevonden plus een betaald progje om het op te lossen….
  • Arpproduction is inderdaad gelieerd aan software welke geïnstalleerd wordt.
    Niet alleen Adobe werkt er mee, maar andere andere softwaremakers ook.
    Het is inderdaad geen spyware!
  • Onlangs heb ik weer ongeveer hetzelfde probleem gehad…

    De computer reageerde ineens heeeeel erg traag en alles begon vast te lopen. Het leek wel alsof iemand op mijn computer zat vanuit een andere computer.. Ik wou op start en opnieuw opstarten drukken maar dat lukte zelfs niet en toen even later kreeg ik zwart scherm, heb hem maar meteen van stroom afgehaald…
  • Het betreft weer de PC uit dit topic?
  • [quote:c995854fa1="Abraham54"]Het betreft weer de PC uit dit topic?[/quote:c995854fa1]

    Ja…
  • Doe dan maar het volgende:

    Download de [b:8b96eba4b7]Emsisoft Emergency Kit[/color:8b96eba4b7][/b:8b96eba4b7] naar het bureaublad en pak het [b:8b96eba4b7]ZIP[/b:8b96eba4b7] bestand uit.
    [list:8b96eba4b7]
    [*:8b96eba4b7] Open de map "[b:8b96eba4b7]EmsisoftEmergencyKit[/b:8b96eba4b7]" en dubbelklik op "[b:8b96eba4b7]Start.exe[/b:8b96eba4b7]"
    [*:8b96eba4b7] Klik nu op "[b:8b96eba4b7]Emergency Kit Scanner[/b:8b96eba4b7]" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "[b:8b96eba4b7]Ja[/b:8b96eba4b7]"
    [img:8b96eba4b7]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK11.jpg[/img:8b96eba4b7]
    [*:8b96eba4b7] Als de update gereed is en de melding "[b:8b96eba4b7]Update process is succesvol afgerond[/b:8b96eba4b7]" verschijnt klikt u op "[b:8b96eba4b7]menu[/b:8b96eba4b7]" en dan op "[b:8b96eba4b7]Scan PC[/b:8b96eba4b7]"
    [*:8b96eba4b7] Selecteer de optie "[b:8b96eba4b7]Diep[/b:8b96eba4b7]" als deze niet standaard al zo is ingesteld.
    [*:8b96eba4b7] Klik Nu op de knop "[b:8b96eba4b7]Scan[/b:8b96eba4b7]" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
    [*:8b96eba4b7] Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
    [*:8b96eba4b7] Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "[b:8b96eba4b7]verwijder geselecteerde[/b:8b96eba4b7]" u zal nu de volgende melding krijgen maar klik hier op "[b:8b96eba4b7]Ja[/b:8b96eba4b7]"
    [img:8b96eba4b7]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK2.jpg[/img:8b96eba4b7]
    [*:8b96eba4b7] Als het verwijderen gereed is klikt u op de knop "[b:8b96eba4b7]View report[/b:8b96eba4b7]" en selecteert u het tekstbestand van deze scan met de naam zoals: [b:8b96eba4b7]a2scan_110730-111615.txt[/b:8b96eba4b7]
    [*:8b96eba4b7] Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
    [*:8b96eba4b7] Herstart nu de computer.[/list:u:8b96eba4b7]

    Hoe bne jij overigens verbomden met internet?
    Gedraad of draadloos?
  • Probleem… Ik had hem dus gescand maar had de optie Uitschakelen aangevinkt als scan klaar zou zijn. Ik kwam thuis en computer stond nog aan.. Er stond dat er 1 hoog risico was en dat was omschreven als virus. Ik kreeg melding risico en volgde de instructie op dat ik dat kon wegklikken. Toen wou ik bestanden verwijderen maar gaf hij ineens een registreerscherm weer. Ik druk op annuleren en het programma sluit zich af en de pc wordt uitgeschakeld…

    Staan de scangegevens ergens opgeslagen of ben ik het nu kwijt en moet ik het opnieuw doen?…
  • In de map (op je Bureaublad?) \EmsisoftEmergencyKit\Run\Reports zal je als het goed is een verslag vinden van de scan. Anders doe je het toch gewoon opnieuw?
  • Waarom jij je ook niet aan de opdracht heb gehouden, maar een extra handeling uitvoerde, dat is mij niet geheel duidelijk….
  • Ik was de hele dag niet thuis en vond het onnodig de computer aan te laten staan. Dus ik dacht ik vink aan dat ik de computer automatisch laat uitschakelen… Excuses hiervoor.. Ik heb hem vandaag weer gescand met als resultaat:

    Emsisoft Emergency Kit - Versie 1.0
    Laatste Update: N/A

    Scaninstellingen:

    Scantype: Diepe Scan
    Objecten: Geheugen, Sporen, Cookies, C:\, D:\
    Scan archieven: Aan
    Heuristieken: Uit
    ADS Scan: Aan

    Scan gestart: 23-11-2011 8:12:54

    c:\program files (x86)\Free Offers from Freeze.com Ontdekt: Trace.Directory.Freeze!A2
    c:\program files (x86)\Free Offers from Freeze.com\control.txt Ontdekt: Trace.File.Freeze!A2
    c:\program files (x86)\Free Offers from Freeze.com\dolphinico.ico Ontdekt: Trace.File.Freeze!A2
    c:\program files (x86)\Free Offers from Freeze.com\whalesico.ico Ontdekt: Trace.File.Freeze!A2
    Key: HKEY_LOCAL_MACHINE\software\Freeze.com\ Ontdekt: Trace.Registry.Freeze!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Freeze.com\Installer –> id Ontdekt: Trace.Registry.EZ Game Cheats!A2
    C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Cookies\Low
    ico@stat.onestat[2].txt Ontdekt: Trace.TrackingCookie.stat.onestat!A2
    C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Cookies\Low
    ico@weborama[1].txt Ontdekt: Trace.TrackingCookie.weborama!A2
    C:\Program Files (x86)\Free Offers from Freeze.com\16700.url Ontdekt: Adware.Win32.Freeze!A2
    C:\Program Files (x86)\Free Offers from Freeze.com\16714.url Ontdekt: Adware.Win32.Freeze!A2

    Gescand

    Bestanden: 236361
    Sporen: 401423
    Cookies: 373
    Processen: 81

    Gevonden

    Bestanden: 2
    Sporen: 6
    Cookies: 2
    Processen: 0
    Registersleutels: 0

    Scan Geëindigd: 23-11-2011 9:41:42
    Scantijd: 1:28:48

    Het virus is gister dus al verwijderd automatisch, maar er is daar geen logfile van. Is er geen mogelijkheid om te achterhalen wat hij heeft verwijderd?…

    En wat moet ik met deze gegevens doen, allemaal verwijderen? Ook al hebben ze laag/gemiddeld risico?

    En ik maak gebruik van draadloze internet.
  • Hoi, het is beter indien je een scanner niet kent, bij jouw computer te blijven dan datgene doen wat jij deed!


    Doe de ComboFix scan nogmaals.

    Het kan na opstarten van ComboFix gebeuren dat er een melding komt:

    - of ComboFix wil geupdated worden;
    - of ComboFix wil opnieuw gedownload worden.

    Krijg je dus zo'n melding, dan dit ook uitvoeren.

    Post aansluitend de inhoud van het log.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.