Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Is resultaat scan's voldoende zekerheid voor schoon systeem

Abraham54
11 antwoorden
  • Hallo,

    Regelmatig (1a2xmnd) scan ik mijn pc met Panda IS, MBAM, en windows defender draait op de achtergrond. Nooit enige probleem gevonden. In juli draaide ik een online scan met ESET. Hierbij ook geen probleem gevonden.
    Ik heb al vanaf begin dit jaar Kaspersky TSSD killer gedownload en ook stond er nog een bestand tbv Ares installatie. Alles van Ares had ik al eerder verwijderd.
    Nu dacht ik vandaag weer eens ESET te draaien. En nu werden er 2 bedreigingen gevonden in het installatie bestand van Kaspersky TSSD en in het installatie bestand van Ares.

    ESET gaf het volgende aan:
    -Win32/Toggle programma
    -variant van Win32/Softonic downloader.A programma
    In de log stond dat deze resp voorkwam in de genoemde installatiebestanden.

    De genoemde installatiebestanden stonden er ook al voor de scan met ESET in juli. Toen heb ik geen melding van bedreiging gekregen.
    De kaspersky had ik gedownload van Softonic.com

    Ik heb nu een eerdere gemaakt image teruggezet. De kaspersky TSSD en het Ares bestand verwijderd. ESET weer gedraaid en nu is er geen bedreiging gevonden.

    Nu mijn vraag: Is het resultaat van scan's nu voldoende zekerheid voor schoon systeem?

    vr.gr.
    Frans
  • Ik vraag mij af waarom je Kaspersky's TDSSKiller bij Softonic vandaan haalt en niet rechtstreeks bij Kaspersky?
    Bovendien, heb je wel enig idee wat dit tool doet?

    Overigens met Panda IS hoeft Windows Defender echt niet op de achtergrond mee te lopen.
    De aktieve spywarescanner van Panda is sowieso stukken beter.
    Dus deaktiveer Windows Defender, dan kan deze ook niet conflicteren met Panda.

    [b:f6a60f19cd]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:f6a60f19cd]
  • Hallo Abraham,

    Waarom tssd vanaf softonic realiseerde ik me ok pas later, dus geen specifieke reden.
    Het programma scant toch maleware in de root?
    Ik geef toe dat dit geen kennis van zaken is, meer proberen.

    De logs zal ik vanmiddag posten. De laptop is nu ingebruik ivm thuiswerk.

    Vr.gr.
    Frans
  • Hallo Abraham,

    Hierbij de log's":

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:21:11, on 23-11-2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA INTERNET SECURITY 2011\WebProxy.exe
    C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\ApVxdWin.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe
    C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PavBckPT.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\Inicio.exe"
    O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\MediaShowEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.0"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-1139200220-3051285767-1385365787-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-1139200220-3051285767-1385365787-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - Global Startup: SRS Premium Sound.lnk = ?
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: C:\Windows\SysWOW64
    vinit.dll
    O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32
    vvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PsCtrls.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
    O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\pavsrvx86.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files (x86)\panda security\panda internet security 2011\firewall\PSHOST.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PsImSvc.exe
    O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\PskSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2011\TPSrvWow.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 14196 bytes



    <<>>



    ComboFix 11-11-22.03 - Frans en Wies 23-11-2011 12:27:28.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3886.2172 [GMT 1:00]
    Gestart vanuit: c:\users\Frans en Wies\Desktop\ComboFix.exe
    AV: Panda Internet Security 2011 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
    FW: Panda Personal Firewall 2011 *Disabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
    SP: Panda Internet Security 2011 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\FullRemove.exe
    c:\windows\security\Database\tmp.edb
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-10-23 to 2011-11-23 ))))))))))))))))))))))))))))))
    .
    .
    2011-11-23 11:33 . 2011-11-23 11:33 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
    2011-11-23 11:33 . 2011-11-23 11:33 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-11-22 12:31 . 2011-11-22 12:31 ——– d—–w- c:\windows\system32\Macromed
    2011-11-22 12:23 . 2011-10-07 04:16 8570192 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B98EE4E6-F740-41D4-9930-1746BFDBB6C7}\mpengine.dll
    2011-11-22 12:16 . 2011-10-01 05:45 886784 —-a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-22 12:16 . 2011-10-01 04:37 708608 —-a-w- c:\program files (x86)\Common Files\System\wab32.dll
    2011-11-22 12:15 . 2011-09-29 16:29 1923952 —-a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-22 12:15 . 2011-09-29 04:03 3144704 —-a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-22 12:31 . 2011-08-11 20:21 414368 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-03 03:06 . 2011-01-24 11:27 472808 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2011-09-01 05:24 . 2011-10-12 09:55 2309120 —-a-w- c:\windows\system32\jscript9.dll
    2011-09-01 05:17 . 2011-10-12 09:55 1389056 —-a-w- c:\windows\system32\wininet.dll
    2011-09-01 05:12 . 2011-10-12 09:55 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-09-01 02:35 . 2011-10-12 09:55 1798144 —-a-w- c:\windows\SysWow64\jscript9.dll
    2011-09-01 02:28 . 2011-10-12 09:55 1126912 —-a-w- c:\windows\SysWow64\wininet.dll
    2011-09-01 02:22 . 2011-10-12 09:55 2382848 —-a-w- c:\windows\SysWow64\mshtml.tlb
    2011-08-31 15:00 . 2011-02-03 17:10 25416 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-27 05:37 . 2011-10-12 09:53 861696 —-a-w- c:\windows\system32\oleaut32.dll
    2011-08-27 05:37 . 2011-10-12 09:53 331776 —-a-w- c:\windows\system32\oleacc.dll
    2011-08-27 04:26 . 2011-10-12 09:53 571904 —-a-w- c:\windows\SysWow64\oleaut32.dll
    2011-08-27 04:26 . 2011-10-12 09:53 233472 —-a-w- c:\windows\SysWow64\oleacc.dll
    2009-04-08 17:31 . 2009-04-08 17:31 106496 —-a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
    2008-08-12 04:45 . 2008-08-12 04:45 155648 —-a-w- c:\program files (x86)\Common Files\MSIactionall.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2011-05-03 487424]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-11-13 210216]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-01-13 7109248]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "APVXDWIN"="c:\program files (x86)\Panda Security\Panda Internet Security 2011\APVXDWIN.EXE" [2011-09-05 984576]
    "SCANINICIO"="c:\program files (x86)\Panda Security\Panda Internet Security 2011\Inicio.exe" [2010-06-11 68928]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "MDS_Menu"="c:\program files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-3-27 156952]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64
    vinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27 135664]
    R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27 135664]
    R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 afcdpsrv;Acronis Nonstop Backup-service ;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-03-01 3246040]
    R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS
    vpciflt.sys [x]
    S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot64.sys [x]
    S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
    S1 ShldFlt;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShldFlt.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
    S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm6460.sys [x]
    S2 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT64.SYS [x]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
    S2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\DRIVERS\COMFiltr.sys [x]
    S2 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT64.SYS [x]
    S2 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetm64.SYS [x]
    S2 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT64.SYS [x]
    S2 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETTDI64.SYS [x]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
    S2 PskSvcRetail;Panda PSK service;c:\program files (x86)\Panda Security\Panda Internet Security 2011\PskSvc.exe [2010-08-16 28992]
    S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-26 5790064]
    S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-26 487280]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
    S2 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT64.SYS [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;c:\windows\system32\DRIVERS
    64i1642.sys [x]
    S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
    .
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27 08:25]
    .
    2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27 08:25]
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
    @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
    [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
    2009-11-26 05:49 70656 —-a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
    @="{64174815-8D98-4CE6-8646-4C039977D808}"
    [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
    2009-11-26 05:49 70656 —-a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32
    vinitx.dll
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.telegraaf.nl/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    Trusted Zone: airmilesshop.nl\www
    TCP: DhcpNameServer = 192.168.178.1
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Toolbar-Locked - (no file)
    SafeBoot-SolutoService
    Toolbar-Locked - (no file)
    AddRemove-ASUS_N_Series_Screensaver - c:\windows\system32\ASUS_N_Series_Screensaver.scr
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files (x86)\Panda Security\Panda Internet Security 2011\TPSrvWow.exe
    c:\program files (x86)\PANDA SECURITY\PANDA INTERNET SECURITY 2011\WebProxy.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
    c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Panda Security\Panda Internet Security 2011\PsCtrls.exe
    c:\program files (x86)\Panda Security\Panda Internet Security 2011\PavFnSvr.exe
    c:\program files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
    c:\program files (x86)\Panda Security\Panda Internet Security 2011\pavsrvx86.exe
    c:\program files (x86)\panda security\panda internet security 2011\firewall\PSHOST.EXE
    c:\program files (x86)\Panda Security\Panda Internet Security 2011\PsImSvc.exe
    c:\program files (x86)\Panda Security\Panda Internet Security 2011\AVENGINE.EXE
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-11-23 12:39:24 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-11-23 11:39
    .
    Pre-Run: 83.280.990.208 bytes beschikbaar
    Post-Run: 83.144.159.232 bytes beschikbaar
    .
    - - End Of File - - 053CA1D70A39DB2063640015D64D35E4






  • Hallo Frans, je het volgende doen en laat ook weten hoe jouw Windows inmiddels draait:

    [[b:94a7c46291]Welk programma[/b:94a7c46291]: Kaspersky [b:94a7c46291]TDSSKiller[/b:94a7c46291]
    [b:94a7c46291]Waarvoor/waarom[/b:94a7c46291]: Rootkitscanner
    [b:94a7c46291]Moeilijkheidsgraad[/b:94a7c46291]: geen
    [b:94a7c46291]Downloadlokatie[/b:94a7c46291]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
    [b:94a7c46291]Download[/b:94a7c46291] [b:94a7c46291]TDSSKiller[/b:94a7c46291] [b:94a7c46291]hier[/b:94a7c46291].

    [b:94a7c46291]Installatie[/b:94a7c46291]:
    [list:94a7c46291][*:94a7c46291] pak het bestand uit op je bureaublad.[/list:u:94a7c46291]

    [b:94a7c46291]TDSSKiller gebruiken[/b:94a7c46291]:
    [list:94a7c46291][*:94a7c46291]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe.
    [*:94a7c46291]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:94a7c46291]Als Administrator uitvoeren[/b:94a7c46291].
    [*:94a7c46291]Idien TDSSKiller met een bericht komt over een beschikbare update, dan voer je deze eerst uit.[/list:u:94a7c46291]
    [img:94a7c46291]http://www.imgdumper.nl/uploads4/4dc1d6438f791/4dc1d6438d897-TDSSKiller_2011-05-05_00-26-21.jpg[/img:94a7c46291]

    [list:94a7c46291][*:94a7c46291]Klik vervolgens op de knop [b:94a7c46291]"Start Scan"[/b:94a7c46291] en volg de instructies.
    [*:94a7c46291] Nadat de scan klaar is klik je op de knop [b:94a7c46291]"Report"[/b:94a7c46291].
    [*:94a7c46291]Er opent een kladblokbestand. Post de inhoud van dit bestand.
    [list:94a7c46291][*:94a7c46291][b:94a7c46291]Herstart de pc indien TDSSKiller die optie aangeeft (Reboot now).[/b:94a7c46291]
    [*:94a7c46291]Wanneer het opnieuw opstarten noodzakelijk is, vind je de logfile in [b:94a7c46291]C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt[/b:94a7c46291][/list:u:94a7c46291][/list:u:94a7c46291]
  • Hallo Abraham,

    Windows loopt goed, geen probleem.

    Hierbij de log van TDSS.

    17:22:30.0934 2712 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
    17:22:32.0369 2712 ============================================================
    17:22:32.0369 2712 Current date / time: 2011/11/23 17:22:32.0369
    17:22:32.0369 2712 SystemInfo:
    17:22:32.0369 2712
    17:22:32.0369 2712 OS Version: 6.1.7601 ServicePack: 1.0
    17:22:32.0369 2712 Product type: Workstation
    17:22:32.0369 2712 ComputerName: FRANSENWIES-PC
    17:22:32.0369 2712 UserName: Frans en Wies
    17:22:32.0369 2712 Windows directory: C:\Windows
    17:22:32.0369 2712 System windows directory: C:\Windows
    17:22:32.0369 2712 Running under WOW64
    17:22:32.0369 2712 Processor architecture: Intel x64
    17:22:32.0369 2712 Number of processors: 4
    17:22:32.0369 2712 Page size: 0x1000
    17:22:32.0369 2712 Boot type: Normal boot
    17:22:32.0369 2712 ============================================================
    17:22:35.0785 2712 Initialize success
    17:22:41.0854 6288 ============================================================
    17:22:41.0854 6288 Scan started
    17:22:41.0854 6288 Mode: Manual;
    17:22:41.0854 6288 ============================================================
    17:22:43.0117 6288 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    17:22:43.0133 6288 1394ohci - ok
    17:22:43.0180 6288 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    17:22:43.0195 6288 ACPI - ok
    17:22:43.0258 6288 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    17:22:43.0273 6288 AcpiPmi - ok
    17:22:43.0367 6288 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    17:22:43.0382 6288 adp94xx - ok
    17:22:43.0445 6288 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    17:22:43.0460 6288 adpahci - ok
    17:22:43.0554 6288 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    17:22:43.0570 6288 adpu320 - ok
    17:22:43.0710 6288 afcdp (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys
    17:22:43.0726 6288 afcdp - ok
    17:22:43.0960 6288 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    17:22:44.0318 6288 AFD - ok
    17:22:44.0490 6288 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    17:22:44.0490 6288 agp440 - ok
    17:22:44.0677 6288 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    17:22:44.0677 6288 aliide - ok
    17:22:44.0724 6288 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    17:22:44.0724 6288 amdide - ok
    17:22:44.0786 6288 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    17:22:44.0802 6288 AmdK8 - ok
    17:22:44.0818 6288 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    17:22:44.0833 6288 AmdPPM - ok
    17:22:44.0864 6288 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    17:22:44.0864 6288 amdsata - ok
    17:22:44.0911 6288 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    17:22:45.0286 6288 amdsbs - ok
    17:22:45.0379 6288 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    17:22:45.0379 6288 amdxata - ok
    17:22:45.0442 6288 AmFSM (71336e77f98a65efaaeb950902611d3f) C:\Windows\system32\DRIVERS\amm6460.sys
    17:22:45.0457 6288 AmFSM - ok
    17:22:45.0551 6288 APPFLT (e86908bfe8b20bb8a30e4737ce3284da) C:\Windows\system32\Drivers\APPFLT64.SYS
    17:22:45.0566 6288 APPFLT - ok
    17:22:45.0660 6288 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    17:22:45.0676 6288 AppID - ok
    17:22:45.0769 6288 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    17:22:45.0785 6288 arc - ok
    17:22:45.0800 6288 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    17:22:45.0800 6288 arcsas - ok
    17:22:45.0863 6288 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
    17:22:45.0878 6288 ASMMAP64 - ok
    17:22:45.0925 6288 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    17:22:45.0925 6288 AsyncMac - ok
    17:22:45.0972 6288 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    17:22:45.0972 6288 atapi - ok
    17:22:46.0034 6288 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
    17:22:46.0112 6288 athr - ok
    17:22:46.0268 6288 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    17:22:46.0612 6288 b06bdrv - ok
    17:22:46.0768 6288 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:22:46.0783 6288 b57nd60a - ok
    17:22:46.0814 6288 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    17:22:46.0830 6288 Beep - ok
    17:22:46.0939 6288 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    17:22:46.0939 6288 blbdrive - ok
    17:22:47.0002 6288 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    17:22:47.0002 6288 bowser - ok
    17:22:47.0080 6288 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    17:22:47.0080 6288 BrFiltLo - ok
    17:22:47.0142 6288 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    17:22:47.0142 6288 BrFiltUp - ok
    17:22:47.0236 6288 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    17:22:47.0251 6288 Brserid - ok
    17:22:47.0282 6288 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    17:22:47.0298 6288 BrSerWdm - ok
    17:22:47.0345 6288 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:22:47.0345 6288 BrUsbMdm - ok
    17:22:47.0392 6288 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    17:22:47.0407 6288 BrUsbSer - ok
    17:22:47.0470 6288 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    17:22:47.0470 6288 BTHMODEM - ok
    17:22:47.0548 6288 catchme - ok
    17:22:47.0657 6288 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    17:22:47.0672 6288 cdfs - ok
    17:22:47.0719 6288 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    17:22:47.0735 6288 cdrom - ok
    17:22:47.0875 6288 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    17:22:47.0875 6288 circlass - ok
    17:22:47.0938 6288 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    17:22:47.0953 6288 CLFS - ok
    17:22:48.0094 6288 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    17:22:48.0094 6288 CmBatt - ok
    17:22:48.0125 6288 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    17:22:48.0125 6288 cmdide - ok
    17:22:48.0187 6288 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    17:22:48.0203 6288 CNG - ok
    17:22:48.0312 6288 ComFiltr (8a64c45f467fb30c47a30ae2819ddd62) C:\Windows\system32\DRIVERS\COMFiltr.sys
    17:22:48.0312 6288 ComFiltr - ok
    17:22:48.0374 6288 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    17:22:48.0374 6288 Compbatt - ok
    17:22:48.0421 6288 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    17:22:48.0421 6288 CompositeBus - ok
    17:22:48.0452 6288 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    17:22:48.0468 6288 crcdisk - ok
    17:22:48.0515 6288 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
    17:22:48.0530 6288 CVirtA - ok
    17:22:48.0655 6288 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
    17:22:48.0983 6288 CVPNDRVA - ok
    17:22:49.0264 6288 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    17:22:49.0264 6288 DfsC - ok
    17:22:49.0388 6288 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    17:22:49.0388 6288 discache - ok
    17:22:49.0435 6288 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    17:22:49.0451 6288 Disk - ok
    17:22:49.0498 6288 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
    17:22:49.0498 6288 DNE - ok
    17:22:49.0654 6288 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    17:22:49.0669 6288 drmkaud - ok
    17:22:49.0700 6288 DSAFLT (64648b677d5005749f2fe412254512b7) C:\Windows\system32\Drivers\DSAFLT64.SYS
    17:22:49.0700 6288 DSAFLT - ok
    17:22:49.0763 6288 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    17:22:49.0778 6288 DXGKrnl - ok
    17:22:49.0903 6288 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    17:22:50.0044 6288 ebdrv - ok
    17:22:50.0215 6288 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    17:22:50.0231 6288 elxstor - ok
    17:22:50.0262 6288 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    17:22:50.0262 6288 ErrDev - ok
    17:22:50.0324 6288 ETD (3c38648375b7f3988691f53a7aae10a9) C:\Windows\system32\DRIVERS\ETD.sys
    17:22:50.0324 6288 ETD - ok
    17:22:50.0356 6288 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    17:22:50.0371 6288 exfat - ok
    17:22:50.0402 6288 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    17:22:50.0402 6288 fastfat - ok
    17:22:50.0449 6288 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    17:22:50.0449 6288 fdc - ok
    17:22:50.0496 6288 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    17:22:50.0496 6288 FileInfo - ok
    17:22:50.0527 6288 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    17:22:50.0527 6288 Filetrace - ok
    17:22:50.0574 6288 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    17:22:50.0590 6288 flpydisk - ok
    17:22:50.0621 6288 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    17:22:50.0636 6288 FltMgr - ok
    17:22:50.0668 6288 FNETMON (50c6c310a98108a94e985fd46b4e150c) C:\Windows\system32\Drivers\fnetm64.SYS
    17:22:50.0668 6288 FNETMON - ok
    17:22:50.0714 6288 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    17:22:50.0730 6288 FsDepends - ok
    17:22:50.0777 6288 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
    17:22:50.0777 6288 fssfltr - ok
    17:22:50.0824 6288 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    17:22:50.0824 6288 Fs_Rec - ok
    17:22:50.0870 6288 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    17:22:50.0886 6288 fvevol - ok
    17:22:50.0917 6288 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    17:22:50.0917 6288 gagp30kx - ok
    17:22:51.0073 6288 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    17:22:51.0089 6288 hcw85cir - ok
    17:22:51.0151 6288 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    17:22:51.0167 6288 HdAudAddService - ok
    17:22:51.0229 6288 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    17:22:51.0229 6288 HDAudBus - ok
    17:22:51.0276 6288 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    17:22:51.0292 6288 HECIx64 - ok
    17:22:51.0307 6288 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    17:22:51.0323 6288 HidBatt - ok
    17:22:51.0338 6288 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    17:22:51.0354 6288 HidBth - ok
    17:22:51.0370 6288 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    17:22:51.0385 6288 HidIr - ok
    17:22:51.0448 6288 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    17:22:51.0448 6288 HidUsb - ok
    17:22:51.0557 6288 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    17:22:51.0572 6288 HpSAMD - ok
    17:22:51.0635 6288 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    17:22:51.0994 6288 HTTP - ok
    17:22:52.0150 6288 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    17:22:52.0150 6288 hwpolicy - ok
    17:22:52.0259 6288 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    17:22:52.0274 6288 i8042prt - ok
    17:22:52.0321 6288 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys
    17:22:52.0321 6288 iaStor - ok
    17:22:52.0430 6288 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    17:22:52.0805 6288 iaStorV - ok
    17:22:52.0898 6288 IDSFLT (731791f5391083f0cc8cb5a00bbd5e89) C:\Windows\system32\Drivers\IDSFLT64.SYS
    17:22:53.0195 6288 IDSFLT - ok
    17:22:53.0600 6288 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
    17:22:53.0990 6288 igfx - ok
    17:22:54.0100 6288 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    17:22:54.0443 6288 iirsp - ok
    17:22:54.0599 6288 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
    17:22:54.0599 6288 Impcd - ok
    17:22:54.0755 6288 IntcAzAudAddService (53019327813ff5ab2964b33b2c61307c) C:\Windows\system32\drivers\RTKVHD64.sys
    17:22:54.0786 6288 IntcAzAudAddService - ok
    17:22:54.0833 6288 IntcDAud (408b401cd7cdb075c7470b0ff7ba8d0b) C:\Windows\system32\DRIVERS\IntcDAud.sys
    17:22:54.0848 6288 IntcDAud - ok
    17:22:54.0864 6288 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    17:22:54.0880 6288 intelide - ok
    17:22:54.0926 6288 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    17:22:54.0926 6288 intelppm - ok
    17:22:54.0973 6288 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:22:55.0363 6288 IpFilterDriver - ok
    17:22:55.0441 6288 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    17:22:55.0441 6288 IPMIDRV - ok
    17:22:55.0472 6288 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    17:22:55.0784 6288 IPNAT - ok
    17:22:55.0972 6288 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    17:22:55.0987 6288 IRENUM - ok
    17:22:56.0018 6288 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    17:22:56.0018 6288 isapnp - ok
    17:22:56.0050 6288 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    17:22:56.0065 6288 iScsiPrt - ok
    17:22:56.0096 6288 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    17:22:56.0096 6288 kbdclass - ok
    17:22:56.0143 6288 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    17:22:56.0159 6288 kbdhid - ok
    17:22:56.0190 6288 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
    17:22:56.0190 6288 kbfiltr - ok
    17:22:56.0237 6288 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    17:22:56.0237 6288 KSecDD - ok
    17:22:56.0268 6288 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    17:22:56.0284 6288 KSecPkg - ok
    17:22:56.0315 6288 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    17:22:56.0315 6288 ksthunk - ok
    17:22:56.0393 6288 L1C (b4a3a05b0f9c81d098b96ab6aa915042) C:\Windows\system32\DRIVERS\L1C62x64.sys
    17:22:56.0393 6288 L1C - ok
    17:22:56.0440 6288 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    17:22:56.0455 6288 lltdio - ok
    17:22:56.0674 6288 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    17:22:56.0674 6288 LSI_FC - ok
    17:22:56.0720 6288 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    17:22:56.0736 6288 LSI_SAS - ok
    17:22:56.0814 6288 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    17:22:56.0814 6288 LSI_SAS2 - ok
    17:22:56.0845 6288 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    17:22:56.0861 6288 LSI_SCSI - ok
    17:22:56.0892 6288 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    17:22:56.0892 6288 luafv - ok
    17:22:56.0939 6288 lullaby (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys
    17:22:56.0954 6288 lullaby - ok
    17:22:57.0001 6288 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    17:22:57.0001 6288 megasas - ok
    17:22:57.0032 6288 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    17:22:57.0329 6288 MegaSR - ok
    17:22:57.0376 6288 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    17:22:57.0376 6288 Modem - ok
    17:22:57.0407 6288 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    17:22:57.0407 6288 monitor - ok
    17:22:57.0438 6288 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    17:22:57.0438 6288 mouclass - ok
    17:22:57.0563 6288 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    17:22:57.0563 6288 mouhid - ok
    17:22:57.0610 6288 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    17:22:57.0625 6288 mountmgr - ok
    17:22:57.0688 6288 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    17:22:57.0703 6288 mpio - ok
    17:22:57.0750 6288 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    17:22:57.0766 6288 mpsdrv - ok
    17:22:57.0844 6288 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    17:22:57.0844 6288 MRxDAV - ok
    17:22:57.0953 6288 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:22:57.0968 6288 mrxsmb - ok
    17:22:58.0015 6288 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:22:58.0031 6288 mrxsmb10 - ok
    17:22:58.0062 6288 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:22:58.0078 6288 mrxsmb20 - ok
    17:22:58.0140 6288 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    17:22:58.0140 6288 msahci - ok
    17:22:58.0187 6288 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    17:22:58.0187 6288 msdsm - ok
    17:22:58.0312 6288 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    17:22:58.0312 6288 Msfs - ok
    17:22:58.0343 6288 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    17:22:58.0343 6288 mshidkmdf - ok
    17:22:58.0390 6288 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    17:22:58.0405 6288 msisadrv - ok
    17:22:58.0561 6288 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    17:22:58.0561 6288 MSKSSRV - ok
    17:22:58.0608 6288 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    17:22:58.0608 6288 MSPCLOCK - ok
    17:22:58.0702 6288 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    17:22:58.0717 6288 MSPQM - ok
    17:22:58.0780 6288 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    17:22:58.0780 6288 MsRPC - ok
    17:22:58.0858 6288 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    17:22:58.0858 6288 mssmbios - ok
    17:22:58.0951 6288 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    17:22:58.0967 6288 MSTEE - ok
    17:22:58.0982 6288 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    17:22:58.0982 6288 MTConfig - ok
    17:22:59.0076 6288 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
    17:22:59.0076 6288 MTsensor - ok
    17:22:59.0123 6288 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    17:22:59.0123 6288 Mup - ok
    17:22:59.0248 6288 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS
    wifi.sys
    17:22:59.0263 6288 NativeWifiP - ok
    17:22:59.0326 6288 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers
    dis.sys
    17:22:59.0357 6288 NDIS - ok
    17:22:59.0466 6288 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS
    discap.sys
    17:22:59.0466 6288 NdisCap - ok
    17:22:59.0528 6288 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS
    distapi.sys
    17:22:59.0544 6288 NdisTapi - ok
    17:22:59.0638 6288 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS
    disuio.sys
    17:22:59.0638 6288 Ndisuio - ok
    17:22:59.0700 6288 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS
    diswan.sys
    17:22:59.0716 6288 NdisWan - ok
    17:22:59.0762 6288 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    17:22:59.0778 6288 NDProxy - ok
    17:22:59.0825 6288 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS
    etbios.sys
    17:22:59.0825 6288 NetBIOS - ok
    17:22:59.0872 6288 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS
    etbt.sys
    17:22:59.0887 6288 NetBT - ok
    17:22:59.0934 6288 NETFLTDI (ba99a34a9b5eb737ce54bc0a7c596609) C:\Windows\system32\Drivers\NETTDI64.SYS
    17:23:00.0230 6288 NETFLTDI - ok
    17:23:00.0246 6288 NETIMFLT01060042 (4d69ebc1a362d392226662560cb8a8b0) C:\Windows\system32\DRIVERS
    64i1642.sys
    17:23:00.0246 6288 NETIMFLT01060042 - ok
    17:23:00.0355 6288 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS
    frd960.sys
    17:23:00.0371 6288 nfrd960 - ok
    17:23:00.0418 6288 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    17:23:00.0433 6288 Npfs - ok
    17:23:00.0464 6288 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers
    siproxy.sys
    17:23:00.0464 6288 nsiproxy - ok
    17:23:00.0558 6288 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    17:23:01.0073 6288 Ntfs - ok
    17:23:01.0166 6288 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    17:23:01.0182 6288 Null - ok
    17:23:01.0478 6288 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS
    vlddmkm.sys
    17:23:01.0775 6288 nvlddmkm - ok
    17:23:01.0884 6288 nvpciflt (88b625725a297e638b8bc55334d75020) C:\Windows\system32\DRIVERS
    vpciflt.sys
    17:23:01.0884 6288 nvpciflt - ok
    17:23:01.0931 6288 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers
    vraid.sys
    17:23:01.0946 6288 nvraid - ok
    17:23:01.0978 6288 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers
    vstor.sys
    17:23:01.0993 6288 nvstor - ok
    17:23:02.0087 6288 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers
    v_agp.sys
    17:23:02.0102 6288 nv_agp - ok
    17:23:02.0149 6288 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    17:23:02.0165 6288 ohci1394 - ok
    17:23:02.0243 6288 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    17:23:02.0243 6288 Parport - ok
    17:23:02.0290 6288 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    17:23:02.0290 6288 partmgr - ok
    17:23:02.0336 6288 pavboot (337a81b3ff34f9851d245d42a725fc22) C:\Windows\system32\Drivers\pavboot64.sys
    17:23:02.0352 6288 pavboot - ok
    17:23:02.0446 6288 PavTPK.sys - ok
    17:23:02.0539 6288 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    17:23:02.0539 6288 pci - ok
    17:23:02.0617 6288 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    17:23:02.0617 6288 pciide - ok
    17:23:02.0664 6288 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    17:23:02.0680 6288 pcmcia - ok
    17:23:02.0789 6288 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    17:23:02.0789 6288 pcw - ok
    17:23:02.0820 6288 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    17:23:02.0851 6288 PEAUTH - ok
    17:23:03.0023 6288 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    17:23:03.0038 6288 PptpMiniport - ok
    17:23:03.0085 6288 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    17:23:03.0085 6288 Processor - ok
    17:23:03.0116 6288 Prot6Flt - ok
    17:23:03.0179 6288 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    17:23:03.0179 6288 Psched - ok
    17:23:03.0319 6288 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    17:23:03.0772 6288 ql2300 - ok
    17:23:03.0818 6288 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    17:23:04.0115 6288 ql40xx - ok
    17:23:04.0302 6288 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    17:23:04.0318 6288 QWAVEdrv - ok
    17:23:04.0364 6288 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    17:23:04.0380 6288 RasAcd - ok
    17:23:04.0442 6288 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:23:04.0458 6288 RasAgileVpn - ok
    17:23:04.0489 6288 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:23:04.0505 6288 Rasl2tp - ok
    17:23:04.0645 6288 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    17:23:04.0645 6288 RasPppoe - ok
    17:23:04.0676 6288 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    17:23:04.0692 6288 RasSstp - ok
    17:23:04.0739 6288 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    17:23:04.0754 6288 rdbss - ok
    17:23:04.0801 6288 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    17:23:04.0817 6288 rdpbus - ok
    17:23:04.0848 6288 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:23:04.0848 6288 RDPCDD - ok
    17:23:04.0895 6288 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    17:23:04.0910 6288 RDPENCDD - ok
    17:23:04.0942 6288 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    17:23:04.0957 6288 RDPREFMP - ok
    17:23:05.0020 6288 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    17:23:05.0020 6288 RDPWD - ok
    17:23:05.0098 6288 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    17:23:05.0098 6288 rdyboost - ok
    17:23:05.0254 6288 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    17:23:05.0269 6288 rspndr - ok
    17:23:05.0316 6288 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    17:23:05.0332 6288 sbp2port - ok
    17:23:05.0363 6288 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    17:23:05.0363 6288 scfilter - ok
    17:23:05.0425 6288 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    17:23:05.0425 6288 secdrv - ok
    17:23:05.0534 6288 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    17:23:05.0534 6288 Serenum - ok
    17:23:05.0644 6288 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    17:23:05.0659 6288 Serial - ok
    17:23:05.0706 6288 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    17:23:05.0706 6288 sermouse - ok
    17:23:05.0784 6288 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    17:23:05.0784 6288 sffdisk - ok
    17:23:05.0815 6288 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    17:23:05.0815 6288 sffp_mmc - ok
    17:23:05.0831 6288 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    17:23:05.0846 6288 sffp_sd - ok
    17:23:05.0878 6288 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    17:23:05.0893 6288 sfloppy - ok
    17:23:05.0971 6288 ShldFlt (03639a3b26aa808bae79d89fdb4b151c) C:\Windows\system32\DRIVERS\ShldFlt.sys
    17:23:05.0971 6288 ShldFlt - ok
    17:23:06.0034 6288 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
    17:23:06.0034 6288 SiSGbeLH - ok
    17:23:06.0080 6288 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    17:23:06.0080 6288 SiSRaid2 - ok
    17:23:06.0112 6288 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    17:23:06.0112 6288 SiSRaid4 - ok
    17:23:06.0158 6288 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    17:23:06.0158 6288 Smb - ok
    17:23:06.0221 6288 snapman (b2c19ae46c5a109679b4fb38058df05a) C:\Windows\system32\DRIVERS\snapman.sys
    17:23:06.0236 6288 snapman - ok
    17:23:06.0361 6288 SNP2UVC (2114518e55b380a3acc28b2c27fd499a) C:\Windows\system32\DRIVERS\snp2uvc.sys
    17:23:06.0424 6288 SNP2UVC - ok
    17:23:06.0486 6288 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    17:23:06.0486 6288 spldr - ok
    17:23:06.0626 6288 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    17:23:06.0938 6288 srv - ok
    17:23:07.0126 6288 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    17:23:07.0141 6288 srv2 - ok
    17:23:07.0172 6288 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    17:23:07.0188 6288 srvnet - ok
    17:23:07.0266 6288 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    17:23:07.0282 6288 stexstor - ok
    17:23:07.0360 6288 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    17:23:07.0360 6288 swenum - ok
    17:23:07.0640 6288 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    17:23:08.0280 6288 Tcpip - ok
    17:23:08.0436 6288 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    17:23:08.0452 6288 TCPIP6 - ok
    17:23:08.0498 6288 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    17:23:08.0514 6288 tcpipreg - ok
    17:23:08.0608 6288 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    17:23:08.0608 6288 TDPIPE - ok
    17:23:08.0701 6288 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
    17:23:08.0764 6288 tdrpman273 - ok
    17:23:08.0873 6288 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    17:23:08.0888 6288 TDTCP - ok
    17:23:08.0935 6288 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    17:23:08.0935 6288 tdx - ok
    17:23:08.0982 6288 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    17:23:08.0982 6288 TermDD - ok
    17:23:09.0044 6288 timounter (2c1caf5563548a15515eab07d2a069c6) C:\Windows\system32\DRIVERS\timntr.sys
    17:23:09.0076 6288 timounter - ok
    17:23:09.0263 6288 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:23:09.0263 6288 tssecsrv - ok
    17:23:09.0341 6288 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    17:23:09.0341 6288 TsUsbFlt - ok
    17:23:09.0419 6288 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    17:23:09.0746 6288 tunnel - ok
    17:23:09.0778 6288 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    17:23:09.0778 6288 uagp35 - ok
    17:23:09.0824 6288 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    17:23:09.0856 6288 udfs - ok
    17:23:09.0902 6288 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    17:23:09.0902 6288 uliagpkx - ok
    17:23:09.0934 6288 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    17:23:09.0934 6288 umbus - ok
    17:23:09.0980 6288 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    17:23:09.0980 6288 UmPass - ok
    17:23:10.0027 6288 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    17:23:10.0027 6288 usbccgp - ok
    17:23:10.0074 6288 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    17:23:10.0074 6288 usbcir - ok
    17:23:10.0105 6288 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    17:23:10.0105 6288 usbehci - ok
    17:23:10.0152 6288 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    17:23:10.0168 6288 usbhub - ok
    17:23:10.0214 6288 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    17:23:10.0214 6288 usbohci - ok
    17:23:10.0261 6288 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    17:23:10.0261 6288 usbprint - ok
    17:23:10.0292 6288 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
    17:23:10.0308 6288 USBSTOR - ok
    17:23:10.0339 6288 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    17:23:10.0355 6288 usbuhci - ok
    17:23:10.0402 6288 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    17:23:10.0417 6288 usbvideo - ok
    17:23:10.0480 6288 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    17:23:10.0480 6288 vdrvroot - ok
    17:23:10.0511 6288 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    17:23:10.0526 6288 vga - ok
    17:23:10.0667 6288 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    17:23:10.0667 6288 VgaSave - ok
    17:23:10.0714 6288 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    17:23:10.0729 6288 vhdmp - ok
    17:23:10.0745 6288 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    17:23:10.0760 6288 viaide - ok
    17:23:10.0792 6288 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    17:23:10.0792 6288 volmgr - ok
    17:23:10.0838 6288 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    17:23:10.0854 6288 volmgrx - ok
    17:23:10.0901 6288 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    17:23:10.0901 6288 volsnap - ok
    17:23:10.0948 6288 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    17:23:10.0963 6288 vsmraid - ok
    17:23:10.0994 6288 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    17:23:10.0994 6288 vwifibus - ok
    17:23:11.0026 6288 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    17:23:11.0026 6288 vwififlt - ok
    17:23:11.0088 6288 wacmoumonitor (43ce14e1e17da81ea71dfe686805ed07) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
    17:23:11.0088 6288 wacmoumonitor - ok
    17:23:11.0150 6288 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
    17:23:11.0150 6288 wacommousefilter - ok
    17:23:11.0197 6288 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    17:23:11.0213 6288 WacomPen - ok
    17:23:11.0260 6288 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
    17:23:11.0260 6288 wacomvhid - ok
    17:23:11.0306 6288 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:23:11.0306 6288 WANARP - ok
    17:23:11.0338 6288 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:23:11.0338 6288 Wanarpv6 - ok
    17:23:11.0478 6288 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    17:23:11.0494 6288 Wd - ok
    17:23:11.0540 6288 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    17:23:11.0587 6288 Wdf01000 - ok
    17:23:11.0728 6288 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    17:23:11.0728 6288 WfpLwf - ok
    17:23:11.0806 6288 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
    17:23:11.0821 6288 WimFltr - ok
    17:23:11.0884 6288 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    17:23:11.0884 6288 WIMMount - ok
    17:23:12.0071 6288 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    17:23:12.0071 6288 WmiAcpi - ok
    17:23:12.0180 6288 WNMFLT (c1b61612fccc6e750ad0a6e19c77ee85) C:\Windows\system32\Drivers\WNMFLT64.SYS
    17:23:12.0180 6288 WNMFLT - ok
    17:23:12.0274 6288 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    17:23:12.0274 6288 ws2ifsl - ok
    17:23:12.0352 6288 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    17:23:12.0367 6288 WudfPf - ok
    17:23:12.0414 6288 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:23:12.0414 6288 WUDFRd - ok
    17:23:12.0476 6288 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    17:23:12.0492 6288 \Device\Harddisk0\DR0 - ok
    17:23:12.0508 6288 Boot (0x1200) (7ce69b45b09d2bff3a75ca30a309b1f8) \Device\Harddisk0\DR0\Partition0
    17:23:12.0508 6288 \Device\Harddisk0\DR0\Partition0 - ok
    17:23:12.0523 6288 Boot (0x1200) (f2e5a209068ece882dac955e174296cc) \Device\Harddisk0\DR0\Partition1
    17:23:12.0539 6288 \Device\Harddisk0\DR0\Partition1 - ok
    17:23:12.0539 6288 ============================================================
    17:23:12.0539 6288 Scan finished
    17:23:12.0539 6288 ============================================================
    17:23:12.0554 4128 Detected object count: 0
    17:23:12.0554 4128 Actual detected object count: 0















  • Mooi zo, ook geen rootkits zoals TDL4.

    We gaan opruimen:

  • Hallo Abraham,

    Hierbij de log: Zie volgende post!



    Results of screen317's Security Check version 0.99.28
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    [b:e7e4625dfe]``````````````````````````````
    [u:e7e4625dfe]Antivirus/Firewall Check:[/u:e7e4625dfe][/b:e7e4625dfe]
    Panda Internet Security 2011
    [size=1:e7e4625dfe]WMI entry may not exist for antivirus; attempting automatic update.[/size:e7e4625dfe]
    [b:e7e4625dfe]```````````````````````````````
    [u:e7e4625dfe]Anti-malware/Other Utilities Check:[/u:e7e4625dfe][/b:e7e4625dfe]
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 29
    Adobe Flash Player ( 10.0.32.18) [b:e7e4625dfe]
  • Hallo Abraham,

    Ik heb Adobe geupdate.
    Zie onderstaande log.
    Flashplayer staat nu niet in de log, maar heb hem wel in mijn programma lijst versie 11.1.102.55

    Wat ik verder heb gezien is dat de 2 VIR bestanden die combofix verwijderd heeft al sinds 24-12-2009 en 17-3-2011 in mijn systeem zitten. Ik heb dit ook in mijn images van die tijd gezien. Als je googled zijn dit geen onbekende. Het verbaast mij dan ook lichtelijk dat MBAM, Panda , ESET, windows defender hier niks mee gedaan hebben.
    Het antwoord op mijn vraag "Is het resultaat van scan's nu voldoende zekerheid voor schoon systeem?" is dan ook een duidelijk NEE! Of heb jij hier een verklaring voor?
    Ik ben blij dat het systeem weer schoon is. Ga na alle actie een nieuw image maken en alle oude maar weggooien.

    In de 1ste log staat een melding over windows security service, deze is in de 2de log verdwenen. Waarschijnlijk duurt het even voordat deze actief wordt?

    Ik verneem graag van je of er nog acties nodig zijn.

    Results of screen317's Security Check version 0.99.28
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    [b:328415e2a8]``````````````````````````````
    [u:328415e2a8]Antivirus/Firewall Check:[/u:328415e2a8][/b:328415e2a8]
  • Je moet het zo zien, dat geen enkele antivirussoftware en spywarescanner 100 % zekerheid biedt.

    ComboFix is een zeer specialistisch programma en ga het dan ook niet zelf gebruiken.

    Ik adviseer jou pas een image te maken na de laatste tip te hebben uitgevoerd:

    ga een paar keer per jaar naar [b:9013e93846]Secunia PSI (klik)[/b:9013e93846] om te controleren of ook alles binnen Windows uptodate is.
    Want alleen dan is Windows op zijn veiligst!

    Klik op de Secunia site eerst op de knop [b:9013e93846]Start Scanner[/b:9013e93846] en zet vervolgens op de nieuwe pagina eerst een vinkje bij [b:9013e93846]Enable thorough system inspection[/b:9013e93846] aleer op [b:9013e93846]Start[/b:9013e93846] te klikken!

    Gebruik je geen Java, dan zal de site niet werken.
    Dan kan je de [b:9013e93846]Secunia Personal Software Inspector (PSI)[/b:9013e93846] downloaden en installeren.
    N.B.: na installatie start dit tool automatisch met Windows, maar dat is echt niet nodig en kan uitgescakeld worden!
    http://secunia.com/vulnerability_scanning/personal/
  • Hallo Abraham,

    Alle acties zijn nu uitgevoerd. Moest alleen Quicktime vernieuwen.
    Ik ga zeker niet zelf met combofix e.d. aan de gang.
    Als ik het niet vertrouw post ik wel een nieuw verzoek.

    Voor nu, bedankt voor de ondersteuning.

    vr.gr
    Frans

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.