Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Onbekende uploads

None
17 antwoorden
  • Sinds een paar weken geeft mijn uploadmetertje om de paar seconden een uploadsnelheid van 5,0 kbps aan, soms een andere waarde. Ik vermoed dat dit ontstaan is na het openen van een fout email. Ik heb sindsdien reeds meerdere keren door AVG Anti-Virus, Lavasoft Ad-Aware en G Data Antivirus mijn hele computer laten scannen, maar zonder resultaat. Hoe kan ik achterhalen welk programma deze upload veroorzaakt? En als het malware is, hoe kan ik dat dan verwijderen?

    Mijn computer draait onder Windows 7 Home Premium, 64 bits.
  • Draai malwarebytes antimalware en laat alle gevonden besmettingen verwijderen. Daarna maak je een log met hijackthis aan, en plaatst deze hier tezamen met de log van mbam.
  • Hoi Hans, krijg ik het idee, dat het niet helemaal lukt bij jou?
    Dan maar hieronder het hele verhaal.

    [b:72ec96bfc3]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:72ec96bfc3]
  • Beste Abraham54,

    Alle stappen, die je aangeeft, heb ik gisteren n.a.v. de reactie van Gerben reeds uitgevoerd. De resultaten daarvan heb ik via de knop (onder zijn bericht) "Stuur privé bericht" naar hem toegestuurd. Mogelijk is daar iets mis mee gegaan, daarom hieronder het bericht dat ik hem stuurde:


    Gerben,

    Ik heb je aanwijzingen opgevolgd, d.w.z:

    = MBAM gedownload en geïnstalleerd en daarmee zowel een snelle scan als een volledige scan uitgevoerd. Beide hebben geen malware gevonden.

    = HijackThis gedownload en geïnstalleerd en een systeemscan laten maken. Tijdens deze scan kwam er de melding: "For some reason your system denied write access to the Hostfile." (de volledige tekst van deze melding heb ik hieronder ingevoegd).

    Ik weet niet hoe ik de logbestanden van MBAM en HijackThis als bijlage aan dit bericht kan voegen, daarom heb ik die tekst ook hieronder ingevoegd.

    Ik hoop dat je me verder kan helpen en wacht je bericht af. Bij voorbaat dank.

    Hans Klopper


    ———————————————————————————–
    LOGBESTAND VAN SNELLE SCAN: mbam-log-2011-12-30 (15-05-52).txt
    ———————————————————————————–
    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Databaseversie: v2011.12.30.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Hans :: SONY-VAIO [administrator]

    30-12-2011 15:05:52
    mbam-log-2011-12-30 (15-05-52).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 195477
    Verstreken tijd: 12 minuut/minuten, 58 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)


    ——————————————————————————–
    LOGBESTAND VAN VOLLEDIGE SCAN: mbam-log-2011-12-30 (15-26-16).txt
    ——————————————————————————–
    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Databaseversie: v2011.12.30.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Hans :: SONY-VAIO [administrator]

    30-12-2011 15:26:16
    mbam-log-2011-12-30 (15-26-16).txt

    Scantype: Volledige scan
    Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 399862
    Verstreken tijd: 1 uur/uren, 54 minuut/minuten, 16 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)


    —————————————————————————-
    MELDING VAN HIJACKTHIS TIJDES SYSTEEMSCAN
    —————————————————————————-
    For some reason your system denied write access to the Hostfile. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

    If this happens, you need to edit the file yourself. To do this, click Start, Run and type:

    notepad C:\Windows\System32\drivers\etc\hosts

    and press Enter. Find the line(s) HijackThis repeorts and delete them. Save the file as 'hosts.' (with quotes), and reboot.

    For Vista: Simply, exit HijackThis, right click on the HijackThis icon, choose 'Run as administrator'.


    —————————————————————————-
    LOGBESTAND: hijackthis (30-12-2011).txt
    —————————————————————————-
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 17:54:29, on 30-12-2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
    C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\DU Meter\DUMeter.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Sony\VAIO Care\listener.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Opslag\Programma's\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\WebFilter\AVKWebIE.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\WebFilter\AVKWebIE.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
    O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
    O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
    O23 - Service: G Data Bestandssysteembewaker (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
    O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32
    vvsvc.exe (file missing)
    O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
    O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
    O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
    O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Virtual CD v10 Management Service (VC10SecS) - H+H Software GmbH - C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
    O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
    O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 13968 bytes

    ————————————————————————–

  • Hoi Hans, de logs geven enkel aanknooppunt.
    Ik vemoed rootkitaktiviteiten.
    Daarom nu twee diepe scantools:

  • Beste Abraham54,

    Om te beginnen: De beste wensen voor 2012!!! Moge het een malware-vrij jaar worden……..

    Ik heb je aanwijzingen uitgevoerd.

    TDSSKiller verliep meteen soepeltjes. Dit programma vond twee threats, welke ik beide in quarantaine heb laten plaatsen. De inhoud van het logbestand heb ik hieronder ingevoegd.

    ComboFix gaf even wat meer problemen. Na de vermelding "Voltooid Deel_4" bleef ComboFix hangen, mogelijk omdat ik toch de nog op mijn computer aanwezige testversie van G Data Antivirus niet goed had afgesloten. Daarom heb ik na herstarten van de computer eerst G Data geheel verwijderd en daarna ComboFix opnieuw opgestart. Dat verliep wel goed. De inhoud van het lograpport van ComboFix heb ik ook hieronder ingevoegd.

    Uiteindelijk is het probleem nog niet opgelost, de onbekende uploads vinden nog steeds plaats. Ik wacht je verdere adviezen dus af.

    Met vriendelijke groeten,

    Hans Klopper


    ———————————————————————————-
    LOGBESTAND: TDSSKiller.2.6.25.0_31.12.2011_12.11.35_log.txt
    ———————————————————————————-

    12:11:35.0152 2320 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
    12:11:35.0355 2320 ============================================================
    12:11:35.0355 2320 Current date / time: 2011/12/31 12:11:35.0355
    12:11:35.0355 2320 SystemInfo:
    12:11:35.0355 2320
    12:11:35.0355 2320 OS Version: 6.1.7601 ServicePack: 1.0
    12:11:35.0355 2320 Product type: Workstation
    12:11:35.0355 2320 ComputerName: SONY-VAIO
    12:11:35.0355 2320 UserName: Hans
    12:11:35.0355 2320 Windows directory: C:\Windows
    12:11:35.0355 2320 System windows directory: C:\Windows
    12:11:35.0355 2320 Running under WOW64
    12:11:35.0355 2320 Processor architecture: Intel x64
    12:11:35.0355 2320 Number of processors: 8
    12:11:35.0355 2320 Page size: 0x1000
    12:11:35.0355 2320 Boot type: Normal boot
    12:11:35.0355 2320 ============================================================
    12:11:35.0901 2320 Initialize success
    12:14:43.0710 3552 ============================================================
    12:14:43.0710 3552 Scan started
    12:14:43.0710 3552 Mode: Manual; SigCheck; TDLFS;
    12:14:43.0710 3552 ============================================================
    12:14:44.0209 3552 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    12:14:44.0786 3552 1394ohci - ok
    12:14:44.0849 3552 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    12:14:44.0880 3552 ACPI - ok
    12:14:44.0911 3552 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    12:14:44.0989 3552 AcpiPmi - ok
    12:14:45.0364 3552 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    12:14:45.0395 3552 adp94xx - ok
    12:14:45.0488 3552 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    12:14:45.0520 3552 adpahci - ok
    12:14:45.0566 3552 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    12:14:45.0598 3552 adpu320 - ok
    12:14:45.0644 3552 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    12:14:45.0707 3552 AFD - ok
    12:14:45.0738 3552 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    12:14:45.0769 3552 agp440 - ok
    12:14:45.0816 3552 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    12:14:45.0832 3552 aliide - ok
    12:14:45.0863 3552 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    12:14:45.0878 3552 amdide - ok
    12:14:45.0910 3552 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    12:14:45.0956 3552 AmdK8 - ok
    12:14:46.0003 3552 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
    12:14:46.0034 3552 AmdPPM - ok
    12:14:46.0081 3552 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    12:14:46.0112 3552 amdsata - ok
    12:14:46.0175 3552 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    12:14:46.0206 3552 amdsbs - ok
    12:14:46.0237 3552 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    12:14:46.0253 3552 amdxata - ok
    12:14:46.0315 3552 ApfiltrService (2d45f2dfbc3d8f53df7ebeffa8c9bc38) C:\Windows\system32\drivers\Apfiltr.sys
    12:14:46.0362 3552 ApfiltrService - ok
    12:14:46.0424 3552 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    12:14:46.0471 3552 AppID - ok
    12:14:46.0518 3552 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    12:14:46.0549 3552 arc - ok
    12:14:46.0580 3552 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    12:14:46.0612 3552 arcsas - ok
    12:14:46.0643 3552 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
    12:14:46.0658 3552 ArcSoftKsUFilter - ok
    12:14:46.0690 3552 Aspi32 - ok
    12:14:46.0721 3552 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    12:14:46.0783 3552 AsyncMac - ok
    12:14:46.0830 3552 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    12:14:46.0861 3552 atapi - ok
    12:14:46.0939 3552 athr (08baaa2432e81031a6c3b11ad5a67e2b) C:\Windows\system32\DRIVERS\athrx.sys
    12:14:47.0329 3552 athr - ok
    12:14:47.0454 3552 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    12:14:47.0516 3552 b06bdrv - ok
    12:14:47.0579 3552 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    12:14:47.0610 3552 b57nd60a - ok
    12:14:47.0641 3552 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    12:14:47.0672 3552 Beep - ok
    12:14:47.0719 3552 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
    12:14:47.0766 3552 blbdrive - ok
    12:14:47.0813 3552 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    12:14:47.0860 3552 bowser - ok
    12:14:47.0891 3552 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    12:14:47.0938 3552 BrFiltLo - ok
    12:14:47.0969 3552 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    12:14:48.0000 3552 BrFiltUp - ok
    12:14:48.0062 3552 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    12:14:48.0125 3552 Brserid - ok
    12:14:48.0172 3552 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    12:14:48.0203 3552 BrSerWdm - ok
    12:14:48.0234 3552 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    12:14:48.0265 3552 BrUsbMdm - ok
    12:14:48.0296 3552 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    12:14:48.0343 3552 BrUsbSer - ok
    12:14:48.0390 3552 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    12:14:48.0452 3552 BthEnum - ok
    12:14:48.0484 3552 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    12:14:48.0530 3552 BTHMODEM - ok
    12:14:48.0562 3552 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    12:14:48.0593 3552 BthPan - ok
    12:14:48.0624 3552 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
    12:14:48.0702 3552 BTHPORT - ok
    12:14:48.0749 3552 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
    12:14:48.0796 3552 BTHUSB - ok
    12:14:48.0858 3552 btwampfl (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys
    12:14:48.0889 3552 btwampfl - ok
    12:14:48.0936 3552 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys
    12:14:48.0952 3552 btwaudio - ok
    12:14:49.0186 3552 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\DRIVERS\btwavdt.sys
    12:14:49.0217 3552 btwavdt - ok
    12:14:49.0279 3552 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
    12:14:49.0310 3552 btwl2cap - ok
    12:14:49.0342 3552 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys
    12:14:49.0373 3552 btwrchid - ok
    12:14:49.0420 3552 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    12:14:49.0482 3552 cdfs - ok
    12:14:49.0544 3552 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    12:14:49.0576 3552 cdrom - ok
    12:14:49.0638 3552 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    12:14:49.0669 3552 circlass - ok
    12:14:49.0732 3552 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    12:14:49.0747 3552 CLFS - ok
    12:14:49.0810 3552 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
    12:14:49.0856 3552 CmBatt - ok
    12:14:49.0888 3552 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    12:14:49.0919 3552 cmdide - ok
    12:14:49.0966 3552 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    12:14:50.0012 3552 CNG - ok
    12:14:50.0059 3552 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
    12:14:50.0075 3552 Compbatt - ok
    12:14:50.0137 3552 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    12:14:50.0168 3552 CompositeBus - ok
    12:14:50.0200 3552 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    12:14:50.0231 3552 crcdisk - ok
    12:14:50.0246 3552 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    12:14:50.0324 3552 DfsC - ok
    12:14:50.0340 3552 DIRECTIO - ok
    12:14:50.0387 3552 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    12:14:50.0449 3552 discache - ok
    12:14:50.0480 3552 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    12:14:50.0496 3552 Disk - ok
    12:14:50.0558 3552 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    12:14:50.0574 3552 Dot4 - ok
    12:14:50.0621 3552 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
    12:14:50.0652 3552 Dot4Print - ok
    12:14:50.0668 3552 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    12:14:50.0714 3552 dot4usb - ok
    12:14:50.0746 3552 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    12:14:50.0777 3552 drmkaud - ok
    12:14:50.0839 3552 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    12:14:50.0886 3552 DXGKrnl - ok
    12:14:50.0948 3552 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    12:14:51.0307 3552 ebdrv - ok
    12:14:51.0401 3552 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    12:14:51.0448 3552 elxstor - ok
    12:14:51.0479 3552 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    12:14:51.0526 3552 ErrDev - ok
    12:14:51.0588 3552 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    12:14:51.0635 3552 exfat - ok
    12:14:51.0666 3552 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    12:14:51.0713 3552 fastfat - ok
    12:14:51.0728 3552 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    12:14:51.0760 3552 fdc - ok
    12:14:51.0806 3552 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    12:14:51.0822 3552 FileInfo - ok
    12:14:51.0853 3552 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    12:14:51.0900 3552 Filetrace - ok
    12:14:51.0931 3552 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    12:14:51.0962 3552 flpydisk - ok
    12:14:51.0994 3552 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    12:14:52.0025 3552 FltMgr - ok
    12:14:52.0056 3552 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    12:14:52.0072 3552 FsDepends - ok
    12:14:52.0103 3552 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    12:14:52.0118 3552 Fs_Rec - ok
    12:14:52.0165 3552 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    12:14:52.0196 3552 fvevol - ok
    12:14:52.0228 3552 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    12:14:52.0259 3552 gagp30kx - ok
    12:14:52.0290 3552 GDBehave (70f2b7c787602c857525fd1939ef680a) C:\Windows\system32\drivers\GDBehave.sys
    12:14:52.0306 3552 GDBehave - ok
    12:14:52.0337 3552 GDMnIcpt (185b4958bf8ccc6ffa0eea5c0e7f65f6) C:\Windows\system32\drivers\MiniIcpt.sys
    12:14:52.0352 3552 GDMnIcpt - ok
    12:14:52.0384 3552 GdNetMon (6ed8137eb1767a9e4c94db894793b37d) C:\Windows\system32\drivers\GdNetMon64.sys
    12:14:52.0415 3552 GdNetMon - ok
    12:14:52.0446 3552 GDPkIcpt (a7dbc5e8767e70dbf59114f826d4b1b6) C:\Windows\system32\drivers\PktIcpt.sys
    12:14:52.0462 3552 GDPkIcpt - ok
    12:14:52.0508 3552 gdwfpcd (a59e3e53fa5ba6355a300b31782d2e34) C:\Windows\system32\drivers\gdwfpcd64.sys
    12:14:52.0524 3552 gdwfpcd - ok
    12:14:52.0586 3552 GRD (c86f45014c5d096d0e40e098d5e6947e) C:\Windows\system32\drivers\GRD.sys
    12:14:52.0618 3552 GRD - ok
    12:14:52.0680 3552 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    12:14:52.0742 3552 hcw85cir - ok
    12:14:52.0774 3552 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    12:14:52.0836 3552 HdAudAddService - ok
    12:14:52.0883 3552 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    12:14:52.0914 3552 HDAudBus - ok
    12:14:52.0961 3552 HH10Help.sys (62fb29642745dd290910bfd79537fce0) C:\Windows\system32\drivers\HH10Help.sys
    12:14:53.0054 3552 HH10Help.sys - ok
    12:14:53.0148 3552 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    12:14:53.0195 3552 HidBatt - ok
    12:14:53.0242 3552 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    12:14:53.0288 3552 HidBth - ok
    12:14:53.0320 3552 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    12:14:53.0366 3552 HidIr - ok
    12:14:53.0413 3552 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    12:14:53.0460 3552 HidUsb - ok
    12:14:53.0507 3552 HookCentre (3bcb98418bf3cffb152109d3b10b1c85) C:\Windows\system32\drivers\HookCentre.sys
    12:14:53.0522 3552 HookCentre - ok
    12:14:53.0569 3552 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    12:14:53.0600 3552 HpSAMD - ok
    12:14:53.0663 3552 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    12:14:53.0725 3552 HTTP - ok
    12:14:53.0756 3552 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    12:14:53.0772 3552 hwpolicy - ok
    12:14:53.0803 3552 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    12:14:53.0834 3552 i8042prt - ok
    12:14:53.0866 3552 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\drivers\iaStor.sys
    12:14:53.0897 3552 iaStor - ok
    12:14:53.0928 3552 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    12:14:53.0975 3552 iaStorV - ok
    12:14:54.0022 3552 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    12:14:54.0037 3552 iirsp - ok
    12:14:54.0100 3552 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\drivers\Impcd.sys
    12:14:54.0162 3552 Impcd - ok
    12:14:54.0240 3552 IntcAzAudAddService (526e482afb586cb1cdd687869decf686) C:\Windows\system32\drivers\RTKVHD64.sys
    12:14:54.0318 3552 IntcAzAudAddService - ok
    12:14:54.0349 3552 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    12:14:54.0365 3552 intelide - ok
    12:14:54.0412 3552 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
    12:14:54.0443 3552 intelppm - ok
    12:14:54.0505 3552 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    12:14:54.0568 3552 IpFilterDriver - ok
    12:14:54.0599 3552 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    12:14:54.0630 3552 IPMIDRV - ok
    12:14:54.0661 3552 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    12:14:54.0724 3552 IPNAT - ok
    12:14:54.0755 3552 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    12:14:54.0802 3552 IRENUM - ok
    12:14:54.0848 3552 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    12:14:54.0880 3552 isapnp - ok
    12:14:54.0895 3552 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    12:14:54.0926 3552 iScsiPrt - ok
    12:14:55.0051 3552 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    12:14:55.0082 3552 kbdclass - ok
    12:14:55.0238 3552 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    12:14:55.0285 3552 kbdhid - ok
    12:14:55.0332 3552 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    12:14:55.0363 3552 KSecDD - ok
    12:14:55.0410 3552 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    12:14:55.0441 3552 KSecPkg - ok
    12:14:55.0488 3552 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    12:14:55.0550 3552 ksthunk - ok
    12:14:55.0597 3552 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    12:14:55.0660 3552 lltdio - ok
    12:14:55.0706 3552 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    12:14:55.0738 3552 LSI_FC - ok
    12:14:55.0784 3552 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    12:14:55.0816 3552 LSI_SAS - ok
    12:14:55.0847 3552 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    12:14:55.0878 3552 LSI_SAS2 - ok
    12:14:55.0909 3552 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    12:14:55.0940 3552 LSI_SCSI - ok
    12:14:55.0972 3552 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    12:14:56.0034 3552 luafv - ok
    12:14:56.0081 3552 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    12:14:56.0096 3552 megasas - ok
    12:14:56.0143 3552 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    12:14:56.0174 3552 MegaSR - ok
    12:14:56.0206 3552 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    12:14:56.0252 3552 Modem - ok
    12:14:56.0299 3552 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    12:14:56.0330 3552 monitor - ok
    12:14:56.0393 3552 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    12:14:56.0408 3552 mouclass - ok
    12:14:56.0455 3552 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    12:14:56.0486 3552 mouhid - ok
    12:14:56.0549 3552 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    12:14:56.0580 3552 mountmgr - ok
    12:14:56.0627 3552 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    12:14:56.0658 3552 mpio - ok
    12:14:56.0689 3552 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    12:14:56.0736 3552 mpsdrv - ok
    12:14:56.0798 3552 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    12:14:56.0830 3552 MRxDAV - ok
    12:14:56.0876 3552 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    12:14:56.0923 3552 mrxsmb - ok
    12:14:57.0001 3552 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    12:14:57.0079 3552 mrxsmb10 - ok
    12:14:57.0235 3552 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    12:14:57.0282 3552 mrxsmb20 - ok
    12:14:57.0329 3552 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    12:14:57.0360 3552 msahci - ok
    12:14:57.0422 3552 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    12:14:57.0438 3552 msdsm - ok
    12:14:57.0500 3552 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    12:14:57.0547 3552 Msfs - ok
    12:14:57.0578 3552 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    12:14:57.0625 3552 mshidkmdf - ok
    12:14:57.0656 3552 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    12:14:57.0688 3552 msisadrv - ok
    12:14:57.0734 3552 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    12:14:57.0781 3552 MSKSSRV - ok
    12:14:57.0828 3552 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    12:14:57.0875 3552 MSPCLOCK - ok
    12:14:57.0906 3552 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    12:14:57.0968 3552 MSPQM - ok
    12:14:58.0015 3552 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    12:14:58.0046 3552 MsRPC - ok
    12:14:58.0078 3552 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    12:14:58.0109 3552 mssmbios - ok
    12:14:58.0124 3552 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    12:14:58.0187 3552 MSTEE - ok
    12:14:58.0218 3552 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    12:14:58.0249 3552 MTConfig - ok
    12:14:58.0296 3552 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    12:14:58.0327 3552 Mup - ok
    12:14:58.0374 3552 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS
    wifi.sys
    12:14:58.0421 3552 NativeWifiP - ok
    12:14:58.0468 3552 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers
    dis.sys
    12:14:58.0499 3552 NDIS - ok
    12:14:58.0530 3552 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS
    discap.sys
    12:14:58.0577 3552 NdisCap - ok
    12:14:58.0624 3552 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS
    distapi.sys
    12:14:58.0670 3552 NdisTapi - ok
    12:14:58.0702 3552 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS
    disuio.sys
    12:14:58.0748 3552 Ndisuio - ok
    12:14:58.0795 3552 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS
    diswan.sys
    12:14:58.0858 3552 NdisWan - ok
    12:14:58.0889 3552 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    12:14:58.0951 3552 NDProxy - ok
    12:14:59.0092 3552 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS
    etbios.sys
    12:14:59.0154 3552 NetBIOS - ok
    12:14:59.0310 3552 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS
    etbt.sys
    12:14:59.0341 3552 NetBT - ok
    12:14:59.0528 3552 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
    12:14:59.0825 3552 NETw5s64 - ok
    12:14:59.0887 3552 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers
    frd960.sys
    12:14:59.0903 3552 nfrd960 - ok
    12:14:59.0950 3552 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    12:14:59.0996 3552 Npfs - ok
    12:15:00.0012 3552 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers
    siproxy.sys
    12:15:00.0059 3552 nsiproxy - ok
    12:15:00.0121 3552 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    12:15:00.0230 3552 Ntfs - ok
    12:15:00.0246 3552 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    12:15:00.0293 3552 Null - ok
    12:15:00.0340 3552 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS
    usb3hub.sys
    12:15:00.0371 3552 nusb3hub - ok
    12:15:00.0402 3552 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\drivers
    usb3xhc.sys
    12:15:00.0418 3552 nusb3xhc - ok
    12:15:00.0464 3552 NVHDA (a842341ef3c702ef8208e610be0fd1d9) C:\Windows\system32\drivers
    vhda64v.sys
    12:15:00.0480 3552 NVHDA - ok
    12:15:00.0683 3552 nvlddmkm (b4402e1d61a3015fc29bef94bb1c81fd) C:\Windows\system32\DRIVERS
    vlddmkm.sys
    12:15:00.0854 3552 nvlddmkm - ok
    12:15:00.0901 3552 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers
    vraid.sys
    12:15:00.0932 3552 nvraid - ok
    12:15:00.0948 3552 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers
    vstor.sys
    12:15:01.0010 3552 nvstor - ok
    12:15:01.0182 3552 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers
    v_agp.sys
    12:15:01.0213 3552 nv_agp - ok
    12:15:01.0260 3552 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    12:15:01.0307 3552 ohci1394 - ok
    12:15:01.0354 3552 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
    12:15:01.0385 3552 Parport - ok
    12:15:01.0416 3552 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    12:15:01.0432 3552 partmgr - ok
    12:15:01.0478 3552 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    12:15:01.0510 3552 pci - ok
    12:15:01.0525 3552 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    12:15:01.0541 3552 pciide - ok
    12:15:01.0588 3552 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
    12:15:01.0619 3552 pcmcia - ok
    12:15:01.0634 3552 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    12:15:01.0666 3552 pcw - ok
    12:15:01.0697 3552 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    12:15:01.0790 3552 PEAUTH - ok
    12:15:01.0884 3552 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    12:15:01.0946 3552 PptpMiniport - ok
    12:15:01.0978 3552 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    12:15:02.0009 3552 Processor - ok
    12:15:02.0056 3552 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    12:15:02.0087 3552 Psched - ok
    12:15:02.0134 3552 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
    12:15:02.0165 3552 PxHlpa64 - ok
    12:15:02.0212 3552 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    12:15:02.0305 3552 ql2300 - ok
    12:15:02.0321 3552 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    12:15:02.0352 3552 ql40xx - ok
    12:15:02.0383 3552 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    12:15:02.0430 3552 QWAVEdrv - ok
    12:15:02.0461 3552 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    12:15:02.0524 3552 RasAcd - ok
    12:15:02.0555 3552 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    12:15:02.0602 3552 RasAgileVpn - ok
    12:15:02.0648 3552 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    12:15:02.0695 3552 Rasl2tp - ok
    12:15:02.0726 3552 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    12:15:02.0773 3552 RasPppoe - ok
    12:15:02.0804 3552 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    12:15:02.0851 3552 RasSstp - ok
    12:15:02.0898 3552 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    12:15:03.0007 3552 rdbss - ok
    12:15:03.0038 3552 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
    12:15:03.0085 3552 rdpbus - ok
    12:15:03.0132 3552 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    12:15:03.0194 3552 RDPCDD - ok
    12:15:03.0272 3552 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    12:15:03.0319 3552 RDPENCDD - ok
    12:15:03.0350 3552 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    12:15:03.0397 3552 RDPREFMP - ok
    12:15:03.0444 3552 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    12:15:03.0491 3552 RDPWD - ok
    12:15:03.0538 3552 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    12:15:03.0569 3552 rdyboost - ok
    12:15:03.0600 3552 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
    12:15:03.0616 3552 regi - ok
    12:15:03.0662 3552 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    12:15:03.0709 3552 RFCOMM - ok
    12:15:03.0772 3552 rimspci (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\drivers\rimssne64.sys
    12:15:03.0818 3552 rimspci - ok
    12:15:03.0865 3552 risdsnpe (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\drivers\risdsne64.sys
    12:15:03.0912 3552 risdsnpe - ok
    12:15:03.0943 3552 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    12:15:03.0990 3552 rspndr - ok
    12:15:04.0021 3552 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    12:15:04.0037 3552 sbp2port - ok
    12:15:04.0068 3552 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    12:15:04.0115 3552 scfilter - ok
    12:15:04.0177 3552 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
    12:15:04.0208 3552 sdbus - ok
    12:15:04.0255 3552 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    12:15:04.0302 3552 secdrv - ok
    12:15:04.0364 3552 Ser2pl (ef7b5ec21e7c0f6e4237424a41fa720e) C:\Windows\system32\DRIVERS\ser2pl64.sys
    12:15:04.0427 3552 Ser2pl - ok
    12:15:04.0458 3552 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    12:15:04.0489 3552 Serenum - ok
    12:15:04.0505 3552 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
    12:15:04.0536 3552 Serial - ok
    12:15:04.0583 3552 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    12:15:04.0614 3552 sermouse - ok
    12:15:04.0661 3552 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
    12:15:04.0708 3552 SFEP - ok
    12:15:04.0754 3552 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    12:15:04.0817 3552 sffdisk - ok
    12:15:04.0832 3552 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    12:15:04.0864 3552 sffp_mmc - ok
    12:15:04.0879 3552 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    12:15:04.0910 3552 sffp_sd - ok
    12:15:04.0942 3552 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    12:15:04.0957 3552 sfloppy - ok
    12:15:05.0004 3552 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
    12:15:05.0035 3552 SiSRaid2 - ok
    12:15:05.0051 3552 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
    12:15:05.0082 3552 SiSRaid4 - ok
    12:15:05.0113 3552 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    12:15:05.0160 3552 Smb - ok
    12:15:05.0207 3552 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    12:15:05.0222 3552 spldr - ok
    12:15:05.0269 3552 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    12:15:05.0332 3552 srv - ok
    12:15:05.0363 3552 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    12:15:05.0425 3552 srv2 - ok
    12:15:05.0456 3552 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    12:15:05.0503 3552 srvnet - ok
    12:15:05.0534 3552 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    12:15:05.0566 3552 stexstor - ok
    12:15:05.0612 3552 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    12:15:05.0644 3552 swenum - ok
    12:15:05.0706 3552 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    12:15:05.0846 3552 Tcpip - ok
    12:15:05.0909 3552 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    12:15:05.0940 3552 TCPIP6 - ok
    12:15:05.0987 3552 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    12:15:06.0034 3552 tcpipreg - ok
    12:15:06.0080 3552 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    12:15:06.0127 3552 TDPIPE - ok
    12:15:06.0143 3552 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    12:15:06.0190 3552 TDTCP - ok
    12:15:06.0221 3552 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    12:15:06.0268 3552 tdx - ok
    12:15:06.0283 3552 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    12:15:06.0314 3552 TermDD - ok
    12:15:06.0361 3552 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    12:15:06.0408 3552 tssecsrv - ok
    12:15:06.0470 3552 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    12:15:06.0517 3552 TsUsbFlt - ok
    12:15:06.0548 3552 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    12:15:06.0595 3552 tunnel - ok
    12:15:06.0626 3552 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    12:15:06.0658 3552 uagp35 - ok
    12:15:06.0689 3552 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    12:15:06.0751 3552 udfs - ok
    12:15:06.0798 3552 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    12:15:06.0829 3552 uliagpkx - ok
    12:15:06.0860 3552 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    12:15:06.0892 3552 umbus - ok
    12:15:06.0923 3552 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    12:15:06.0954 3552 UmPass - ok
    12:15:07.0032 3552 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys
    12:15:07.0063 3552 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
    12:15:07.0063 3552 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
    12:15:07.0110 3552 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    12:15:07.0141 3552 usbccgp - ok
    12:15:07.0172 3552 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    12:15:07.0219 3552 usbcir - ok
    12:15:07.0250 3552 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    12:15:07.0282 3552 usbehci - ok
    12:15:07.0313 3552 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    12:15:07.0360 3552 usbhub - ok
    12:15:07.0406 3552 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    12:15:07.0438 3552 usbohci - ok
    12:15:07.0484 3552 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    12:15:07.0500 3552 usbprint - ok
    12:15:07.0531 3552 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    12:15:07.0562 3552 usbscan - ok
    12:15:07.0609 3552 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
    12:15:07.0640 3552 USBSTOR - ok
    12:15:07.0656 3552 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    12:15:07.0687 3552 usbuhci - ok
    12:15:07.0734 3552 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    12:15:07.0781 3552 usbvideo - ok
    12:15:07.0828 3552 vcd10bus (f0faf3fb9b138f8cafb65ecffe9f4ab6) C:\Windows\system32\DRIVERS\vcd10bus.sys
    12:15:07.0843 3552 vcd10bus - ok
    12:15:07.0843 3552 Suspicious service (NoAccess): vdrv1000
    12:15:07.0874 3552 vdrv1000 (f0ecf990b3de8842e948279af31cc4e5) C:\Windows\system32\DRIVERS\vdrv1000.sys
    12:15:07.0890 3552 vdrv1000 ( LockedService.Multi.Generic ) - warning
    12:15:07.0890 3552 vdrv1000 - detected LockedService.Multi.Generic (1)
    12:15:07.0952 3552 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    12:15:07.0968 3552 vdrvroot - ok
    12:15:08.0015 3552 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    12:15:08.0046 3552 vga - ok
    12:15:08.0077 3552 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    12:15:08.0140 3552 VgaSave - ok
    12:15:08.0186 3552 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    12:15:08.0218 3552 vhdmp - ok
    12:15:08.0264 3552 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    12:15:08.0296 3552 viaide - ok
    12:15:08.0327 3552 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    12:15:08.0358 3552 volmgr - ok
    12:15:08.0389 3552 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    12:15:08.0420 3552 volmgrx - ok
    12:15:08.0452 3552 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    12:15:08.0483 3552 volsnap - ok
    12:15:08.0530 3552 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    12:15:08.0561 3552 vsmraid - ok
    12:15:08.0576 3552 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    12:15:08.0608 3552 vwifibus - ok
    12:15:08.0639 3552 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    12:15:08.0686 3552 vwififlt - ok
    12:15:08.0717 3552 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    12:15:08.0748 3552 vwifimp - ok
    12:15:08.0779 3552 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
    12:15:08.0826 3552 WacomPen - ok
    12:15:08.0857 3552 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    12:15:08.0920 3552 WANARP - ok
    12:15:08.0935 3552 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    12:15:08.0966 3552 Wanarpv6 - ok
    12:15:09.0029 3552 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    12:15:09.0044 3552 Wd - ok
    12:15:09.0076 3552 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    12:15:09.0138 3552 Wdf01000 - ok
    12:15:09.0185 3552 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    12:15:09.0232 3552 WfpLwf - ok
    12:15:09.0247 3552 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    12:15:09.0278 3552 WIMMount - ok
    12:15:09.0341 3552 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    12:15:09.0372 3552 WmiAcpi - ok
    12:15:09.0419 3552 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    12:15:09.0466 3552 ws2ifsl - ok
    12:15:09.0512 3552 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    12:15:09.0559 3552 WudfPf - ok
    12:15:09.0590 3552 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    12:15:09.0637 3552 WUDFRd - ok
    12:15:09.0684 3552 yukonw7 (5250193ef8e173aa7491250f00eb367f) C:\Windows\system32\DRIVERS\yk62x64.sys
    12:15:09.0715 3552 yukonw7 - ok
    12:15:09.0746 3552 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    12:15:10.0012 3552 \Device\Harddisk0\DR0 - ok
    12:15:10.0027 3552 MBR (0x1B8) (bbb0a0725ad66f38b1a32135f3cb55d6) \Device\Harddisk1\DR1
    12:15:10.0199 3552 \Device\Harddisk1\DR1 - ok
    12:15:10.0199 3552 Boot (0x1200) (8fb42c00be2d69241fc6ff414b3c5fc7) \Device\Harddisk0\DR0\Partition0
    12:15:10.0199 3552 \Device\Harddisk0\DR0\Partition0 - ok
    12:15:10.0230 3552 Boot (0x1200) (db8e38f36d053343003ee3999426d0e6) \Device\Harddisk0\DR0\Partition1
    12:15:10.0230 3552 \Device\Harddisk0\DR0\Partition1 - ok
    12:15:10.0246 3552 Boot (0x1200) (f3a43cd4c3d0fe44acfefd746ac905f5) \Device\Harddisk1\DR1\Partition0
    12:15:10.0246 3552 \Device\Harddisk1\DR1\Partition0 - ok
    12:15:10.0246 3552 ============================================================
    12:15:10.0246 3552 Scan finished
    12:15:10.0246 3552 ============================================================
    12:15:10.0246 5460 Detected object count: 2
    12:15:10.0246 5460 Actual detected object count: 2
    12:20:53.0181 5460 C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys - copied to quarantine
    12:20:53.0197 5460 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    12:20:53.0353 5460 C:\Windows\system32\DRIVERS\vdrv1000.sys - copied to quarantine
    12:20:53.0353 5460 vdrv1000 ( LockedService.Multi.Generic ) - User select action: Quarantine
    12:25:05.0589 3804 Deinitialize success


    ———————————————————————————-
    LOGBESTAND: ComboFix (lograpport 1-1-2012, 13.53).txt
    ———————————————————————————-

    ComboFix 11-12-31.02 - Hans 01-01-2012 13:53:31.2.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.6125.4486 [GMT 1:00]
    Gestart vanuit: c:\users\Hans\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\windows\IsUn0413.exe
    c:\windows\system32\java.exe
    I:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ——-\Legacy_KXESCORE
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-12-01 to 2012-01-01 ))))))))))))))))))))))))))))))
    .
    .
    2012-01-01 12:58 . 2012-01-01 12:58 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-12-31 14:15 . 2011-12-31 14:15 508647 —-a-w- c:\windows\SysWow64\sig.bin
    2011-12-31 11:20 . 2011-12-31 11:20 ——– d—–w- C:\TDSSKiller_Quarantine
    2011-12-30 16:35 . 2011-12-30 16:35 388096 —-a-r- c:\users\Hans\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-12-30 16:35 . 2011-12-30 16:35 ——– d—–w- c:\program files (x86)\Trend Micro
    2011-12-30 13:59 . 2011-12-30 13:59 ——– d—–w- c:\users\Hans\AppData\Roaming\Malwarebytes
    2011-12-30 13:57 . 2011-12-30 13:57 ——– d—–w- c:\programdata\Malwarebytes
    2011-12-30 13:57 . 2011-12-30 13:57 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-12-30 13:57 . 2011-12-10 14:24 23152 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-30 09:08 . 2011-11-30 01:21 8822856 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{85CF38B6-542F-4783-BADA-89B8186E26F3}\mpengine.dll
    2011-12-29 14:30 . 2011-12-29 14:30 106488 —-a-w- c:\windows\system32\drivers\GRD.sys
    2011-12-29 14:04 . 2011-12-29 14:26 59256 —-a-w- c:\windows\system32\drivers\PktIcpt.sys
    2011-12-29 14:03 . 2011-12-29 14:26 50552 —-a-w- c:\windows\system32\drivers\GDBehave.sys
    2011-12-29 14:03 . 2011-12-29 14:26 111992 —-a-w- c:\windows\system32\drivers\MiniIcpt.sys
    2011-12-29 14:03 . 2011-12-29 14:26 65912 —-a-w- c:\windows\system32\drivers\gdwfpcd64.sys
    2011-12-29 14:03 . 2012-01-01 12:09 ——– d—–w- c:\programdata\G DATA
    2011-12-29 14:03 . 2012-01-01 12:09 ——– d—–w- c:\program files (x86)\Common Files\G Data
    2011-12-29 14:03 . 2011-12-29 14:03 ——– d—–w- c:\program files (x86)\G Data
    2011-12-29 13:57 . 2011-12-29 13:57 ——– d—–w- c:\users\Hans\AppData\Local\Downloaded Installations
    2011-12-25 10:21 . 2011-12-25 10:21 ——– d—–w- c:\users\Hans\AppData\Roaming\dvdcss
    2011-12-15 08:24 . 2011-10-26 05:21 43520 —-a-w- c:\windows\system32\csrsrv.dll
    2011-12-15 08:24 . 2011-11-24 04:52 3145216 —-a-w- c:\windows\system32\win32k.sys
    2011-12-15 08:24 . 2011-10-15 06:31 723456 —-a-w- c:\windows\system32\EncDec.dll
    2011-12-15 08:24 . 2011-10-15 05:38 534528 —-a-w- c:\windows\SysWow64\EncDec.dll
    2011-12-15 08:24 . 2011-11-05 05:32 2048 —-a-w- c:\windows\system32\tzres.dll
    2011-12-15 08:24 . 2011-11-05 04:26 2048 —-a-w- c:\windows\SysWow64\tzres.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-01 10:59 . 2011-07-19 19:44 1890 –sha-w- c:\programdata\KGyGaAvL.sys
    2011-12-02 14:25 . 2011-11-01 10:44 414368 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-15 13:29 . 2011-07-18 09:15 270720 ——w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
    "UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
    "VC10Player"="c:\program files (x86)\Virtual CD v10\System\VC10Play.exe" [2011-10-19 411976]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "DU Meter"="c:\program files (x86)\DU Meter\DUMeter.exe" [2004-08-25 1465856]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "QuickFinder Scheduler"="c:\program files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE" [2009-06-22 83232]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224]
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 136176]
    R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
    R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 DIRECTIO;DIRECTIO;d:\burnintest\DirectIo.sys [x]
    R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 136176]
    R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [x]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
    R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-20 108400]
    R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
    R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-20 67952]
    R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-06 304496]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
    R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
    R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-05-31 1250160]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
    S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
    S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
    S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
    S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
    S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-21 575856]
    S2 VC10SecS;Virtual CD v10 Management Service;c:\program files (x86)\Virtual CD v10\System\VC10SecS.exe [2011-05-20 144712]
    S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-06-08 836608]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS
    usb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers
    usb3xhc.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers
    vhda64v.sys [x]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
    S3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
    2010-11-20 12:17 302592 —-a-w- c:\windows\System32\cmd.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 19:00]
    .
    2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 19:00]
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-21 10775584]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-06-21 2040352]
    "combofix"="c:\combofix\CF12071.3XE" [2010-11-20 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki… - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Wow6432Node-HKLM-Run-G Data AntiVirus Tray Application - c:\program files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
    HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
    AddRemove-De Nationale Stratengids - c:\windows\IsUn0413.exe
    AddRemove-WN Wereld@tlas - c:\windows\IsUn0413.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrv1000]
    "ImagePath"="system32\DRIVERS\vdrv1000.sys"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{25A785AE-3892-CA84-EA9A006458EDF41F}\{C494D2DB-9D8B-1943-CDB4B7EB0238E0C7}\{76739E62-5E8B-35F4-1BE90E5C477012C5}*]
    "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,48,9a,ae,
    65,ac,f0,92,28,a7,ce,4d,e9,42,73,e6,ca,2e,d2,80,1d,39,a8,06,dd,9a,9f,9c,fe,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{4D36E769-B7A1-49B0-7FF57AC1710650DC}\{A2C50D74-0103-0472-B4B4032F319B5A49}\{CF55CBC2-03B6-AE3E-9F7994016B214C0B}*]
    "DIT6ZOM5B14NHYLTYZ22F3XEBE1"=hex:01,00,01,00,00,00,00,00,5d,66,f6,5e,7f,dc,c5,
    51,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{58108EA6-F0F8-838F-6C2A403DB017DCAF}\{7C3918A7-E77A-99CB-B21F6D376FB586C0}\{5E9787CE-D944-C377-C12E117E9C86E636}*]
    "ICNI5VY1JTL2UXKQCRTPNVJUTD1"=hex:01,00,01,00,00,00,00,00,f5,7a,de,ba,99,33,75,
    a0,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{7DD3F40A-D355-6812-5F38C6DF25C81416}\{ABD6C561-23A4-DB1A-8071BFAD90F4BBA7}\{44979372-8107-77C6-62A4A40E954B2869}*]
    "U4FYAKSJ5VM3GJXQTXJWACGIRB1"=hex:01,00,01,00,00,00,00,00,e3,ea,75,7b,b7,8d,ae,
    78,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{7FA7DB51-4296-4DCE-E915E900AF1A706F}\{6ECD6E35-CD02-B6E7-116E97829ECA1B77}\{2BCFFA55-7302-F76B-60625DCE35F7A6E2}*]
    "C1DOCMZEVQCFRZOX1JFAECQ4JG1"=hex:01,00,01,00,00,00,00,00,d2,ea,71,f8,77,b8,d3,
    8a,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A31F0760-3CAF-40FF-C311EB15E667F290}\{E2D01E6A-D52B-9055-85F4CB9FDFA44017}\{62A48FA1-2175-E3E4-19BA4655EA387446}*]
    "CE4J2XQRGMR1PZTVDBUFMHVOGA1"=hex:01,00,01,00,00,00,00,00,cc,fe,5c,3b,ff,b3,38,
    11,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4A5C981-2676-291A-32EFD4032EA8E33A}\{919E04ED-9AED-1E96-6948A9B454B0D1AB}\{B9D741B0-7F58-31BD-F6CE842C649F7BA8}*]
    "IA4KYCR425UAONYGOGVOJRXUKE1"=hex:01,00,01,00,00,00,00,00,c9,ed,d6,8a,32,72,87,
    59,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
    c:\windows\SysWOW64\DllHost.exe
    c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    c:\program files\Sony\VAIO Care\VCSpt.exe
    c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\Sony\VAIO Care\listener.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-01-01 14:07:08 - machine werd herstart
    ComboFix-quarantined-files.txt 2012-01-01 13:07
    .
    Pre-Run: 322.774.462.464 bytes beschikbaar
    Post-Run: 324.671.623.168 bytes beschikbaar
    .
    - - End Of File - - FEB9F5D827F00E07343FB966F5EFC0F9



















  • Hallo Hans, ook voor jou de beste wensen natuurlijk.
    Ik ben alleen bang dat het wat malware betreft voor Windows nog weer een slechter jaar gaat worden.

    Hoe heeft jouw Windows gereageerd op de fixes?

    Welk tool gebruik jij trouwens om up- en download gegevens te verkrijgen?
    Ik gebruik zelf [b:f28c9b2ee3]NetSpeedMonitor[/b:f28c9b2ee3], dat als werkbalk in de taakbalk continu de gegevens over up- en download geeft.

    Info en download: http://www.floriangilles.com/software/netspeedmonitor
  • Abraham54,

    Nadat ik vanmiddag jou geïnformeerd had over de toepassingen van TDSSKiller en ComboFix, heb ik eerst weer AVG en Ad-Aware geïnstalleerd, zodat ik weer (zo veel mogelijk) veilig ben. Windows heeft dit allemaal prima verwerkt. Ik heb nog geen gekke dingen ervaren na de fixes. En zoals ik al mededeelde, is de onbekende upload ook nog steeds aanwezig.

    Ik gebruik al jaren (sinds 2004?) het programmaatje DU Meter (van Hagel Technologies; versie 3.07, build 192). Zowel op mijn Sony-laptop (waar de onbekende uploads optreden) als op een Samsung-netbook (waarop ik géén problemen met de onbekende upload heb).

    Hans
  • In diverse firewalls kun je wel zien welke processen er precies verbinding maken en hoeveel data ze versturen. Verder kun je eens nagaan, of je verschillende software geïnstalleerd hebt op beide computers. Dan per verschil nagaan, of de betrokken processen voor dataverkeer zorgen. Er zijn diverse programma's die feedback sturen naar de makers ervan. Je zou dat per geïnstalleerd programma eens kunnen afchecken.
  • [quote:12aed22e90="hansklopper"]Abraham54,

    Nadat ik vanmiddg jouw geïnformeerd had over de toepassingen van TDSSKiller en ComboFix, heb ik eerst weer AVG en Ad-Aware geïnstalleerd, zodat ik weer (zo veel mogelijk) veilig ben. Windows heeft dit allemaal prima verwerkt. Ik heb nog geen gekke dingen ervaren na de fixes. En zoals ik al mededeelde, is de onbekende upload ook nog steeds aanwezig.

    Ik gebruik al jaren (sinds 2004?) het programmatje DU Meter (van Hagel Technologies; versie 3.07, build 192). Zowel op mijn Sony-laptop (waar de onbekende uploads optreden) als op een Samsung-netbook (waarop ik géén problemen met de onbekende upload heb).

    Hans[/quote:12aed22e90]


    Ik wil je wel vertellen dat behalve aan extra services je vrij weinig tot niks aan Lavasofts AdAware hebt.
    Daarvoor is de virusherkenning van dit tool te gering!


    Je mag van mij nu het volgende doen:

    [b:12aed22e90]Doe de ESET online scan (Klik).[/b:12aed22e90]
    [list:12aed22e90]
    [*:12aed22e90]Klik op de knop [b:12aed22e90]ESET Online Scanner[/b:12aed22e90]
    [*:12aed22e90]Zet een vinkje bij [b:12aed22e90]YES, I accept the Terms of Use[/b:12aed22e90]
    [*:12aed22e90]Klik op [b:12aed22e90]Start[/b:12aed22e90]
    [*:12aed22e90]Sta het ActiveX control toe om te installeren.
    [*:12aed22e90]Zet een vinkje bij de volgende opties:
    [list:12aed22e90][*:12aed22e90][b:12aed22e90]Remove found threats[/b:12aed22e90]
    [*:12aed22e90][b:12aed22e90]Scan archives[/b:12aed22e90][/list:u:12aed22e90]
    [*:12aed22e90]Klik vervolgens op [b:12aed22e90]
  • Beste Abraham54 en Gerben,

    Ik heb de ESET Online Scanner z'n werk laten doen. Deze scanner vond blijkbaar bedreigingen in de installatiebestanden van PrimoPDF en Unlocker. Zie onderstaand logbestand. Blijkbaar kun je deze programma's ook al niet vertrouwen! Helaas werd echter de veroorzaker van mijn probleem niet gevonden.

    Inmiddels heb ik nu met 8 verschillende malwarescanners mijn computer laten scannen, helaas zonder resultaat voor mijn probleem. Zitten we wel op het goede spoor?

    Op Wikipedia (http://nl.wikipedia.org/wiki/Rootkit) wordt t.a.v. rootkits vermeld: "[i:ffc517d259]Soms wanneer de rootkit verwijderd wordt, blijven de aangebrachte wijzigingen intact en meestal ondetecteerbaar. De enige wijze om er geheel zeker van te zijn dat een rootkit verwijderd is, is dan ook het formatteren en herinstalleren van het hele systeem[/i:ffc517d259]."

    Ik denk daarom dat het niet zinvol is om nog meer malwarescanners uit te proberen. Ik kan wellicht beter accepteren, dat ik mijn computer opnieuw moet formatteren en herinstalleren? Dat is weliswaar een paar dagen werk, maar dan ben ik ook van het probleem af.

    Mijn vraag aan jullie is dan wel: Is inderdaad met formatteren en herinstalleren de veroorzakende malware verdwenen? In het verleden heb ik n.l. ooit eens iets gelezen over besmetting van de bootsector, die met formatteren niet zou verdwijnen. Geldt dit nu ook nog? Welke maatregrelen moet ik nemen om na formatteren en herinstalleren weer echt een schone computer te hebben?


    Met vriendelijke groeten,

    Hans Klopper


    ———————————————————————–
    LOGBESTAND: ESET Online Scan (scanresults 1-1-2012).txt
    ———————————————————————–
    C:\Opslag\Programma's\PrimoPDF\InternationalPrimoPDF.exe Win32/OpenCandy application deleted - quarantined
    C:\Opslag\Programma's\Unlocker\Unlocker1.9.1.exe Win32/Adware.ADON application deleted - quarantined
    I:\Backup Sony\Backup Opslag\Programma's\PrimoPDF\InternationalPrimoPDF.exe Win32/OpenCandy application deleted - quarantined
    I:\Backup Sony\Backup Opslag\Programma's\Unlocker\Unlocker1.9.1.exe Win32/Adware.ADON application deleted - quarantined

    ——————————————————————————
  • Hmm, indien jij die twee setups hetzij via CNET of via Softonic hebt gedownload, dan is het duidelijk waarom Eset spyware heeft gevonden!
  • Beste Abraham54,

    Dus CNET en/of Softonic en/of Eset is niet te vertrouwen?

    Overigens zou ik graag nog een antwoord van je krijgen op twee vragen in miin bericht d.d. 3-1-2012 m.b.t. volledig formatteren en herinstalleren, te weten:
    # Is inderdaad met formatteren en herinstalleren de veroorzakende malware verdwenen?
    # In het verleden heb ik ooit eens iets gelezen over besmetting van de bootsector, die met formatteren niet zou verdwijnen. Geldt dit nu ook nog? Zo ja, welke maatregelen moet ik nemen om na formatteren en herinstalleren weer echt een schone computer te hebben?

    Ik hoop dat je die twee vragen nog wilt beantwoorden, dan kan ik verder. Bij voorbaat dank.

    Met vriendelijke groeten,

    Hans Klopper
  • Beste Gerben,

    Ik zou graag nog een antwoord van je krijgen op de vraag in miin bericht d.d. 3-1-2012 m.b.t. volledig formatteren en herinstalleren, te weten:

    # Is inderdaad met formatteren en herinstalleren de veroorzakende malware verdwenen?
    # In het verleden heb ik ooit eens iets gelezen over besmetting van de bootsector, die met formatteren niet zou verdwijnen. Geldt dit nu ook nog? Zo ja, welke maatregelen moet ik nemen om na formatteren en herinstalleren weer echt een schone computer te hebben?

    Ik hoop dat je die twee vragen nog wilt beantwoorden, dan kan ik verder. Bij voorbaat dank.

    Met vriendelijke groeten,

    Hans Klopper
  • Een verse installatie overschrijft de gehele schijf, inclusief de bootsector. Als je helemaal 100% zeker wilt zijn, kun je de schijf nog wissen met killdisk.
  • KillDisk is een oplossing maar overschrijft de MBR niet, zover ik weet.

    Veilig is ook bij herinstallatie via de setup de systeemschijf eerst te verwijderen, dan opnieuw aan te maken en vervolgens te formatteren.
    Dan heb je de zekerheid dat er een geheel nieuwe MBR is aangemaakt.
  • hansklopper ik zie dat het om een Sony Vaio computer gaat.
    Een aantal onderdelen worden ook genoemd in je HyackThis logfile.
    De vraag is of jij er na formatering een nieuw W7 systeem op wil zetten d.m.v. een Windows 7 Home schijf of met een zelf gemaakte herstelschijf toen je pc nog nieuw was of de op de D partitie staande recovery?
    Let op dat Sony op jouw pc een aantal zaken heeft geïnstalleerd die niet standaard in W7 zitten en dan denk ik ook aan drivers e.d.
    Ben je in de mogelijkheid om eerst nog een image te maken dan kun je die altijd nog terug zetten als het eventueel fout gaat.
    Vaio Care en Vaio update zouden wel een het proces kunnen zijn die op de achtergrond contact zoeken om te kijken of er aanvullingen zijn.
    Zelf heb ik een Sony Vaio VPCF11M1E laptop dus spreek uit ervaring.
    Succes.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.